Equipment maintenance

For ISO 27001 you can define equipment as an asset that is used to store and/or process information or to support process information facilities.

To identify equipment to be considered for information security you need to verify the ISMS scope and legal requirements (e.g., laws, regulations, and contracts) your organization must comply with. Base on the information your ISMS must protect, and in the legal requirements, you can identify equipment that must be considered for application of information security controls like A.11.2.4.

To see examples of assets, I suggest you take a look at the free demo of our Inventory of Assets, sheet "Checklist of assets", at this link: https://advisera.com/27001academy/documentation/inventory-of-assets/

Is contains examples of assets to be used in the risk assessment for ISO 27001.

These articles will provide you a further explanation about assets and equipment:

• How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
• How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 1 https://advisera.com/27001academy/blog/2016/04/18/how-to-implement-equipment-physical-protection-according-to-iso-27001-a-11-2-part-1/
• How to implement equipment physical protection according to ISO 27001 A.11.2 – Part 12https://advisera.com/27001academy/blog/2016/04/26/how-to-implement-equipment-physical-protection-according-to-iso-27001-a-11-2-part-2/