Filling templates
Assign topic to the user
Answer: The data related to "version 0.1" in the history section is only for exemplification purposes. You can change this information for your own.
2. The Risk Assessment of course is the bulk of the questions from asset owners. Some are clear such as physical equipment. Some are less obvious, for example SaaS software common these days such as CRM software, GoogleSuite, Office365 etc - do each of these get listed as a separate asset with a separate owner, or can each be listed with a central asset owner. The permutations will very rapidly end up with hundreds of assets for our 5 person company, with then thousands of Risk (by threat and vulnerability). Would you have any samples for very small start-up companies with < $1M in revenues and all assets are cloud based (SaaS, AWS, personal compute devices etc.)? I plan to do all the heavy lifting as much a s possible and will interview the other employees.
Answer: ISO 27001 does not prescribe how the inventory of assets should be developed, so you can use the organization that better fits your needs. Some suggestions are:
- Organize by SaaS provider (e.g., Google applications, Microsoft applications, etc.)
- Organize by purpose (e.g., HR applications, Collaborative applications, etc.)
The most important tip here is that you have to simplify the process by grouping similar assets.
Regarding the designation of assets owners the same applies (you can have one person responsible for all related assets, one for each asset, or a mixed approach). If several users across the company are using particular software or SaaS, then the most senior of them can be the asset owner.
About sample of assets, in this template you have a sheet with a catalogue of assets.
This article will provide you further explanation about inventory of assets:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Comment as guest or Sign in
Oct 31, 2018