Is Asset register required?
Assign topic to the user
Answer: If I understood the question correctly, you're asking if Asset register is required - the answer is no, ISO 27001 does not require you to have such register.
ISO 27001 covers this topic under the control A.8.1.1 Inventory of assets - since this is a non-mandatory control, you can choose whether to apply it or not. The most common reasons for applying this control are the following:
a) You want to use the asset register for performing the risk assessment - see this article for details: How to write ISO 27001 risk assessment methodology https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/
b) You want to decrease some risks that you identified during the risk assessment - see this article: The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
c) There is a legal or regulatory requirement for you to have such register.
This a rticle may also help you: How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
Comment as guest or Sign in
Aug 03, 2016