Could you please clarify the relation between having Asset management process in place and Information classification policy.
- Our Assets (Laptop, Desktop, Servers and SW license) and we have defined the full cycle in the process
- Our Information classification is mainly for documents and processes (Confidential, Restricted, Internal use)
Thus I would appreciate it if you can explain/clarify the following points:
- Do we need to classify our Assets or label it as (Confidential, Restricted, Internal use) or do we need to add another category for assets
- Do we need to classify the info on Assets !! but if Laptop (as an asset) has documents confidential and documents restricted ? in this case laptop as an asset
Is considered to be confidential or restricted ?