Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

ISO 27001 - Risk Assessment

  Quote
Guest
Guest user Created:   Mar 04, 2021 Last commented:   Mar 04, 2021

ISO 27001 - Risk Assessment

I’m trying to keep the risk assessment as simple as possible, would it work to group sensitive applications together rather than having them treated as separate assets? For example, rather than having: accounting software, bank payment apps, and ERP software as separate assets could we just group them into sensitive software? If possible I’d like to the same approach with things like admin accounts, user accounts, sensitive digital documents, and sensitive physical documents.  In short, are we able to group assets that are alike?

1 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 04, 2021

ISO 27001 does not prescribe how to record assets, so you can group assets that share risks and still be compliant with the standard. The only point you have to pay attention to is when recording this set of assets in your risk assessment. You will have to make sure that from the "set of assets" registry you can identify all the assets that form that set, so in the event the set changes you can identify the need for a risk assessment review.  

This article will provide you a further explanation about managing assets:

These materials will also help you regarding managing assets:

Quote
1 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 04, 2021

Mar 04, 2021