Get FREE 12-month access to the AI-Powered Knowledge Base worth $450
with your ISO 27001 toolkit purchase
Limited-time offer – ends June 27, 2024

Expert Advice Community

Guest

Online service

  Quote
Guest
Guest user Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

Online service

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
AntonioS Jan 13, 2016

We are performing a risk assessment currently for a client who uses salesforce. Should we list the information contained within SalesForce as an asset with potential threats and vulnerabilities?
 

Answer:

I suppose that your question is related with an online service (www.salesforce.com) , if so, from my point of view your approach can be ok for the standard, I mean, you can have an asset (salesforce), asset type: information, and identify threats and vulnerabilities related to it. You can also consider to see it as an outsourced service asset (like Dropbox or Gmail). 
For more information about the assets, threats and vulnerabilities, please read this article “ISO 27001 risk assessment: How to match assets, threats and vulnerabilities” : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/ And this article can be also interesting for you “How to handle Asse t register (Asset inventory) according to ISO 27001” : https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016