Expert Advice Community

Guest

People asset

  Quote
Guest
Guest user Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

People asset

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
AntonioS Jan 13, 2016

It is possible or even likely that a company would not have any people assets with respect to knowing information which is not found anywhere else? The company is about 100 people in scope? If I may be missing something, what would be the best method for determining if a person needs to be listed as an information asset?
 

Answer:

I am not sure what you mean, but generally is not possible that a company haven't people assets with critical information which is not found anywhere else. All companies have a hierarchy, and generally the top of the organization has information about the business that don’t know normal employees (neither external people). So all people –related to the scope of the ISMS- it is important for the risk assessment, so it is important to identify them in your inventory asset.
Regarding your last question, the best method for determining if a person needs to be listed as an information asset is to know is this person is affected by the scope of the ISMS (if is working in the ISMS, or has any responsibility, or ha s information about the business related with the ISMS, or perform activities related to the scope of the ISMS, etc).
Finally maybe this free webinar can be interesting for you “The basics of risk assessment and treatment according to ISO 27001” : https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016