ISO 27001 & 22301 / Question about assets
Now I’ve got one concrete question about assets: what about virtual machines and docker images, are all VM’s and DI’s each just one asset or every single item?
Please select user.
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
If all VMs have the same related risks, then you can use a single asset to represent them. In case there are VMs with specific risks you can use different VM types (e.g., operational VMs, development VMs, etc.). The same concept applies to DIs.
For further infotmation, see:- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
This material can also help you:- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/- ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
HTML tags are not allowed