Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

Question on risk register and selection of the assets

  Quote
Guest
Guest user Created:   Oct 31, 2023 Last commented:   Oct 31, 2023

Question on risk register and selection of the assets

I have a question about which assets to select in the risk register, for instance, in the IT and communication equipment category. We certify Company A, which is a subsidiary of Company B. The equipment Company A uses (server rooms, servers, desktop computers, notebooks, and small stuff) belongs to the Company B and Company A rents it. The alarm system and key cards are also provided by the Company B for the subsidiaries. Do we only select assets that are owned by Company A, or all assets that are used by Company A?

Assign topic to the user

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

Expert
Rhand Leal Oct 31, 2023

You have to include only the assets that are owned by your company that are part of the ISMS scope, i.e., the assets you control.

For further information, see:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Oct 31, 2023

Oct 31, 2023

Suggested Topics

Guest user Created:   Mar 15, 2019 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Lajvar Created:   Apr 29, 2024 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment plan