SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Responsibility for classifying the assets

Guest

Responsibility for classifying the assets

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Responsibility for classifying the assets

ISO 27001 & 22301
I have a question about asset inventory, who is the responsible to establish and to assign the propietario of an asset? And, In my company, the assets/information classification is:
0 0

Assign topic to the user

ISO 27001 INFORMATION CLASSIFICATION POLICY

Define the classification levels and how to protect the information.

ISO 27001 INFORMATION CLASSIFICATION POLICY

Define the classification levels and how to protect the information.
Guest
DejanK Jan 12, 2016

- PUBLIC
- PRIVATE
- SENSIBLE
- CONFIDENTIAL
the question is, who is the responsible to give this classification to the assets??

Answer: ISO 27001 standard does not prescribe the responsibility for asset classification, but the best practice is that asset owners classify their assets. This is because they are in the best position to assess how confidential or how sensitive each of their assets are.

The asset inventory itself can be compiled by Information security manager, or some other person who coordinates information security in your company.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Guest user Created:   Oct 31, 2023 ISO 27001 & 22301
Replies: 1
0 0

Question on risk register and selection of the assets
Guest user Created:   Aug 10, 2023 ISO 27001 & 22301
Replies: 1
0 0

What asset to list when Risks relate to general or high-level assets?
Guest user Created:   Jul 18, 2023 ISO 27001 & 22301
Replies: 1
0 0

Infosec responsibility for BCP from an IT perspective