ISO 27001 & 22301 / Risk assessment
A question about Risk Assessment: we're a small company (5 full time, 2 part-time staff). It would be simpler for us to say that the Information Security Officer is the asset owner for all assets. Is there a problem in doing that?
Please select user.
ISO 27001 RISK ASSESSMENT TABLE
Implement risk register using catalogues of vulnerabilities and threats.
Get it now
ISO 27001 does not prescribe who must be the asset owner, so you can define that the Information Security Officer is the asset owner for all assets.
These articles will provide you further explanation about asset management:- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/- Risk owners vs. asset owners in ISO 27001:2013 https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/
HTML tags are not allowed