Expert Advice Community

Guest

Risk Assessment - Defining asset ownership

  Quote
Guest
Guest user Created:   Jul 13, 2020 Last commented:   Jul 13, 2020

Risk Assessment - Defining asset ownership

When defining asset ownership, would it be correct to set the company board / managers as the owners of some of the assets such as contractors or employees?

0 0

Assign topic to the user

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

Expert
Rhand Leal Jul 13, 2020

First is important to note that ISO 27001 does not prescribe who the asset owner must be, so organizations are free to define the asset owners as best fit them.

Considering that, company board/managers can be the owners of assets like contractors or employees, but as a good practice, you should consider as the asset owner the first management level with responsibility for protecting and managing the asset, because this will make the decisions about the asset faster and more effective.

For example, if the asset is a server, the owner should be the server's administrator. In the case of contractors and employees, you should consider the asset owner the HR manager

This article will provide you a further explanation about the asset owner:

These materials will also help you regarding asset owner:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 13, 2020

Jul 13, 2020

Suggested Topics

Lajvar Created:   Apr 29, 2024 ISO 27001 & 22301
Replies: 1
0 0

Risk treatment plan

Tanya S Created:   Dec 01, 2023 ISO 27001 & 22301
Replies: 1
0 0

Residual Risk Calculations