Risk Assessment - Defining asset ownership
When defining asset ownership, would it be correct to set the company board / managers as the owners of some of the assets such as contractors or employees?
Assign topic to the user
First is important to note that ISO 27001 does not prescribe who the asset owner must be, so organizations are free to define the asset owners as best fit them.
Considering that, company board/managers can be the owners of assets like contractors or employees, but as a good practice, you should consider as the asset owner the first management level with responsibility for protecting and managing the asset, because this will make the decisions about the asset faster and more effective.
For example, if the asset is a server, the owner should be the server's administrator. In the case of contractors and employees, you should consider the asset owner the HR manager
This article will provide you a further explanation about the asset owner:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
These materials will also help you regarding asset owner:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jul 13, 2020