Expert Advice Community

Guest

Risk Assessment Equipment in the ICT Table

  Quote
Guest
Guest user Created:   Aug 20, 2020 Last commented:   Aug 20, 2020

Risk Assessment Equipment in the ICT Table

With regards to the Asset Name of ICT Equipment Maintenance in the Risk Assessment Table spreadsheet we purchased, should all ICT equipment be broken out individually in the risk assessment table?  Or should they be called out in the Controls Document for th ICT equipment?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 20, 2020

First is important to note that ISO 27001 does not prescribe how to identify assets, so organizations are free to identify them as best fit their needs.

Considering that, you can break the ICT Equipment Maintenance in individual assets in case of need (e.g., there is a relevant risk related to a specific asset, like measurement equipment), but please note that a good practice for asset management is to group assets together if their threats/vulnerabilities are similar (e.g., a single asset named "laptop", instead of listing all organization's laptops individually), and only adopting individual assets in case they have specific risks related to them (e.g., development laptops, sales laptop, etc.). This way you will reduce the time and effort for doing the risk assessment.

This article will provide you a further explanation about the inventory of assets:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 20, 2020

Aug 20, 2020

Suggested Topics

Guest user Created:   Mar 04, 2019 ISO 27001 & 22301
Replies: 1
0 0

Physical security

Guest user Created:   Jan 12, 2016 ISO 27001 & 22301
Replies: 1
0 0

Group of assets