Guest
Risk Assessment : Which assets to take into account
In the scope of our ISMS, we only focus on our SaaS platform.
So in the list of assets, I'll for example consider the customers' data stored on the platform as well as all software components of our platform.
But what about assets like employees' laptops ?
Are they to be considered as assets, or as potential vulnerabilities as threats may use laptops vulnerabilities to access our SaaS platform and extract sensitive info?
Assign topic to the user
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Rhand Leal
Nov 26, 2021
Typically, employees' laptops should be considered assets because they are used to maintain and operate your SaaS platform.
This article will provide you a further explanation about scope definition in cloud environments:
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
Comment as guest or Sign in
Nov 26, 2021
Nov 26, 2021
Nov 26, 2021