Expert Advice Community

Guest

Risk Assessment : Which assets to take into account

  Quote
Guest
Guest user Created:   Nov 26, 2021 Last commented:   Nov 26, 2021

Risk Assessment : Which assets to take into account

In the scope of our ISMS, we only focus on our SaaS platform. So in the list of assets, I'll for example consider the customers' data stored on the platform as well as all software components of our platform. But what about assets like employees' laptops ? Are they to be considered as assets, or as potential vulnerabilities as threats may use laptops vulnerabilities to access our SaaS platform and extract sensitive info?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 26, 2021

Typically, employees' laptops should be considered assets because they are used to maintain and operate your SaaS platform.

This article will provide you a further explanation about scope definition in cloud environments:
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Nov 26, 2021

Nov 26, 2021

Suggested Topics

Guest user Created:   Jan 27, 2020 ISO 27001 & 22301
Replies: 1
0 0

Asset Inventory

Guest user Created:   Nov 26, 2019 ISO 27001 & 22301
Replies: 3
0 0

Risk Assessment

Guest user Created:   May 30, 2022 ISO 27001 & 22301
Replies: 3
0 0

Risk assessment question