Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Who should be the asset owner

  Quote
Guest
Guest user Created:   Jul 01, 2020 Last commented:   Jul 01, 2020

Who should be the asset owner

We have purchased your ISO27001. We are at the point of creating Risk Assessment Table. We have also watched the video of this area. The 2 questions we are divided on is:

1 . A user of a laptop or computer - does the assets need to be listed separately with the individual user?

2. If yes then every user would need to be presented as a group or individually to offer feedback of risks that they feel in individual to them for that asset? Correct? Would be interested in any feedback. Thanks

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 01, 2020

1 . A user of a laptop or computer - does the assets need to be listed separately with the individual user?

ISO 27001 does no prescribe who to define asset ownership, so organizations can define it as best suits them.

In a general way, you do not need to list laptops and computers separately with individual users, because in most cases they all share the same risk. It is sufficient to list a single asset (e.g., laptop or computer), and for this asset designate a generic owner (e.g., user). Only in cases you have a specific risk you should include specific assets and owners (e.g., "finance laptop" for the asset, and "CFO" for user).

2. If yes then every user would need to be presented as a group or individually to offer feedback of risks that they feel in individual to them for that asset? Correct? Would be interested in any feedback. Thanks

For generic assets as a "laptop", you should list at least the most seasoned personnel in the organization and the key users (there is no need to list all people that have a laptop), so you can gather good feedback without much effort. For individual assets as "finance laptop," you should list the person responsible for it

This article will provide you a further explanation about asset register and risk assessment:

These materials will also help you regarding risk assessment:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 01, 2020

Jul 01, 2020

Suggested Topics

Guest user Created:   Jul 13, 2019 ISO 27001 & 22301
Replies: 1
0 0

Responsible for personnel

Guest user Created:   May 24, 2019 ISO 27001 & 22301
Replies: 1
0 0

People as asset