5.9 Inventory of Information and Other Associated Assets
Control
An inventory of information and other associated assets, including owners, should be developed, and maintained.
Purpose
Asset management is a critical aspect of information security in an organisation. An organisation should develop and maintain an asset management system. They are recording both tangible and non-tangible assets. Tangible assets are all physical items such as PCs, laptops, printers, etc. At the same time, non-tangible assets refer to well-documented and maintained policies, procedures, and records.
Implementation Guidance
An organisation must identify all tangible and non-tangible assets within the organisation. Asset management methods and procedures differ from business to business, the organisation should adopt a suitable approach for itself. While some organisations prefer to create an asset register using basic office applications such as excel, other businesses might choose to use a more dedicated, detailed asset management software. Regardless of which method to adopt, an organisation needs to ensure that assets are recorded with appropriate details, the owner of the asset is determined, and the asset register is updated regularly. Moreover, it is crucial for an organisation that the support inventory does not contain duplicate data and that data is classified.
ISO 27001:2022
Organisational Controls
AvISO will be updating and reviewing all the information regularly, so keep us bookmarked and keep checking!
Got a question or need help? Don't hesitate to reach out to our team.
27002:2022 Related Controls
CLick to view control
If you would like to know more about ISO Standards, Certification and the value of a good management system you can add to your business we would love to hear from you: Kent: 01892 800476 | London: 02037 458 476 | info@avisoconsultancy.co.uk
