Asset Management

ISO 27001 Annex A.8

A.8.1 Responsibility for assets

Objective: To identify organizational assets and define appropriate protection responsibilities.

A.8.1.1 Inventory of assets

Control
Assets associated with information and information processing facilities shall be identified and an inventory of these assets shall be drawn up and maintained.

A.8.1.2 Ownership of assets

Control
Assets maintained in the inventory shall be owned.

A.8.1.3 Acceptable use of assets

Control
Rules for the acceptable use of information and of assets associated with information and information processing facilities shall be identified, documented and implemented.

A.8.1.4 Return of assets

Control
All employees and external party users shall return all of the organizational assets in their possession upon termination of their employment, contract or agreement.

A.8.2 Information classification

Objective: To ensure that information receives an appropriate level of protection in accordance with its importance to the organization.

A.8.2.1 Classification of information

Control
Information shall be classified in terms of legal requirements, value, criticality and sensitivity to unauthorised disclosure or modification.

A.8.2.2 Labelling of information

Control
An appropriate set of procedures for information labelling shall be developed and implemented in accordance with the information classification scheme adopted by the organization.

A.8.2.3 Handling of assets

Control
Procedures for handling assets shall be developed and implemented in accordance with the information classification scheme adopted by the organization.

A.8.3 Media handling

Objective: To prevent unauthorized disclosure, modification, removal or destruction of information stored on media.

A.8.3.1 Management of removable media

Control
Procedures shall be implemented for the management of removable media in accordance with the classification scheme adopted by the organization.

A.8.3.2 Disposal of media

Control
Media shall be disposed of securely when no longer required, using formal procedures.

A.8.3.3 Physical media transfer

Control
Media containing information shall be protected against unauthorized access, misuse or corruption during transportation.

Discover how you can save time & reduce management resource using ISMS.online to achieve & maintain your ISO 27001 ISMS

The ISO 27001 Annex A Controls are listed below:

Need a set of ISO 27001 policies for your ISMS?

ISMS.online includes practical policies and controls for your organisation to easily adopt, adapt and add to, giving you a
77% head start with ISO 27001

 

Discover how you can save time & reduce management resource using ISMS.online to achieve & maintain your ISO 27001 ISMS

ISMS Online Rating: 5 out of 5
Share This