How to implement ISO 27001 Annex A 5.9 Inventory Of Information And Other Associated Assets

Рет қаралды 1,040

Күн бұрын

In this step-by-step tutorial you will learn how to implement ISO 27001 Annex A 5.9 Inventory Of Information And Other Associated Assets.
The perfect guide for beginners.
I will share tips, tricks examples and templates to so you pass the audit with ease.
Summary
ISO 27001 Annex A 5.9 Inventory Of Information And Other Associated Assets is an ISO 27001 control that requires you to ensure that you have an asset inventory and asset registers for physical assets, data assets, virtual assets and software license assets.
It is based on the principle that we cannot protect what we do not know.
Resources and Links
► Do It Yourself ISO 27001 with the Ultimate ISO 27001 Toolkit: hightable.io/p...
► Read the blog that accompanies the video: hightable.io/i...
How to implement ISO 27001 Annex A 5.9 Inventory Of Information And Other Associated Assets
This is part of the asset management process and is the requirement to have inventories of assets. You will implement it by:
1. Identify the assets you have
Identify all of the assets that you have.
2. Record the assets in an asset register
Using an appropriate asset register record all of the assets that you have
3. Maintain the asset inventory
Through the asset management process and associated processes that you will implement you will ensure that the asset inventories are fully maintained and are accurate.
SUBSCRIBE / @stuartbarker
#ISO27001 #IS27001Ninja #isms

Пікірлер

@jack_b_za6415 3 ай бұрын

So I have a question: When you say software register, as an MSSP we resell software to clients do we need to keep this as part of our software register? i.e. licenses for clients? software for clients?

@StuartBarker 3 ай бұрын

@jack_b_za6415 You can jump on a free weekly clinic or grab a 1 to 1 as hard to answer in small comments but I would expect that you have a register of all your clients, what software they have purchased, the licenses that go with that. THEY will have a requirement under the intellectual property control to evidence licensing and software and if they rely on you they will expect that you can evidence it. Which alludes to what this control is about. Do you know, in total, what you have in place for your ISO 27001 scope ( I narrow it here but really you would want to know EVERYTHING you have ). The control wants what YOU have but it clearly makes sense, based on what you tell me and the requirements your clients have that you have this for clients and what you sell also. Hope makes sense - jump on a clinic or call to chat through if you need more.