top of page
Writer's pictureJodie Read

Information Assets for ISO 27001



If you're in the process of implementing an information management system to meet the requirements of ISO 27001 then one of your major tasks is going to be the creation of the information asset register.


One of the things that we've learned over the years, is that your asset register is likely to be much bigger than you originally think!


Firstly, we need to consider some assets that aren't immediately obvious, things like:

  • Employees

  • Contractors

  • Suppliers

  • Intellectual Property (IP)

  • Branding

  • Data (which may include customer and sales data, for instance)

  • Information about the product or service that you provide (which may include product technical files or your approach to delivering your service - or in the event of providing software, it may even include the coding that allows you to deliver the service! Note that this can include paper files, as well as electronic records - and electronic records will include word, excel and other files that you hold)

In addition to these issues, there is a need to consider more physical things, and even here, we think that you'll be suprised by some of the things that make the list:

  • Access fobs / keys (or other means of gaining physical entry)

  • Buildings (and their physical security)

  • CCTV cameras

  • Computers (you may wish to consider servers, desktops and laptops as seperate category codes, as they carry differnet levels of risk)

  • Internet enabled devices (which these days can include a vast array of different products from Alexa devices to TVs and a whole host of other things in between!)

  • Photocopiers

  • Printers

  • Routers

  • Software (we can pretty much gaurantee that this list on its own will be much greater than you expect, and by engaging with all members of your team, you may find that you can consolidate (and therefore reduce risk) what packages you use across the organisation

  • Telephones (fixed and mobile)

  • Uninteruptable Power Supplies (UPS)

  • USB memory sticks

  • Webcams

  • Whiteboards (where it's easy to leave confidential data on a board in a meeting room that will be used by someone else afterwards!)

This list is not exhaustive, but will provide a useful starting point for many organisations.

 

If the list seems a little daunting, and you'd like some help with how to apply this knowledge within your own organiation, why not give us a call on 029 2070 3328 or contact us via info@penarth.co.uk.

Comments


bottom of page