I dont know if you are an "expert" or at least "very knowledgable" in the critical process you want to implement 27001 into. It's ideal that YOU and only YOU make the asset inventory, people in business units may consider assets that are not even relevant for the implementation of the standard or just the opossite, relevant assets are left out. Confidentiality (Restricted, confidential, etc.)īut those are the fields I use for qualitative risk analysis.Disponibility (necesary, indispensable, etc.).(Sometimes is the same as the owner someties not) (Chief of department, manager, business unit, etc.) Storage (Where is stored, warehouse, database, etc.).programmers are input assets on a software factory) Asset (Workstation, software, employee, etc.).I don't know what are "mandatory" fields for the methodology you are following or the process you are going to implement the standard in.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |