A.7.1 Responsibility for assets
Objective: To achieve and maintain appropriate protection of organizational assets.
A.7.1.1 Inventory of assets
All assets shall be clearly identified and an inventory of all important assets drawn up and maintained.
A.7.1.2 Ownership of assets
All information and assets associated with information processing facilities shall be ‘owned’ by a designated part of the organization.
A.7.1.3 Acceptable use of assets
Rules for the acceptable use of information and assets associated with information processing facilities shall be identified, documented, and implemented.
A.7.2 Information classification
Objective: To ensure that information receives an appropriate level of protection.
A.7.2.1 Classification guidelines
Information shall be classified in terms of its value, legal requirements, sensitivity and criticality to the organization.
A.7.2.2 Information labelling and handling
An appropriate set of procedures for information labeling and handling shall be developed and implemented in accordance with the classification scheme adopted by the organization.