FixNix Blog

ISO 27001 Control A.7

May 29, 2019 2:23:21 AM / by Keyura

A.7.1 Responsibility for assets

Objective: To achieve and maintain appropriate protection of organizational assets.

A.7.1.1 Inventory of assets

Control

All assets shall be clearly identified and an inventory of all important assets drawn up and maintained.

A.7.1.2 Ownership of assets

Control

All information and assets associated with information processing facilities shall be ‘owned’ by a designated part of the organization.

A.7.1.3 Acceptable use of assets

Control

Rules for the acceptable use of information and assets associated with information processing facilities shall be identified, documented, and implemented.

_______________________________________________________________________________________________________________

A.7.2 Information classification

Objective: To ensure that information receives an appropriate level of protection.

A.7.2.1 Classification guidelines

Control

Information shall be classified in terms of its value, legal requirements, sensitivity and criticality to the organization.

A.7.2.2 Information labelling and handling

Control

An appropriate set of procedures for information labeling and handling shall be developed and implemented in accordance with the classification scheme adopted by the organization.

Topics: fixnix, grc, information security, ISO 27001, compliance management, controls, policy, Regtech

Keyura

Written by Keyura

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

see all

Recent Posts