ISO 27001 Control A.7

A.7.1 Responsibility for assets

Objective: To achieve and maintain appropriate protection of organizational assets.

A.7.1.1 Inventory of assets

Control

All assets shall be clearly identified and an inventory of all important assets drawn up and maintained.

A.7.1.2 Ownership of assets

Control

All information and assets associated with information processing facilities shall be ‘owned’ by a designated part of the organization.

A.7.1.3 Acceptable use of assets

Control

Rules for the acceptable use of information and assets associated with information processing facilities shall be identified, documented, and implemented.

_______________________________________________________________________________________________________________

A.7.2 Information classification

Objective: To ensure that information receives an appropriate level of protection.

A.7.2.1 Classification guidelines

Control

Information shall be classified in terms of its value, legal requirements, sensitivity and criticality to the organization.

A.7.2.2 Information labelling and handling

Control

An appropriate set of procedures for information labeling and handling shall be developed and implemented in accordance with the classification scheme adopted by the organization.

Leave a Reply

Your email address will not be published. Required fields are marked *