Professional Documents
Culture Documents
Asset Management Policy
Asset Management Policy
1.1 Introduction..........................................................................................................................2
2 Scope.......................................................................................................................................2
3. Asset Management.................................................................................................................2
3.1 Responsibility for assets...................................................................................................2
3.1.1 Asset Inventory..........................................................................................................2
3.1.2 Ownership of assets...................................................................................................3
3.1.3 Acceptable use of assets............................................................................................3
3.1.4 Return of assets..........................................................................................................3
3.2 Media Handling................................................................................................................4
3.2.1 Management of removable media..............................................................................4
3.2.2 Disposal of media......................................................................................................4
3.2.3 Physical media transfer..............................................................................................4
3.3 Key performance indicators (KPIs)..................................................................................5
1.1 Introduction
In today's digital age, information is a valuable asset for organizations, and ensuring its
confidentiality, integrity, and availability is paramount. To safeguard sensitive information
and demonstrate a commitment to robust information security practices, our organization
adheres to the international standard ISO/IEC 27001: Information Security Management
Systems (ISMS). This document serves as an introduction to our ISO 27001 compliance
policy, outlining our dedication to establishing, implementing, maintaining, and continually
improving an effective information security management system.
2 Scope
This policy applies to all employees, contractors, and third-party entities that have access to
our information assets. It encompasses all forms of information, whether stored electronically
or in hard copy, and includes information processed, stored, or transmitted using
organizational information systems.
3. Asset Management
Objective:
To identify organizational assets, define appropriate protection responsibilities and to know
asset criticality helping to put a specific control to every assets.
Scope:
All IT assets within my organization
o Assets should be identified and an inventory of these assets should be drawn up and
maintained.
o The asset inventory should be accurate, up to date, and aligned with other inventories.
o Employees and external party users using or having access to the organization’s assets
should be made aware of the information security requirements of the organization
3.1.4 Return of assets
o All employees and external party users should return all of the organizational assets in
their possession upon termination of their employment, contract or agreement.
o The termination process should be formalized to include the return of all previously
issued physical and electronic assets owned by or entrusted to the organization.
o Where an employee or external party user has knowledge that is important to ongoing
operations, that information should be documented and transferred to the
organization.
o During the notice period of termination, the organization should control unauthorized
copying of relevant information (e.g. intellectual property) by terminated employees
and contractors.
o Authorization should be required for media removed from the organization and a
record of such removals should be kept in order to maintain an audit trail.
o Multiple copies of valuable data should be stored on separate media to further reduce
the risk of coincidental data damage or loss.
o Procedures should be in place to identify the items that might require secure disposal.
o Logs should be kept, identifying the content of the media, the protection applied as
well as recording the times of transfer to the transit custodians and receipt at the
destination.