The ISO 27001 Annex A 5.11 rule says that people must return all company items when they leave a job. This includes employees and outside workers. The main goal is to keep company information safe. It makes sure that no one keeps things they should not have.
What to Return
An asset is anything that a person uses for work. This includes both physical and digital items.
- Physical Items: Laptops, phones, work badges, and keys.
- Digital Items: Online accounts, software, and company data on personal devices.
How to Do It
Your company should have a plan for how to get assets back. This plan should be clear and easy to follow.
- Make a List: Keep a list of all assets that are given to people. This helps you know what to get back.
- Update Contracts: Make sure your employee contracts say that they must return all company items.
- Have a Process: When someone leaves, use a checklist to make sure you get everything back. This is part of the “offboarding” process.
- Remove Access: Turn off their accounts and passwords right away. This stops them from getting into company systems.
- Check and Clean: After an item is returned, check to see if all company data has been removed.
Common Questions
What does an auditor check?
An auditor will check your plan. They will want to see proof that you are following it. They will also look at your list of assets to make sure it is correct.
Are there changes to this rule?
This rule is not new. The newer ISO 27001 version just gives a clearer list of things to return. The main idea is the same.
Why is this rule needed?
This rule is very important. It helps stop people from taking private company data. It also helps stop data from being lost or stolen.
Here is a video from YouTube that explains the return of assets for ISO 27001. Mastering Asset Management | ISO 27001 Annex A 5.11 Return Of Assets.