ISO 27001 Annex A 5.9 is about making a list of a company’s information and other important items. This list is a key part of keeping data safe. The rule says that a list of information and other assets, along with their owners, must be made and kept up to date.
Why Is This Important?
You cannot protect what you do not know you have. This rule helps a company:
- Know what it has.
- Figure out what risks those items face.
- Make sure the right people are in charge of them.
This helps a company stay safe and meet legal rules.
What to Do
- Make a list: List all of your company’s important information and other items. This includes things like computers, data, and software.
- Assign an owner: Give each item an owner. The owner is the person or group in charge of that item.
- Keep it updated: Make sure the list is always correct. Update it when you add, change, or get rid of an item.
- Protect assets: Put safety rules in place based on how important each item is.
What an Auditor Will Check
An auditor will check if you have an asset list. They will also check if you have given each item an owner. The auditor will look for proof that you are keeping the list up to date and that you are protecting your items.
Frequently Asked Questions
- What is an asset inventory? An asset inventory is a full list of all a company’s important items. It helps you keep track of everything.
- What are the benefits of this rule? It helps you improve security and lower the chance of data problems. It also helps you meet legal rules.
- Who is in charge? The owner of each item is in charge of managing it.