ISO 27001 Annex A 5.11 – Return Of Assets

ISO 27001 Annex A 5.11 Return Of Assets

The ISO 27001 Annex A 5.11 rule says that people must return all company items when they leave a job. This includes employees and outside workers. The main goal is to keep company information safe. It makes sure that no one keeps things they should not have.

Table of contents

What to Return

An asset is anything that a person uses for work. This includes both physical and digital items.

  • Physical Items: Laptops, phones, work badges, and keys.
  • Digital Items: Online accounts, software, and company data on personal devices.

What is ISO 27001 Annex A 5.11?

The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022).

In the ISO/IEC 27001:2022 Standard the control is titled “Return Of Assets”.

What is the ISO 27001 Annex A 5.11 control objective?

The formal definition and control objective in the standard is: “Personnel and other interested parties as appropriate should return all the organisation’s assets in their possession upon change or termination of their employment, contract or agreement.

What is the purpose of ISO 27001 Annex A 5.11?

The purpose of ISO 27001 Annex A 5.11 is “to ensure you protect the organisations assets as part of the process of changing or terminating employment, contract or agreement.

Is ISO 27001 Annex A 5.11 Mandatory?

ISO 27001 Annex A control 5.11 (Return Of Assets in the 2022 standard) is not automatically mandatory in the same way the clauses in the main body of the standard (clauses 4 through 10) are.

The mandatory part of the standard requires you to consider ISO 27001 Annex A 5.11 and all other Annex A controls, but you have the flexibility to exclude it if it is not applicable to your organisation’s specific risks and context.

Key Parts of the Rule

To follow this rule, you should have clear plans and policies. Here are some important steps:

  • Make a List: Keep a list of all assets that are given to people. This helps you know what to get back.
  • Update Contracts: Make sure your employee contracts say that they must return all company items.
  • Have a Process: When someone leaves, use a checklist to make sure you get everything back. This is part of the “offboarding” process.
  • Remove Access: Turn off their accounts and passwords right away. This stops them from getting into company systems.
  • Check and Clean: After an item is returned, check to see if all company data has been removed.

What an Auditor Will Check

An auditor will want to see proof that you are following these rules. They will look for:

  • A plan for the return of assets.
  • Evidence that you are following it.
  • Your list of assets and asset register to make sure it is correct.

You can learn more about return of assets and ISO 27001 by watching this video: Mastering Asset Management | ISO 27001 Annex A 5.11 Return Of Assets.

Related Posts