What are Assets according to ISO 27001?
ISO 27001 is a robust framework for managing information security. It provides requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). The standard not only optimises security practices but also helps organisations to manage the security of assets such as financial information, intellectual property, employee details, and third-party information.
Definition of Assets in ISO 27001
It is important to note that ISO 27001 does not include a specific definition of assets.
However, in the context of ISO 27001, ‘assets’ are really anything that have value to the organisation and are essential for performing business activities.
ISO 27001 recognises that the protection of these assets, through the implementation of appropriate security controls, is critical to the integrity and security of corporate information.
Examples of Different Types of AssetsInformation Assets: These are the primary focus of ISO 27001 and include both electronic and physical
information. Examples include:
- Databases and data files
- Contracts and business plans
- Intellectual property
- Customer and employee data
- Company policies and procedures
- Computers and servers
- Mobile devices (phones and tablets)
- Network devices (routers, switches, and so on)
- Printing devices and scanners
- Security systems (CCTV, biometrics, and so on)
- Office equipment and furniture
- Operating systems and applications
- System management tools
- Development tools
- Backup and encryption software
- Cloud services (IaaS, PaaS)
- Communications (telephony, email service)
- Outsourced services (IT support, security monitoring)