Asset Classification and Control
The organization should be in a position to understand what information assets it holds, and to manage their security appropriately.

This section contains the following sub-sections:

5.1 Accountability for assets - an inventory of information assets (IT hardware, software, data, system documentation, storage media and ICT services) should be maintained. The inventory should record ownership and location of the assets.All [information] assets should be accounted for and have a nominated owner. An inventory of information assets (IT hardware, software, data, system documentation, storage media and ICT services) should be maintained. The inventory should record ownership and location of the assets, and owners should identify acceptable uses.

5.2 Information classification - information should be classified and labelled accordingly.

Recently Changed
Certification (ages ago)
risk treatment plan (ages ago)
Spanish (ages ago)