Per ISO/IEC 27002:20222 | 5.9 - Information Security in Project Management, “The organization should identify its information and other associated assets and determine their importance in terms of information security. Documentation should be maintained in dedicated or existing inventories as appropriate.”
An asset inventory, also known as a fixed asset inventory or asset register, is a detailed record or listing of all the tangible and intangible assets owned by an individual, organization, or entity. It provides a comprehensive overview of the assets, including their physical and financial characteristics, location, condition, and other relevant details.
An asset inventory typically includes the following:
- Tangible assets: These are physical items that can be touched or seen, including buildings, land, vehicles, machinery, equipment, furniture, and computer hardware.
- Intangible assets: These are non-physical assets that lack a physical presence but hold value, such as intellectual property (patents, copyrights, trademarks), licenses, software, domain names, brand names, and goodwill.
Additionally, for the inventory of assets, they are to include the use of, but not limited to, the following unique identifiers:
- Asset Name
- Hostname
- Asset Description
- Asset Element (Physical or Electronic)
- Asset Function
- Does Asset Contain or consist of any type of PII?
- Data Retention Period
- Serial Number or other type of unique identifier
- IP | Routing | Network Address Information
- physical Location
- Logical Location
- Asset Owner
- Asset Users
- Audit Trails and Logging Enabled
- File Integrity Monitoring Enabled
- Anti-malware software in use
- Assigned FIPS 140 Security Categorization
- Any other relevant information
What organizations need to have in place is a well-defined policy, and a supporting asset inventory spreadsheet, for ISO/IEC 27002:20222 | 5.9 - Inventory of Information and Other Associated Assets, which is available for download, along with more than 100 + ISMS policies, procedures, programs, and plans - all from MorganHill.
Download ISMS 27002:2022 Policy Templates Today - Over 100 + Documents Available
We offer world-class, industry leading security documentation for helping organizations develop all required Information Security Management System (ISMS) policies, procedures, programs, and plans in accordance with ISO/IEC 27001 & 27002:2022.
WORLD CLASS ISMS SECURITY DOCUMENTS
Get Access to dozens of ISMS templates to accelerate your ISO/IEC 27001 journey.
More Posts
Health Technology Case Study
Four months after completing all necessary pre-certification work, the organization obtained ISO/IEC 27001 certification from an accredited ISO ANAB body that we recommend to them.
Cybersecurity Case Study
Obtained ISO 27001 certification from an accredited ISO ANAB body that I recommend to them.
Manufacturing Case Study
Four months after completing all necessary pre-certification work, the organization obtained ISO 27001 certification from an accredited ISO ANAB body that we recommend to them.
Healthcare Case Study
Three months after completing all necessary pre-certification work, the organization obtained ISO/IEC 27001 certification from an accredited ISO ANAB body that we recommend to them.
