ISO 27002 Clause 7: Asset management

Responsibility for assets

Objective: To achieve and maintain appropriate protection of organisational assets.

All major information assets should be accounted for and have a nominated owner.

Inventory of assets

Inventories of assets should be established and maintained for all information processing systems, this will include information assets, hardware assets, software assets and service assets.

Ownership of assets

A nominated individual (by name or title) shall be appointed to 'own' (i.e. be responsible and accountable for) all organisational assets and their use. This will include access rights to, and classification of, those assets.

Acceptable use of assets

The owner of the organisational assets shall determine, document and promulgate the rules for the use of those assets for their whole life cycle. This includes creation or purchase to disposal. This may be dictated to by the classification placed on the assets by the owner (see 7.5.2 below)

An Introduction To Information, Network and Internet Security
ISO 27002 Clause 7: Asset management Responsibility for assets Objective: To achieve and maintain appropriate protection of organisational assets. All major information assets should be accounted for and have a nominated owner. Inventory of assets Inventories of assets should be established and maintained for all information processing systems, this will include information assets, hardware assets, software assets and service assets. Ownership of assets A nominated individual (by name or title) shall be appointed to 'own' (i.e. be responsible and accountable for) all organisational assets and their use. This will include access rights to, and classification of, those assets. Acceptable use of assets The owner of the organisational assets shall determine, document and promulgate the rules for the use of those assets for their whole life cycle. This includes creation or purchase to disposal. This may be dictated to by the classification placed on the assets by the owner (see 7.5.2 below)	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security