CHAPTER 8: INFORMATION ASSETS
The information security policy and the scoping statement, discussed in Chapter 6, describe the boundaries of the ISMS. You have to consider, at a reasonably high level, the information assets that underpin the organisation’s business processes in order to establish the scope of the ISMS. You now return to the subject, but this time the objective is to identify all those assets in detail.
Assets within the scope
The first step in meeting the ISO27001 requirements for risk assessments is to identify all the information assets (and ‘assets’ includes information systems – which should be so defined in your information security policy) within the scope (4.2.1 – a) of the ISMS and, at the same time, to document which ...