03 Asset Management Policy

Asset Management Policy

The ISO 27001 asset management policy ensures the correct assets are identified and protected. We can protect what we do not know.

Information and information processing, storing and transmitting devices are identified and an inventory of these assets is drawn up and maintained. Ownership of assets is identified, agreed and documented along with roles and responsibilities. The acceptable use of assets is covered as is the return of assets. The use of asset registers is included.

Purpose

The purpose of this policy is the identification and management of assets.

Scope

All company employees and external party users.
All company information and physical assets.

Principle

Company assets are known, identified and managed with appropriate protection in place.

Asset Management Policy Contents Extract

Document Version Control
Document Contents Page
Purpose
Scope
Asset Management Policy
Principle
Inventory of Asset
Ownership of Assets
Acceptable use of assets
Return of Assets
Policy Compliance
Compliance Measurement
Exceptions
Non-Compliance
Continual Improvement

Consider: a how to tutorial on how to create and use an Asset Register

In this simple how to tutorial we show you how you can do it your self.

Asset Management Policy FAQ

Where can I get an Asset Management Policy template?

The asset management template can be found here – https://hightable.io/product/asset-management-policy-template/. It covers the requirements of ISO 27001 and other standards and is an important document for knowing what to protect as well as controlling assets.

What is asset management policy?

An asset management policy is a document that lays out what you do for the management of physical and data assets. It is a statement of what you do not how you do it. How you do it is located in your process, procedure and operating documents.

What is included in an asset management policy?

An asset management policy contains as a minimum:
Document Version Control
Document Contents Page
Purpose
Scope
Asset Management Policy
Principle
Inventory of Asset
Ownership of Assets
Acceptable use of assets
Return of Assets
Policy Compliance
Compliance Measurement
Exceptions
Non-Compliance
Continual Improvement

What is the purpose of the asset management policy?

The purpose of this policy is the identification and management of assets.

What is the scope of the asset management policy?

The scope of the asset management policy is all company employees and external party users. The scope covers all company information and physical assets.

What is the principle behind the asset management policy?

The asset management principle is that company assets are known, identified and managed with appropriate protection in place.

How do you record and manage assets?

For recording and managing assets you need and Inventory of Assets. Information and information processing, storing and transmitting devices are identified and an inventory of these assets is drawn up and maintained.
For each asset, at least the following, is recorded
• The asset name
• The asset owner
• The importance of the asset
• The classification of the asset
For physical assets additionally, at least the following is recorded
• Asset number
• Serial number
• Whether in use
• Last checked by and date
• What the asset does

Who owns assets and what are they responsible for?

Individuals, roles or teams are assigned ownership of assets.
Asset owners ensure assets are inventoried.
Asset owners ensure assets are appropriately classified and protected.
Asset owners ensure the proper handling when the asset is deleted or destroyed in line with the Information Classification and Handling Policy.
The asset owner may delegate routine tasks.

Scroll to Top