3.3.3 Asset Management
| No: 381000091275 | Date(g): 24/5/2017 | Date(h): 28/8/1438 | Status: In-Force |
Principle
The Member Organization should define, approve, implement, communicate and monitor an asset management process, which supports an accurate, up-to-date and unified asset register.
Objective
To support the Member Organization in having an accurate and up-to-date inventory and central insight in the physical / logical location and relevant details of all available information assets, in order to support its processes, such as financial, procurement, IT and cyber security processes.
Control considerations
| 1. | The asset management process should be defined, approved and implemented. | |
| 2. | The effectiveness of the asset management process should be monitored, measured and periodically evaluated. | |
| 3. | The asset management process should include: | |
| a. | a unified register; | |
| b. | ownership and custodianship of information assets; | |
| c. | the reference to relevant other processes, depending on asset management; | |
| d. | information asset classification, labeling and handling; | |
| e. | the discovery of new information assets. | |