Scribd
Upload
89 views

A.8.1.2 Ownership of Assets A.8.1.3 Acceptable Use of Assets

The document outlines controls for organizational assets and information classification. It discusses inventorying assets, defining ownership and acceptable use, and ensuring the return of assets when employment ends. Information is to be classified based on legal requirements, value, criticality and sensitivity, and procedures are to be developed for labeling, handling and managing removable media according to the classification scheme.

Uploaded by

Sara Cruz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
89 views

A.8.1.2 Ownership of Assets A.8.1.3 Acceptable Use of Assets

The document outlines controls for organizational assets and information classification. It discusses inventorying assets, defining ownership and acceptable use, and ensuring the return of assets when employment ends. Information is to be classified based on legal requirements, value, criticality and sensitivity, and procedures are to be developed for labeling, handling and managing removable media according to the classification scheme.

Uploaded by

Sara Cruz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Table A.

I (continued)
Objective: To identify organizational assets and define appropriate protection responsibilities.

Control
Assets associated with information and information processing
Inventory of assets
facilities shall be identified and an inventory of these assets shall
be drawn up and maintained.
Control
A.8.1.2 Ownership of assets Assets maintained in the inventory shall be owned.
Control
A.8.1.3 Acceptable use of Rules for the acceptable use of information and of assets associated
assets with information and information processing facilities shall be
identified, documented and implemented.
Control
All employees and external party users shall return all of the
A.8.1.4 Return of assets
organizational assets in their possession upon termination of their
employment, contract or agreement.
A.8.2 Information classification
Objective: To ensure that information receives an appropriate level of protection in accordance
with its importance to the organization.
Control
A.8.2.1 Classification of infor- Information shall be classified in terms oflegal requirements,
mation value, criticality and sensitivity to unauthorised disclosure or
modification.
Control
A.8.2.2 Labelling of informa- An appropriate set of procedures for information labelling shall be
tion developed and implemented in accordance with the information
classification scheme adopted by the organization.
Control
Procedures for handling assets shall be developed and imple-
A.8.2.3 Handling of assets
mented in accordance with the information classification scheme
adopted by the organization.
A.8.3 Media handling
Objective: To prevent unauthorized disclosure, modification, removal or destruction of
information stored on media.
Control
Management of remov- procedures shall be implemented for the management ofremov-
A.8.3.1
able media able media in accordance with the classification scheme adopted by
the organization.
Control
A.8.3.2 Disposal ofmedia Media shall be disposed of securely when no longer required, using
formal procedures.
Control
A.8.3.3 Physical media trans- Media containing information shall be protected against unauthor-
fer
ized access, misuse or corruption during transportation.
A.9 Access control
A.9.1 Business requirements of access control

You might also like