iFour Consultancy

ISMS Framework: Clause 8 – Asset Management

ISO 27001:2013 has classified the Asset Management into:Clause A.8.1: Responsibility for Assets Clause A.8.2: Information ClassificationClause A.8.3: Media Handling

Asset Management – ISMS Requirements

ISO for Software Outsourcing Companies in India

A.8.3.1 Management of removable media

A.8.3.2 Disposal of media

A.8.3.3 Physical media transfer

Clause A.8.3: Media Handling

ISO for Software Outsourcing Companies in India

To prevent unauthorized disclosure, modification, removal or destruction of information stored on media.

Clause A.8.3: Media Handling

Objective

Organization shall Integrate necessary controls to manage media items, whether tapes, disks, flash disks, or removable hard drives, CDs, DVDs, or printed media, to ensure the integrity and confidentiality of data

Guidelines shall be developed and implemented to ensure that media are used, maintained, and transported in a safe and controlled manner

Procedures to erase media if no longer needed, to ensure information is not leaked, are also important.

A.8.3.1 Management of removable media

ISO for Software Outsourcing Companies in India

Control• Procedures shall be implemented for the management of removal media in accordance with the

classification scheme adopted by the organization.

A.8.3.2 Disposal of media

Procedures for handling classified information should cover the appropriate means of its destruction and disposal.

Serious breaches of confidentiality occur when apparently worthless disks, tapes, or paper files are dumped without proper regard to their destruction.

The best way to dispose data is to destroy it.

Control• Media shall be disposed of securely when no longer required, using formal procedures.

A.8.3.3 Physical media transfer

Control

• Media containing information shall be protected against unauthorized access, misuse or corruption during transportation.

https://spaces.internet2.edu/display/2014infosecurityguide/Asset+Management

References

ISO for Software Outsourcing Companies in India

Visit our websites :

http://www.ifour-consultancy.com http://www.ifourtechnolab.com

For more details :

ISO for Software Outsourcing Companies in India

THANK YOU