T1.1.1 - ASSET MANAGEMENT POLICY Implementation Guidance
The entity shall establish an asset management policy.
Back to T1.1.1 - P2 - ASSET MANAGEMENT POLICY
The asset management policy provides a structure for the management of IT assets (e.g. people, hardware, software, data, facilities) from procurement to disposal. The policy can, for example, contain in addition to the required sub-controls:
- A. IT Assets classification scheme
- B. Classified assets security requirements
- C. Disciplinary procedure
The asset management policy can be included as part of the general information security policy, in a single policy document, or can be represented by multiple policies reflecting the complex nature of certain entities.
