TQMC has acquired wide Domain Knowledge and Experience. You can FREELY access it here and here

DISCLAIMER: This matter here is a guide only. For authentic and up-to-date information, please contact TQMC.

The DIRECTIVES and STANDARDS listed here may have been subsequently REVISED . You must refer to the CURRENT REVISION and AMENDMENTS if any.

Saturday, March 13, 2010

understanding ISMS

Dear professionals

The way 'information asset' is usually defined is anything that is holding or carrying the 'business information' and we have to do the risk assessment for all the identified information assets in an organization. Then there are 'controls' like 'standby generators’ or 'air-conditioning systems' for which risk assessment is not required

Now, incase of air-conditioning systems installed with sensors that generates information OR other similar controls and most importantly when they are connected and operated through servers, shall we consider that information, generated / used by the controls for their functionality as business information and based on that shall we consider them as information assets and consequently do the risk assessment??.

Would really appreciate the experience and advise sharing


No comments:

Post a Comment