ISO 27001 Annex: A.8.1.3 Acceptable Use of Assets & A.8.1.4 Return of Assets
This is a component of assets management. The previous article continued the theme in this one.
A.8.1.3 Acceptable Use of Assets
Control
Identify, document, and implement acceptable use policies for information and facilities related to information and information processing.
Implementation Guidance
All who use the organization’s assets, as well as those who have access to its resources, should be made aware of the requirements of information security. Each user is responsible for all usage of any information processing service that they use on their own.
A.8.1.4 Return of Assets
Control
Employees and external stakeholders both have the responsibility of returning all assets in their possession upon termination of their employment, contract, or agreement
Implementation Guidance
Once the termination period has ended, any tangible or electronic assets assigned or entrusted to the company must be returned legal with the process.
It is critical that when an employee or an outsider uses the company’s equipment or their equipment, they follow the protocol to ensure that relevant information is brought to the company and removed safely from the equipment.
When an employee or an external user knows information that is needed for ongoing operations, they should report it and submit it. A company should monitor terminated employees and contractors for any unauthorized copies of sensitive information (e.g., intellectual property) during the notice period.
Related Questions
1. What is the return on assets formula?
2. What is a return on assets?
3. What is acceptable ROA and ROE?
4. What is an information asset according to ISO 27001?
5. Discuss ISO 27001 Annex: A.8.1.3 Acceptable Use of Assets & A.8.1.4 Return of Assets.