2. ISO 27001:2013 has classified the Asset Management into:
Clause A.8.1: Responsibility for Assets
Clause A.8.2: Information Classification
Clause A.8.3: Media Handling
Asset Management – ISMS Requirements
ISO for Software Outsourcing Companies in India
3. A.8.3.1 Management of removable media
A.8.3.2 Disposal of media
A.8.3.3 Physical media transfer
Clause A.8.3: Media Handling
ISO for Software Outsourcing Companies in India
4. To prevent unauthorized disclosure, modification, removal or destruction of information stored on
media.
Clause A.8.3: Media Handling
5. Organization shall Integrate necessary controls to manage media items, whether tapes, disks, flash disks, or
removable hard drives, CDs, DVDs, or printed media, to ensure the integrity and confidentiality of data
Guidelines shall be developed and implemented to ensure that media are used, maintained, and
transported in a safe and controlled manner
Procedures to erase media if no longer needed, to ensure information is not leaked, are also important.
A.8.3.1 Management of removable media
ISO for Software Outsourcing Companies in India
• Procedures shall be implemented for the management of removal media in accordance with the
classification scheme adopted by the organization.
6. A.8.3.2 Disposal of media
Procedures for handling classified information should cover the appropriate means of its destruction
and disposal.
Serious breaches of confidentiality occur when apparently worthless disks, tapes, or paper files are
dumped without proper regard to their destruction.
The best way to dispose data is to destroy it.
• Media shall be disposed of securely when no longer required, using formal procedures.
7. A.8.3.3 Physical media transfer
• Media containing information shall be protected against unauthorized access, misuse or
corruption during transportation.
9. Visit our websites :
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
For more details :
ISO for Software Outsourcing Companies in India
Editor's Notes
ISO for Software Outsourcing Companies in India – http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
ISO for Software Outsourcing Companies in India – http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
ISO for Software Outsourcing Companies in India – http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
ISO for Software Outsourcing Companies in India – http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
ISO for Software Outsourcing Companies in India – http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
ISO for Software Outsourcing Companies in India – http://www.ifour-consultancy.com
http://www.ifourtechnolab.com