Low

The assets making up a system that are under control of the organisation are registered and tracked in the CMDB. System owners periodically check that the information in the CMDB regarding their systems is accurate and up-to-date. System owners accurately maintain any documentation needed to deliver, describe, support and maintain the systems.

Organisations maintain an accurate and up-to-date registry of organisational hardware and software assets in a Configuration Management Database (CMDB).

The Information Systems and Processes are identified and registered. Each System and Process has an owner within the organisation. The owner is responsible for compliance with the organisational information security policy. Ownership falls to a single person and not to an organisational unit. Systems and Processes are classified according to the organisational classification policy to determine the appropriate level of protection. The classification is reviewed and updated periodically. The owner is responsible for the classification.

End users are actively informed on the organisational policies regarding acceptable use of assets. Organisationally offered IT assets and services must be used for professional purposes, the usage of free/private alternatives is not allowed. Templates & References Example AUP (NL): GebruiksreglementDownload