BANGALORE Business Solutions

Document No. Asset Classification

IMSP 5
and Control
IMSP 5 Asset classification & control
5.1 SCOPE

This procedure is to ensure that all information assets are accounted for and receive
appropriate levels of protection.

5.2 INVENTORY OF ASSETS

All significant assets are identified and recorded in between two asset registers.

1. “Powered Assets Register”

2. “Fixed Assets Register”

1. The “Powered Assets Register” is maintained current at all times by the Facilities and
Hosting team.
Powered Assets include:
• Physical Assets that require a power supply; computer equipment,
peripherals, communications assets, media, supporting technical equipment.
• Information Assets; data files, system documentation, significant manuals,
Licence information, plans and archives.
• Software Assets; application software, system software and utilities

2. The “Fixed Assets Register” is maintained current at all times by the Administration
team.
Fixed Assets
• Physical equipment without power supply, such as Desks, Chairs, general
office equipment that does not require a power supply.

5.3 RESPONSIBILITY

Assets are accounted for and security controls are required where there is a risk that the
deliberate or accidental compromise of assets interfere with the effective conduct of Biznet
Solutions’ business.

The “Powered Assets Register” is maintained current at all times by the Facilities and
hosting team.
The “Fixed Assets Register” is maintained current at all times by the Administration team.

It is the Departmental Managers’ responsibility to ensure any assets within their area which
are unaccounted for, are communicated to the Facilities and Hosting Department for review.
Asset owners and originators are responsible for ensuring that assets are classified
appropriately.

CONFIDENTIAL – INTERNAL USE ONLY PAGE: 1 of 5

AUTHORISED: Dilip Patel DATE: 29/10/xxxx ISSUE: 1.0
NOTE: PLEASE CONSULT THE MASTER COPY TO VERIFY THAT THIS IS THE CORRECT REVISION BEFORE USE.

Page |1

ISO 27001:2013 ISMS A/LA VILT TC

Activity 8 17-03-2020
 BANGALORE Business Solutions
Document No. Asset Classification
IMSP 5
and Control
A list of hardware assets as maintained by the Facilities and Hosting team is available as
an Excel document on the file server.

A list of “fixed” assets as maintained by the Administration team is available as an Excel

document on the file server

5.4 INFORMATION CLASSIFICATION GUIDELINES

Sensitive information shall be classified in order to ensure that appropriate levels of

protection can be achieved.

The definition for the level of protective marking has been formulated to cover a wide range
of documentary and other types of assets, which include:

 Paper based documents

 Information held and transmitted in electronic formats
 Valuables and cash
 Equipment
 Operating systems

Applying a protective marking to a sensitive asset indicates to others the appropriate level of
protection and security controls required to protect it against compromise.

Assets may be marked as either

1. Confidential – Internal Use Only
2. Commercial in Confidence
3. or left unclassified.

The following guidelines represent the minimum that should be applied.

CONFIDENTIAL – INTERNAL USE ONLY PAGE: 2 of 5

AUTHORISED: Dilip Patel DATE: 29/10/xxxx ISSUE: 1.0
NOTE: PLEASE CONSULT THE MASTER COPY TO VERIFY THAT THIS IS THE CORRECT REVISION BEFORE USE.

Page |2

ISO 27001:2013 ISMS A/LA VILT TC

Activity 8 17-03-2020
 BANGALORE Business Solutions
Document No. Asset Classification
IMSP 5
and Control

Confidential – Internal Use Only and Commercial in Confidence

Asset Value or The compromise of assets marked Confidential – Internal use Only would:
consequences of 1. Compromise BANGALORE Business Solutions interests or their
compromise business operations.
1. Adversely affect BANGALORE Business Solutions ability to provide
acceptable levels of service to one or more clients.
2. Disadvantage or compromise one or more employees or business
partners.

The compromise of assets marked Confidential - Commercial in

Confidence would
1. Compromise BANGALORE Business Solutions and / or The
Company mentioned, interests or their business operations.
2. Disadvantage or compromise one or more employees or
businesses.

Level of Protection The levels of protection provided for assets marked Confidential – Internal
use Only and Confidential - Commercial in Confidence should:
1. Inhibit casual unauthorised access.
General Treatment For the storage and control of assets marked Confidential, users should do
everything possible to:
1. Make accidental compromise or damage unlikely during storage,
handling, use, processing, transmission or transport
2. Offer a degree of resistance to deliberate compromise
3. Reduce the risk of accidental compromise
4. Dispose or destroy in a manner to make retrieval or reconstruction
unlikely
5. Prevent such material being released onto the Internet without
appropriate levels of encryption.
Access Requirements Access to assets marked Confidential – Internal use Only or Confidential -
Commercial in Confidence should be limited to the following personnel who
fulfil the following criteria:
1. Those individuals with a "direct need to know" as defined by the case
handler or their deputies.

Classification All client related information is classified as Confidential – Internal use

Only. All information regarding BANGALORE Business Solutions '
administration is classified as non-confidential with the exception of the
following:

1. Administration relating to business matters

2. Administration relating to internal security (e.g. entry codes)
3. Administration relating to named clients and/or the company’s personnel

CONFIDENTIAL – INTERNAL USE ONLY PAGE: 3 of 5

AUTHORISED: Dilip Patel DATE: 29/10/xxxx ISSUE: 1.0
NOTE: PLEASE CONSULT THE MASTER COPY TO VERIFY THAT THIS IS THE CORRECT REVISION BEFORE USE.

Page |3

ISO 27001:2013 ISMS A/LA VILT TC

Activity 8 17-03-2020
 BANGALORE Business Solutions
Document No. Asset Classification
IMSP 5
and Control

CONFIDENTIAL – INTERNAL USE ONLY PAGE: 4 of 5

AUTHORISED: Dilip Patel DATE: 29/10/xxxx ISSUE: 1.0
NOTE: PLEASE CONSULT THE MASTER COPY TO VERIFY THAT THIS IS THE CORRECT REVISION BEFORE USE.

Page |4

ISO 27001:2013 ISMS A/LA VILT TC

Activity 8 17-03-2020
 BANGALORE Business Solutions
Document No. Asset Classification
IMSP 5
and Control

Unclassified
Asset Value or The compromise of "Unclassified" assets would:
consequences of 1. Not compromise a client's interests or their business operations.
compromise 2. Not adversely affect BANGALORE Business Solutions ability to provide
acceptable levels of service to any client.
Level of Protection The levels of protection provided for "Unclassified" assets should:
1. Promote discretion in order to avoid unauthorised access.
General Treatment For the storage and control of "Unclassified" assets, users should do
everything possible to:
1. Protect the integrity of information
2. Dispose of information or assets in a sensible way consistent with the
content of the information.
Access Requirements Access to "Unclassified" assets are available to the following personnel
who fulfil the following criteria:
1. Those individuals with a "reasonable need to know'
Application All assets which are not Confidential are Unclassified

5.5.2 LABELLING
All assets shall be labelled:

6.0 RELATED DOCUMENTS

Fixed Assets List

CONFIDENTIAL – INTERNAL USE ONLY PAGE: 5 of 5

AUTHORISED: Dilip Patel DATE: 29/10/xxxx ISSUE: 1.0
NOTE: PLEASE CONSULT THE MASTER COPY TO VERIFY THAT THIS IS THE CORRECT REVISION BEFORE USE.

Page |5

ISO 27001:2013 ISMS A/LA VILT TC

Activity 8 17-03-2020