An organisation’s assets are wide-ranging. They can cover people, the premises they occupy, the products and services they supply and the information they have. Understanding which of these assets are critical to your organisation’s existence and operation should be the starting point in your protective security planning process. The questions you need to address are:
- Where does responsibility for critical asset management lie within your organisation?
- Is there a register of all sensitive/high risk/value sites and assets? If so who has access to this register, or any location where information on critical assets is stored?
- Are there effective communication links between staff with responsibility for critical asset management and security managers/staff tasked with security matters? If not how can these links be established?
- How often is your critical asset management register or files reviewed and updated?
- Has your organisation assessed the impact if critical assets were to be lost or damaged?
- Do any of your contractors or suppliers have responsibility for your critical assets – and if so what assurances do you have that your assets are properly protected?
Use the links below to help you address these questions:
- 10 Steps to Cyber Security, Executive Companion – highlights the importance of information assets and the impact of a breach or incident
- Security in the supply chain – establishing a supply chain security risk mitigation programme – methodology and mitigation
- Personnel security risk assessment – examining risks that people pose to your most valued assets.
- Asset Identification Guide