Problem

Information assets need to be identified, properly classified, and managed throughout their lifecycles. From the creation of an information asset to its end of life or destruction, these assets must be tightly controlled. Most organizations have not implemented an asset classification model to determine the risk level of all information assets and change in risk level as information is created, transferred, stored and destroyed. A company must know where all assets are stored and the criticality of these information assets to apply the appropriate level of security; information requires different levels of protection.

Solution

The Asset Classification assessment will utilize the existing framework for asset classification and enhance it to integrate more fully without business processes and modify the current processes to be more practical and efficient. Classification enables employees and systems to apply appropriate handling processes to protect corporate, customer and business partner information. During the assessment we conduct the following:

1. Review all asset classification processes, procedures and documentation 

2. Map the asset classification policies to inventory mechanisms and data storage functions

3. Develop processes to manage Asset Classification according to global restrictions on the company’s operations

4. Work with your vendor’s implementation of asset tracking systems to ensure coordination of new processes around data leakage and risk levels

5. Develop / update asset classification lifecycle

6. Modify policies, procedures and documents to match new security strategy and to map back to the your supplier assessment processes

7. Identify Privacy Requirements over all types of Information assets

8. Develop templates for asset classifications around systems (networks, servers, workstation) and types of data being used and stored

9. Map to key requirements around:

a. Compliance requirements

b. Information owner

c. Associated business functions

d. Archive and retention requirements

How the Process Works

The current asset classification policies will be enhanced and all processes and procedures necessary to identity assets at risk, how the new classification schemes will work in other security procedures and the ability to assign risk levels to all information assets will be in place at the conclusion of this project. A detailed procedures manual will be completed to address all forms of information assets and how to classify them.