Information Asset Register

Our information asset register [Restricted to FundApps staff] contains every information asset of value to FundApps. For example, this includes:

  • Client support queries

  • Internal communications

  • Server logs

  • Development source code

Identification

Information assets are identified as part of:

  • Monthly company-wide security awareness sessions

  • Monthly security review meetings

  • Our software development lifecycle

  • Everyday working practice

Assessment

For each information asset identified, we

  • Assign an owner for the information

  • Identify if it falls under any specific regulation (primarily General Data Protection Regulation)

  • Assess CIA ratings in accordance with our risk management process

  • Identify an appropriate data classification from these ratings

  • Identify the information systems that contain this data

  • Identify any specific information risks relating to this information and record it in our infosec risk register

  • Identify any specific business continuity risks relating to this information and record it in our BC risk register

Any changes to the register results in:

  • updates to our information systems register with regards the classification of information they hold

  • updates to our data classification policy with regards the information systems and asset information falling under each classification

  • updates to our access control register requiring us to record privileges granted to this systems and ensuring revokation during the offboarding process

Review

Information systems are reviewed as part of our monthly security review meetings.

PreviousRisk Management FrameworkNextInformation Systems Register

Last updated