Information Asset Labeling A.8.2.2 27001

C

CyberDude

Guys What is the best way to label assets. Here are the few challenges that I have faced :
1. Implementation started for a government organization and millions of printed documents of different categories scattered across different locations dating back to 1970's. Multiple owners; segregating, grouping and labeling each group will take a long time may be 20 yrs. Similar situation can be seen in banks and insurance sector where they have started accepting digital documents recently only.

2. Labeling of documents or assets also puts the sensitive assets at more risk because they become identifiable now.

Any specific thoughts on this issue ? While I understand as per Annex A this can be put under exclusion too but auditors can challenge this exclusion without a proper justification. I would like to understand the implementation of this control in broader perspective.
 
Richard Regalado

Richard Regalado

Trusted Information Resource
CyberDude said:
Guys What is the best way to label assets. Here are the few challenges that I have faced :
1. Implementation started for a government organization and millions of printed documents of different categories scattered across different locations dating back to 1970's. Multiple owners; segregating, grouping and labeling each group will take a long time may be 20 yrs. Similar situation can be seen in banks and insurance sector where they have started accepting digital documents recently only.

2. Labeling of documents or assets also puts the sensitive assets at more risk because they become identifiable now.

Any specific thoughts on this issue ? While I understand as per Annex A this can be put under exclusion too but auditors can challenge this exclusion without a proper justification. I would like to understand the implementation of this control in broader perspective.
Click to expand...

Hello CD!

Make an exclusion statement such as "Any documented information created before [the date of the start of implementation of the ISMS] is excluded for labelling, unless that document is retrieved and used. Then, it should be labelled and marked according the relevant policies and procedures."
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M Need Help With Information Security Asset Risk Register IEC 27001 - Information Security Management Systems (ISMS) 2
B Looking for information om the DI-22 and DI-315 threads (mining/raiseboring) Document Control Systems, Procedures, Forms and Templates 0
J Structuring progression of information for deviations, NC to CAPA. ISO 13485:2016 - Medical Device Quality Management Systems 0
hussainap Can informal instructions be documented information General Auditing Discussions 30
A Help required in establishing Laboratory Information Management System as per ISO 17025, Cl.7.11.2 ISO 17025 related Discussions 0
Q Documented information ISO 9001:14001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
C EIFU and information provided on a USB Other Medical Device Related Standards 2
A Loss of certification because of outdated information in the Clinical Evaluation Report CE Marking (Conformité Européene) / CB Scheme 8
I Request for information regarding remote medical monitoring software (its technical documentation and the IUD system) IEC 62304 - Medical Device Software Life Cycle Processes 2
R Finding Equivalent Material Information Manufacturing and Related Processes 1
A Information on Process-based Internal Auditing Needed Internal Auditing 6
G Confidentiality of information during MD registration worldwide Other Medical Device Regulations World-Wide 0
S Risk control through Information for safety ISO 14971 - Medical Device Risk Management 12
B Documented information - Should be controlled? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
J PQ Systems User Community information? Using GAGEpack Software 21
Booker PSW - Organization Manufacturing Information APQP and PPAP 0
H Do you repeat information throughout your documentation submission? EU Medical Device Regulations 4
A Can a organization use a disclaimer "pending AS9100 Certification" in Marketing Information? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
D FDA Information - Revising the Instructions for Use US Food and Drug Administration (FDA) 0
S Mechanical Test Under FDA Freedom of Information Act Medical Device and FDA Regulations and Standards News 5
Watchcat Summary of De Novo Biocompatibility Information, 2015-2018 Other US Medical Device Regulations 0
Q Self-assessment audit information Quality Management System (QMS) Manuals 6
Sidney Vianna Release of ISO 10013:2021, Quality management systems – Guidance for documented information Other ISO and International Standards and European Regulations 0
W How long do you keep information about equipment no longer used? Document Control Systems, Procedures, Forms and Templates 2
L Documented Information in Internal Audits Process (9.2) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
R What information do i need to get from the device manufacturer 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0
T Types of confidential information ISO 17025 related Discussions 8
D Preservation of Electronic Data / Information Technology ISO 13485:2016 - Medical Device Quality Management Systems 5
SANTHSH API Spec.Q1 Standards Version in Purchasing Information Oil and Gas Industry Standards and Regulations 1
eule del ayre Documented Information - Periodic Review of Documents? IATF 16949:2016 / ISO 9001:2015 IATF 16949 - Automotive Quality Systems Standard 34
R Information on obtaining a market authorization for China China Medical Device Regulations 2
B SN95 Respirator Approval Information Other Medical Device Related Standards 0
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
O EN 301 489-1 and EN 301 489-17 - Where do we get the information of the Published versions? CE Marking (Conformité Européene) / CB Scheme 1
K Article 18: Implant Card and information to be communicated. EU Medical Device Regulations 5
K EU MDR Annex 1 Chapter III: Information in the Instructions for Use-23.4 (e) the performance characteristics of the device; EU Medical Device Regulations 2
Q GMDN Registration Basic preliminary Information EU Medical Device Regulations 0
J Controlled information versus defined documents / records ISO 13485:2016 - Medical Device Quality Management Systems 3
A Medical device Reporting : Good Faith Effort for Additional information Other US Medical Device Regulations 2
P Cenelec updated standard information CE Marking (Conformité Européene) / CB Scheme 1
Richard Regalado Automotive News TISAX - VDA ISA (information security assessment) VDA Standards - Germany's Automotive Standards 7
JoCam False information provided for Medical Device Registration - What are the implications? Other Medical Device Related Standards 3
adir88 Information of safety can reduce risk now? ISO 14971 - Medical Device Risk Management 12
Richard Regalado What could go wrong with information: Ransomware statistics and facts (2018 to present) IEC 27001 - Information Security Management Systems (ISMS) 0
Q LOT or Serial Number Symbol not used when the information is contained in the UDI? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
A Information about Medical Device Test Laboratories Other Medical Device and Orthopedic Related Topics 4
C Missing routers/documented information Nonconformance and Corrective Action 5
MrTetris Unacceptable risk and information for safety ISO 14971 - Medical Device Risk Management 16
M Is Harmonised EN 1041 (Information Supplied By Manufacturer) Worth Looking At? EU Medical Device Regulations 7
pziemlewicz Predicate Device Information for 510(k) Submission Medical Device and FDA Regulations and Standards News 4

Similar threads

Top Bottom