Asset Management Policy
Identification, ownership and handling of information assets (Annex A 5.9).
Failed to load preview.
About this Asset Management Policy
The Asset Management Policy is a ready-to-use ISO 27001:2022 template designed to help organizations document and operate the controls expected by certification auditors. It directly supports Annex A 5.9 of the ISO 27001 Annex A control set.
Identification, ownership and handling of information assets (Annex A 5.9). Use it as the baseline for your ISMS documentation, tailor it to your scope and risk appetite, then maintain it through your normal document-control process.
What's inside
- - Pre-written purpose, scope and policy statements
- - Roles and responsibilities aligned with ISO 27001:2022
- - Control requirements mapped to Annex A 5.9
- - Review, approval and version-control sections
- - Editable Word (.docx) version in the Document Pack
Who is this for
- - Companies pursuing ISO 27001:2022 certification
- - ISMS managers and information security leads
- - Consultants delivering ISO 27001 implementations
- - Auditors preparing evidence packs for Stage 1 / Stage 2
- - SaaS and tech teams formalizing security policies
ISO 27001:2022 relevance
- Annex A 5.9 - Inventory of information and other associated assets
- Annex A 5.10 - Acceptable use of information and other associated assets
- Annex A 5.11 - Return of assets
- Annex A 7.9 - Security of assets off-premises
- Annex A 7.14 - Secure disposal or re-use of equipment
How to customise
- - Define asset types covered (information, hardware, software, services).
- - Assign asset owners and acceptable use rules.
- - Reference the asset inventory and classification scheme.
- - Set the lifecycle process from acquisition to disposal.
Evidence auditors may expect
- - Asset inventory with owner and classification
- - Acceptable use acknowledgements
- - Return-of-assets records on leaver events
- - Secure disposal certificates
Auditor may ask
These are realistic questions an external auditor may use to test the control. Your answer must be supported by the evidence listed above.
Related ISO 27001 documents
Acceptable Use Policy
Rules for acceptable use of information and assets (Annex A 5.10).
Data Classification & Handling Policy
Classification scheme and handling rules (Annex A 5.12/5.13).
Statement of Applicability (SoA)
Lists all Annex A controls with applicability and justification. Mandatory under clause 6.1.3 d).
Risk Register Template (Excel)
Multi-sheet ISO 27001 risk register with scoring matrix. First sheet preview only - extra sheets unlock with the pack.
Access Control Policy
Logical and physical access management (Annex A 5.15).
Backup Policy
Backup scope, frequency, retention and restore testing (Annex A 8.13).
Get the editable Asset Management Policy
Buy this template on its own for $34, or unlock the full Document Pack for $99 (one-time).
