Professional Documents
Culture Documents
(Internal)
REFERENCE:SR 11.0
REVISION: 1.0
LAST UPDATED ON: 10.08.14
ISSUED BY
REVIEWED BY
APPROVED BY
Name:
Muhammad Al Amassi
Dirk Doerrschuck
Title:
Quality Management
Representative/ QMR
Director Professional
Services
CEO/ President
Date:
10.08.14
10.08.14
10.08.14
Signature:
Reference:
SR 11.0
Rev:
1.0
Last Updated
10.08.14
DOCUMENT INFORMATION
Information Asset Valuation Procedure
Document Title
Document Status
Document Version
Document Classification
Document Owner
Printing Allowed
Distribution Restriction (s)
Copyright / IPR Note
Annexures / References
Approved
1.0
Internal
Director BU-ICT
Yes
Property of DETASAD (Detacon Al Saudia)
Revision History
Date of Update
Updated by
Major Changes
Updated Version
10.08.14
Mohammad Al
Amassi
Document Baselined
1.0
Page 2 / 8
Reference:
SR 11.0
Rev:
Last Updated
1.0
10.08.14
1.1
The document expresses the procedural steps and guidance required to perform Information
Asset Valuation.
The document is applicable on departments and processes involved in processing and
handling of classified information and information assets, i.e. BU-ICT, Financial Affair and
Human Resource and Administration Department.
1.2
2. PROCESS ROLES
ROLE
RESPONSIBLE FOR
Director BU-ICT
ISMS
Information Asset
Process
Risk Assessment Team
Asset Valuation Criteria
Document Title
Document Owner
Document
Location
Document
Retention
Page 3 / 8
Reference:
Rev:
Last Updated
SR 11.0
1.0
10.08.14
5. PROCESS FLOW
Start
Inventory of
Information Asset
(Worksheet 1)
Enter Asset ID
and
Appropriate
Classification
Identify Asset
Owner
Inventory of Asset
Performing Asset
Valuation
(Worksheet 2)
Give
Appropriate
CIA Criteria
Identify the
Asset and its
Category
Asset Value is
Higher Than
Normal
Information Asset
Risk Management
Value of Asset
Asset Value is
Normal
Risk Management
Procedure
End of Process
Page 4 / 8
Reference:
SR 11.0
Rev:
1.0
Last Updated
10.08.14
6. PROCESS STEPS
Input (s)
- Scope of ISMS
- Identified Processes
- Index of Classified Information
Steps Activities
Inventory of Information Assets
1.
Identify the information asset to be assessment for risks, and enter it in
Worksheet 1 of Asset and Risk Management Tool.
2.
3.
4.
Note:
a. Information assets can be identified as One Group, but the inventory
of information assets must identify them as the said group.
b. Worksheet 1 is an inventory of Information Assets with their
relation and criticality with Classified Information Defined.
c. Information Asset columns requires brand name and model of the
information asset under question.
Enter the information asset type.
Note: type refers to whether asset is a computer, network switch, laptop,
server, etc.
Select the Classification Level of the highest level of classified
information being processed.
Note:
a. The criticality of an information asset is determined on the basis of
the highest level of classified information being processed in it.
b. Refer to Information Classification and Labelling Procedure for
classification of information.
Provide the assets Asset ID in the appropriate column.
Entry Criterion
- New Identified
Information Assets
- Information Asset to
be Valuated
Responsible Role
Risk Assessment Team
Page 5 / 8
Reference:
Rev:
1.0
Last Updated
16.
Output(s)
- Information Asset Valuation
- Identification of Information Asset Class
SR 11.0
10.08.14
NA
KPI
TARGET
RESP.
FREQUENCY OF
MEASUREMENT
NA
NA
NA
NA
Page 6 / 8
Reference:
Rev:
Last Updated
SR 11.0
1.0
10.08.14
8. Procedure Checklist
No.
Activity
Identify the information asset to be assessment for risks, and enter it in Worksheet
1 of Asset and Risk Management Tool.
Enter the information asset type.
Verified?
5
6
7
8
9
10
11
12
13
14
15
16
17
Page 7 / 8
Reference:
Rev:
Last Updated
SR 11.0
1.0
10.08.14
Confidentiality Criteria
Integrity Criteria
Availability Criteria
Page 8 / 8