~5-page checklist covering 11 categories of information asset
 
Control 5.9 in ISO/IEC 27002:2022 recommends an inventory of information assets that should be “accurate, up to date, consistent and aligned with other inventories”.  Fair enough, but what are 'information assets'?  The standard refers enigmatically to "information and other associated assets" that an organisation’s Information Security Management System protects.
 
The SecAware checklist takes a deliberately wide perspective on information assets in order to set you thinking about the potential scope, purpose and focal points of your ISMS.  You may feel that certain items on the checklist are irrelevant ... or the checklist might just open your eyes to entire categories of valuable information that you hadn't even considered.  Whether they end up in or out of scope of your ISMS is for you and your management colleagues to determine. We're simply giving you food for thought.
 
Supplied as an editable MS Word document, readily customised for your organisation's specific situation.