When to use this
Use this register to authorize and track organization assets, information, software, or media taken outside controlled premises.
Related controls
- A.7.9 Security of Assets Off-Premises
- A.5.9 Inventory of Information and Other Associated Assets
- A.6.7 Remote Working
- A.5.11 Return of Assets
Register
| Asset/information | Asset ID | Custodian | Purpose | Location/jurisdiction | Authorization | Controls required | Removal date | Return/review date | Status |
|---|---|---|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD | Encryption/MDM/locked storage/none | TBD | TBD | Active/returned/overdue |
Authorization checks
- Asset is recorded in inventory.
- Information classification is known.
- Custodian has accepted responsibility.
- Required controls are implemented.
- Cross-border or jurisdiction risk is assessed where relevant.
- Return or review date is recorded.
- Template
- Iso27001
- Physical controls
- Off premises assets
Note Metadata
Aliases: Off Site Asset Register, Off-Premises Asset Register
Source: 90 Templates/Off-Premises Asset Authorization Register.md
Related Notes
- ISO 27001 A.5.11 - Return of Assets
- ISO 27001 A.5.9 - Inventory of Information and Other Associated Assets
- ISO 27001 A.6.7 - Remote Working
- ISO 27001 A.7.9 - Security of Assets Off-Premises
- A.7 Physical Controls MOC
- A.7.9 Audit Evidence Pack
- A.7 Physical Controls Implementation Guide
- A.7 Physical Controls Audit Guide
- A.7 Physical Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.7.9 Audit Checklist
- Off-Premises Asset Protection Checklist
- Templates MOC