Checklist of ISO/IEC 27001-A.8.1.2 Ownership of assets


Information assets are vital components of an organization’s operations, and their security is of paramount importance. 

Therefore, it is necessary to ensure that all critical information assets have appropriate accountable owners who can analyze and treat associated information risks. 

This article aims to provide a checklist for organizations to follow to check for ownership of assets and ensure that their obligations are clearly defined throughout the information lifecycle.

Sample Checklist:

  • Check for critical information assets that do not have assigned owners.
  • Verify that obligations are clearly defined for all accountable owners, including their roles in analyzing and treating associated information risks.
  • Review the process of assigning ownership to critical assets created or acquired and verify that it happens in a timely manner.
  • Check for evidence of ongoing ownership assignment for all assets.
  • Ensure that all assets are appropriately tagged and that asset tags and owners are referenced in the asset register.
  • Verify the organization’s ownership or control of assets, including any liabilities that may arise from security incidents affecting leased assets.
  • Ensure that there are processes in place to review and update ownership and associated obligations for all critical assets regularly.


Organizations must have appropriate accountability for all critical information assets to ensure their security throughout their lifecycle. 

The checklist provided in this article can be a useful guide for organizations to ensure that all assets have accountable owners, and their obligations are clearly defined. 

By verifying ownership and associated obligations, organizations can ensure that they are adequately managing information risks and minimizing the likelihood of security incidents affecting their critical assets.

See also  Checklist of ISO/IEC 27001-A.18.1.3 Protection of records

Leave a comment

Your email address will not be published. Required fields are marked *