OK heres a big one unless you are a small company you will have a lot of information assets, your IT infrastructure, your mobile phones, your databases, paper records, financial records, email systems and everything else and that’s just a minimum.
You need to document your information assets, designate responsible owners and classify it in order to decide how to protect it. For most undertaking this task this is not a small job and will invite a further onerous task – the risk assessment.
Owners should ensure assets are inventoried, classified and protected. They need to conduct reviews to ensure classifications and restrictions are appropriate and ensure that deletion/destruction is carried out in a timely secure manner.