The board of directors or executive committee understands the business criticality of their organisation’s systems, applications and data, including at least a basic understanding of what exists, their value, where they reside, who has access, who might seek access, how they are protected, and how that protection is verified.
Topic
Identifying critical business assets
Applicable to
Non Classified, Official, Protected, Secret, Top Secret
History
Mar 2025
The board of directors or executive committee understands the business criticality of their organisation’s systems, applications and data, including at least a basic understanding of what exists, their value, where they reside, who has access, who might seek access, how they are protected, and how that protection is verified.
A new control was added recommending that the board of directors or executive committee understands the business criticality of their organisation’s systems, applications and data, including at least a basic understanding of what exists, their value, where they reside, who has access, who might seek access, how they are protected, and how that protection is verified.