Erwägungsgrund 23

Asset handling should involve classifying assets by their type, sensitivity, risk level, and security requirements and applying appropriate measures and controls to ensure their availability, integrity and confidentiality. By classifying assets by risk level, the relevant entities should be able to apply appropriate security measures and controls to protect assets such as encryption, access control including perimeter and physical access control, auditing, backups, logging and monitoring, retention and disposal. When conducting a business impact analysis, the relevant entities may determine the classification level based on the consequences of disruption of assets for the entities. All employees of the entities handling assets should be familiar with the asset handling policies and instructions.

Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!