ISO27001 and Asset Tracking

[DHR]

Working in a company that's been given the remit to pursue ISO27001.

SCCM has been suggested to us as a "go to" asset/config management platform which will tick a lot of the required ISO boxes once policies have been written around that?

Are there any alternatives? Is it something you'd recommend? Any other advice going into it?

 

[Ev0]

Tends to be SCCM, Landesk or Bigfix I’ve seen in that area. Can often depend on what technologies you’re having to manage as to what’s the best fit.

There’s a ‘client management tools’ Gardner MQ to look at to get some other vendor names.

 

[DHR]

Great info thanks, Gartner's one of those things I always forget about until someone mentions it

 

[Conanius]

It really depends what you are trying to do, and at what scale.

No ISO standard or ITSM framework states your CMDB must be some huge Gartner top right toolset. I say this as someone who has worked in many ISO20k and 27001 environments, both from a handful of people in a couple of offices up to 100k+ employees across nearly every continent and country.

By saying SCCM, I assume you’re after a level of auto discovery. Is that because your environment constantly changes?