ISMS Compliance
CyFun BasicIdentify

ID.AM-5: Resource prioritisation

Resources are prioritised based on their classification, criticality, and business value

IDENTIFYID.AM-5

Requirement

The organisation's resources shall be prioritised based on their classification, criticality, and business value.

Our Implementation

All organisational resources are prioritised based on classification, criticality, and business value. Criticality levels (Critical, High, Medium, Low) are assigned to all cloud providers and software tools in the asset inventories:

  • Critical: Supabase (primary database and auth), GitHub (source control) — 2 services
  • High: Vercel, Azure, AWS, Slack, Microsoft Teams, plus key operational tools — 12 services
  • Medium: Edge databases, AI providers, analytics, marketing tools — 16 services
  • Low: Ancillary tools (link management, SEO indexing, ad tracking) — 4 services

The data classification policy defines four sensitivity levels for information assets. Resource prioritisation drives decisions about backup strategies, monitoring depth, and security control investment.

Evidence

ImplementedL2 — Repeatable

ID.AM-4: External information systems

External information systems are catalogued

ID.GV-1: Cybersecurity policy

Organisational cybersecurity policy is established and communicated

On this page

RequirementOur ImplementationEvidence