Asset management
🖥️

Asset management

An essential part of most of a management systems is to have a detailed asset management with their business requirements. As you might have discovered already, our Inventory overview already helps you with this by providing you a general asset inventory. On the asset management page we help you document some additional details of your assets, while distinguishing between your primary and supporting assets.

Asset overview

Primary assets are you core services/processes/data that are critical to your business. If there is any impact on these assets, your business will have an important financial or reputation impact. So they must be protected accordingly. Any document representing a core/primary asset can be added to the primary asset management module by clicking the 3 dots, and selecting "Add as primary asset"


Supporting assets are those assets that support the primary asset, and could have an impact on the primary asset if they are interrupted in some way.

Using our asset management page you will be able to document your primary assets and its responsible/accountable people, supporting assets, business requirements and related risks.


  1. Here you can create a new primary asset
  2. This search screen filters the list of assets
  3. This checkbox loads additional risk information (risk document properties and last reading) and adds a color to the different risks. (once this is loaded you can sort on Related risks)
  4. Here you can configure which columns of the table should be shown and export the list to Excel
  5. This column shows the primary asset name (clicking on it will open the asset document)
  6. This column shows the workbench checklist stage the primary asset has been added to (if applicable). You can quickly change its status from this dropdown
  7. This column shows the asset responsible (daily ownership), accountable (who takes ownership if a situation occurred), consulted (who can be reached out to for information or informed (those that just need to be informed)
  8. All tasks related to the primary asset are listed here, and details can be viewed by clicking on them
  9. The data shown in this column is auto-generated based on linked documents to the primary asset. On the add/edit primary assets screen you can modify which document types are shown in this column). By clicking on one of the supporting assets, the related document will open 
  10. This column lists all documents linked to the primary asset, giving you a quick overview on all related items in one place
  11. This is a free text field that defines the different business requirements of the primary asset (e.g. RTO, RPO, ...). You can find more details on this in the section Business requirements below.
  12. This column lists all risks related to the primary asset. When the checkbox (3) is enabled, you'll see more details of the risks, including a color indication about its importance

Add/edit primary assets

When you click on the "Add Primary Asset" button, you will be asked to provide the primary asset name. When you type a name, it will search for existing documents with a similar name in your Workspace that can be added as "Primary asset" using the LINK dropdown. When using existing documents, the supporting assets and related risks will automatically be collected and filled in based on the linked documents of the selected document.


In case you select CREATE, you will be shown an additional screen where you can define the document type, the title and other details related to the document type. (similar to when you create any document)


INFO
Remember that this document is created in the current folder you are in (which could be your personal INBOX). Later you can simply move it to another folder where it makes sense

The next screen will allow you to configure all the details of your primary asset. The same screen will be shown if you click the update primary asset (L) on the primary asset list screen


  1. This is the primary asset document you just created (or linked to)
  2. Here you can search for any document of type Employee, Consultant, Intern, Role (or create a new one) that will be responsible for the primary asset 
  3. Here you can search for any document of type Employee, Consultant, Intern, Role (or create a new one) that will be accountable for the primary asset (Consulted and Informed can also be configured in a similar way)
  4. This filter allows you to configure which document types are automatically linked as "Supporting asset" based on linked documents already present on the primary asset 
  5. Here you can still manually add/modify the supporting assets
  6. This is a free text field for which we give some additional guidance on the Business requirement section below
  7. This filter allows you to configure which document types are automatically linked as "Related risks" based on linked documents already present on the primary asset
  8. Here you can still manually add/modify the related risks
INFO
Documents you link using the above screen, will also appear as linked documents on the corresponding documents (making them a dependency)
CAUTION
The filter configured in (4) and (7) are global and will apply for all primary assets (not only for the current primary asset)

Business requirements

These requirements can be different depending on the management system you are trying to implement. Here we give an example of typical requirements for ISO27001 assets. You will typically need to organize workgroups with the different asset accountable (owners) to fully understand the requirements.

Confidentiality

This defines the level of discretion/privacy that is required for the primary asset (and therefore its supporting assets).

e.g. The personal data may not be accessed by unauthorised users

Integrity

This defines the level of integrity (or accuracy and completeness of data/information/process) that is required for the primary asset (and therefore its supporting assets)

e.g. The databases used for this service must ensure transactional accuracy

Availability

This defines the level of availability (having access when needed) that is required for the primary asset (and therefore its supporting assets)

e.g. The servers serving this process must be able to survive the full outage of 1/3 data centers

Proof

This defines the level of proof (documented evidence) that is required for the primary asset (and therefore its supporting assets)

e.g. The financial regulator requires that we store daily records of all transactions for this process

RTO

The recovery time objective (RTO) is the maximum acceptable time that an application, computer, network, or system can be down after an unexpected incident (disaster, failure, or comparable event) takes place.

e.g. Our SLA requires that this service is again online after 30min, otherwise this will be very costly to our company

RPO

The recovery point objective (RPO) is defined as the maximum amount of data – as measured by time – that can be lost after a recovery from an incident (disaster, failure, or comparable event) before data loss will exceed what is acceptable to an organization.

e.g. If we cannot restore data from at least 24h before the disaster, it will be fatal to our company

Regulatory

These can be specific requirements to the primary asset bound to geography, type of processing, type of data, ...

e.g. All processing of European data subjects is subject to GDPR regulation