T1.2.1 - INVENTORY OF ASSETS Implementation Guidance
The entity shall maintain an inventory list of all its information assets.
Back to T1.2.1 - P2 - INVENTORY OF ASSETS
An entity should identify assets relevant in the lifecycle of information and document their importance. The lifecycle of information should include creation, processing, storage, transmission, deletion, destruction, protection. Documentation should be done in dedicated or existing inventories as appropriate and includes asset data such as type of asset, location, backup information, related licenses, and its importance / criticality.
The asset inventory should be accurate, up to date, consistent, and aligned with other inventories such as inventories in Enterprise Asset Management and Enterprise Resource Planning (ERP).
Here is a list of inventory assets that might be considered including, but not limited to:
HARDWARE - SERVER
- Laptops, workstations, storage, security devices (firewall, IDS / IPS, anti-spam, etc.)
NETWORK
- Routers, gateways, switches, Wireless Access Points, network segments (e.g. cabling and equipment between two computers), Others (SAT, Laser)
PEOPLE
- Chief Technology / Information Director
- Information Technology Manager
- Database Development & Administration (manager, analyst, architect, administrator etc.)
- Programming / Software Engineering (manager, engineer, programmer, tester etc.) Back
OFFICE APPLICATIONS
- Financial control, customer care, logistics, ERP, CRM, Email
CLIENT FACING APPLICATIONS
- E-commerce, Internet Service Provisioning – Static, Public IP addresses, DNS services, Registration and management, Email service provisioning, and Web portals
DATA AND INFORMATION
- Customer personal data, customer financial data, entity’s employee personal and
financial data
FACILITIES
- Headquarters, secondary premises, branch offices, offices, and data centers
