Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

01) Does your organisation keep an up-to-date inventory of all IT assets with assigned owners?

August 30, 2022
IT Operations
Hardware Asset Database
CMDB

Answer yes if your organisation keeps an up-to-date inventory of all hardware and software assets within your IT estate, including cloud services. The inventory must list an owner against each asset. It should also list other details about the assets such as version numbers, business usage & location. Please include details in the notes.

The first step to implementing and maintaining an effective security programme is understanding what assets your company has to protect. Your company should therefore keep track of its physical hardware, its software, and all of its data assets (covered by the next control in this domain).

An inventory of all of your IT assets is a spreadsheet or database that lists all of the hardware and software assets within your organisation, and an owner who is responsible for each. It is important that the list covers all of your data carrying devices (if you don’t want it to you can leave out non-data carrying devices such as monitors and keyboards and mice).

An IT asset inventory helps to ensure that you keep track of all of your company devices and can help to reduce IT spend. It is also useful from a security point of view as it helps the security team to keep track of what devices need to be secured, helps them make sure that all of the company’s devices have up-to-date security configurations (the asset database is the first step to building a full CMDB, Configuration Management Database), helps to keep track of recovering devices from employees leaving the company (this is an integral part of your company’s joiners/moves/leavers process which is a key security control), and can help in an incident response scenario in the cleaning and recovering all of your company’s IT assets.

How to implement the control

For organisations that are small in size (up to 50 devices) an asset register can be implemented and maintained using an excel spreadsheet or Microsoft Access database.

A template excel spreadsheet for a small organisation can be requested at support@riskledger.com.

Microsoft provide an Access Asset Tracking Template which can be found here.

To help manage more devices you can use Asset Tagging software which allows you to tag assets with an RFID bar code, this is often an easy way of maintaining an asset register.

It is important to keep your asset register up to date. Make sure to add all new devices and software to the database when purchased and issued to staff, and make sure to remove any assets that are destroyed or software that is removed. Keeping an asset register continuously up to date is a lot easier than trying to build an asset register from an incorrect data set!

For larger organisations we would recommend using a dedicated piece of software. Most IT Service Management (ITSM) software suites include a feature to help manage and track IT assets.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.