Help Center
News
Help Center
News
Sign in
Document
Documents & PoliciesQuestionnairesControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterFrameworksRecord of Processing Activities (ROPA)Exporting your ROPAVendorsImpact Assessments (IA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
DPIA
Assessments
ROPA
Assets
Create an asset groupBrowse assetsCreate an assetEdit an assetAsset detail pageBrowse asset groupsEdit an asset group
International Standards & Frameworks
TOMs & Controls
Categories & Attributes
Data Collection Points
Legal Basis
Legitimate Interest
Documents & Policies
Retention & Deletion
Data Flow
Vendors
Questionnaires
Manage
Process Risk OverviewData Flow Map
Dashboards
AI Assistance & Automation
Projects
Tasks
Meetings & Activities
Workflows & Automations
Reporting
React & Resolve
TasksProjectsIncidents & BreachesData Subject Requests
Risk Scenarios & Treatments
Incidents & Breaches
Release Notes
Q2 2026
Q1 2026
Q4 2025
Q3 2025
Q2 2025
Q1 2025
Q4 2024
Q3 2024
Q2 2024
Q1 2024
Q4 2023
Q3 2023
Q2 2023
Q1 2023
Q4 2022
Q3 2022
Getting Started
Quickstart GuideQuestionnairesTasksProcess Risk OverviewIT SettingsFrameworksThe Information Security / Asset Risk ModelData Subject RequestsDownloading an elementLegitimate Interest DocumentationsAssigning Audiences to ElementsDocuments & PoliciesControls & Technical and Organizational Measures (TOMs)General SettingsCreating attributes that fit your industryDocument list for onboardingThe Data Protection Risk ModelIncidents & BreachesProjectsManaging audiencesAdd documents to vendorsHow to answer an assessment/questionnaireSetting up the first organization or companyData Collection Point (DCP)Use AI to create elementsSetting Risk models in General SettingsSharing ElementsHow can a user change the language?Data Flow MapRecord of Processing Activities (ROPA)Time MachineCreate and evaluate assessments Company Widget FeatureAsset RegisterVendorsImpact Assessments (IA)Creating organizational unitsExporting your ROPAMeetings & ActivitiesTerms for legitimate processingRetentions & Deletions PeriodsHow to create a new user and how to change the password for loginReport ExplorerMaturity modelAdding risk scenarios to assets or asset groupsRelevant Risk SzenariosPriverion GRC Platform overviewDocument list for onboardingHow can a user change the language?Setting up the first organization or companyCreating attributes that fit your industry
User account
Sharing & Group functions
Features
How-To Guides & Tips
Get Help
Legal
Settings
General Settings
Compliance settings
Identity and access management
IT Settings
Risk Settings

Asset detail page

Review risks, TOMs, standards and linked elements of an asset.

Asset Detail Page

The Asset Detail page is your single, consolidated view of everything DPMS knows about one specific asset — whether that asset is a CRM system, a cloud database, a business process, or a physical device. Rather than piecing together risk posture from half a dozen separate modules, compliance officers, DPOs, risk managers, and IT administrators can open this one page and see the asset's risk standards, current risk scores, implemented controls, treatment plans, linked assessments, external vendors, data deletion tasks, access controls, and workflows all in one place. It is the operational hub of asset-level risk management in DPMS: almost every risk-related action for an asset starts or ends here.

How to open it

Navigate to the left sidebar and click Assets. On the asset index list, click any row. DPMS takes you directly to that asset's detail page. You need at least read access to assets to reach this screen — users without that access will not see the Assets menu item at all. If you navigate directly to the URL without the required read permission, DPMS returns an access-denied page.

To edit anything on this page (change status, update fields, link objects), you additionally need edit access on assets.

Screenshot

What you see

The page is divided into two main areas. On the left is a collapsible side menu — a vertical list of tabs that lets you jump between the major sections of the asset record. You can collapse this menu with the small arrow icon if you need more horizontal space; it reopens the same way. The tabs that appear depend on whether the asset has risk standards assigned and whether it belongs to any asset groups — if not, the risk-related tabs are hidden.

Across the top of the right-hand content area runs a breadcrumb bar. It shows the section name ("Assets") as a clickable link back to the index, a chevron, and then the asset's own name. To the right of the name are two small arrow icons — left and right chevrons — that let you move to the previous or next asset in whatever filtered list you arrived from. This means you can review a batch of assets one by one without returning to the index each time. A back arrow in the top-left corner returns you to wherever you came from.

The header block in the top-right of the content area stays visible no matter which tab you are on. It shows the responsible person(s), the current status dropdown, the last-updated date, and the last-reviewed date. These are the most frequently changed fields and are always accessible without scrolling. Below the header, the main content card changes according to whichever side-menu tab is active. The General tab is shown by default when you first arrive.

Working with this screen

Reviewing and editing the asset's core information

When you first land on the page, the General tab is open. This card shows the asset's name, type, description, location, country, risk owner, applicable regulations, and external URL. Everything here is read-only until you take action.

To make changes to any of those fields (except the description), click the pencil icon in the top-right corner of the General card. DPMS takes you to the asset edit form, already open on the General tab, where you can update the name, type, location, country, risk owner, or external identifier.

If you only need to update the description, you do not have to go to the edit form at all. Click directly into the description field on the detail page — it becomes an editable rich-text area. Type your changes and click the small Save button that appears alongside it. DPMS saves the new description immediately and returns the field to read-only mode. This inline save is the quickest way to keep descriptions current without touching any other field.

If the asset has an external URL (for example, a link to the live system or a documentation page), you will see two small icons next to it: one copies the URL to your clipboard, and the other opens it in a new browser tab.

To change the asset's status (for example, from Draft to Active), use the status dropdown in the header at the top of the page. Selecting a new value saves it immediately — there is no separate Save button for status changes. To change the responsible person(s), use the person-picker in the same header block. Adding or removing someone saves immediately too.

Understanding and managing risk

The risk tabs in the side menu are only visible when at least one risk standard has been assigned to the asset. If you open an asset and see no risk tabs, check the Standards & Groups edit tab first (click the pencil icon in the Risk card) to assign the asset to a risk standard or group.

Checking which standards apply. Click the Risk tab in the side menu. This card lists every risk standard the asset is enrolled in, with a coloured priority icon and a current risk score for each (for example, "Score 12/25" with a yellow icon indicating medium risk). This gives you the top-level answer to "what is this asset's risk right now?" before you drill any further.

Reviewing the mitigation threshold. Click the Threshold sub-tab. The threshold is the cut-off score above which a risk scenario must be actively mitigated. The slider shows the colour-coded risk bands for the selected standard and marks where the threshold sits. If you want to change the threshold, click the Edit button and DPMS takes you to the threshold edit form. If you want to review the underlying risk model configuration (for example, to understand how the likelihood and damage scales are defined), click the Risk model settings button next to the standard name — this takes you directly to the risk model configuration page in the Settings area.

Viewing risk scenarios and the current risk score. Click the Risk Scenarios sub-tab. Here you see a table of all risk scenarios linked to this asset for the selected standard. Each row shows the scenario name, its current risk score (priority icon plus numerical value), and the list of implemented TOMs with their own scores. If a scenario shows "Score missing information," it means that the likelihood and damage values for the implemented controls have not yet been set.

To set or update those values, click the pen icon in a scenario's row. DPMS takes you to the "Current asset risk" edit form for that scenario, where you can assign likelihood and damage values to each TOM. You can also use the Quick fill-out row at the top of that form to apply the same values to all TOMs at once. Once saved, the updated risk score appears in the Risk Scenarios table.

Use the Display Logs toggle at the top of the table if you want to see who last changed each row and when — useful during audits or when reviewing recent activity.

Checking implemented controls. Click the Implemented TOMs sub-tab. This table shows the technical and organisational measures currently linked to the asset's risk scenarios. If you want DPMS to automatically link all controls that the risk model considers relevant, click Link all relevant. DPMS will connect all matching TOMs from the TOM library. If no relevant TOMs are configured in the library, you will see an information message with a link to the Controls & TOMs index so you can set up the relevance relationships there first.

Reviewing treatment options. Click the Treatment Options sub-tab. This shows every risk scenario that currently exceeds the mitigation threshold, together with the suggested TOMs for each and their estimated implementation costs. This is the decision surface for a risk manager: which scenarios need action, and what are the proposed solutions?

Creating or opening a treatment plan. Click the Treatment Plan sub-tab. If no plan has been created yet, you will see a Create Treatment Plan button. Click it to go to the treatment plan edit form, where you can record your organisation's formal decision on how to handle each scenario above the threshold (accept the risk, implement specific controls, insure against it, or stop the activity). Once a plan exists, the button label changes to Open Treatment Plan. Below the button, a history table shows all previous plans with their dates, approvers, and approval timestamps. Click any row to view that version of the plan in full.

Heads up: The Create Treatment Plan button is greyed out if all risk scenarios are currently below the threshold. This is expected behaviour — a treatment plan is only needed when at least one scenario exceeds the limit. If you expect the button to be active but it is not, check the threshold setting in the Threshold sub-tab.

Switching between asset view and group view. If the asset belongs to an asset group, you will see an Asset view / Groups view toggle in the header area. When switched to Group view, all the risk tabs (threshold, scenarios, TOMs, treatment plan) show the group's shared risk data rather than this asset's individual data. This is useful when a group manager wants to assess collective risk across all assets in the group. When switched back to Asset view, you see only this asset's data. DPMS remembers your last choice even after a page refresh.

Copying risk data from another asset

If this asset is similar to an existing one and should share the same risk setup, you can copy scenarios and controls across instead of re-entering them. On the Risk Scenarios sub-tab, click the Copy button. DPMS opens the copy panel where you can choose whether to copy implemented TOMs, suggested TOMs, or both (both are on by default). Select the source asset from the table and click Save. After a confirmation step, DPMS duplicates the risk scenarios and TOMs from the source asset into this one. This is especially useful when onboarding a new asset in a well-known category.

Linking assessments and external recipients

Assessments. Click the Assessments tab. This shows any questionnaires, DPIAs, or other assessments already linked to the asset. To add one, use the Link button in the table's toolbar, search for the assessment, select it, and save. Linking an assessment can trigger a risk re-evaluation if the assessment contains questionnaire data — DPMS will prompt you if any confirmation is needed.

External recipients (vendors). Click the External Recipients tab. This table lists the third parties (vendors, processors, controllers) that receive or process data from this asset. To add one, click Link, search for the vendor, select the row, and save. The table shows the vendor's name, classification (e.g. Processor), type, and country. Keeping this list accurate is important for GDPR Article 30 compliance, as it documents data flows to external parties.

Reviewing data deletion tasks

Click the Data Deletion Tasks tab to see the retention and deletion tasks linked to this asset. Each row shows the task's coordinator, due date, and status. This view is read-only on the detail page; use the edit form to add or modify deletion tasks.

Managing access

Some assets are sensitive enough that visibility should be restricted to specific named users or defined audience groups, even within a team that already has general read access. Click the Manage Access tab to see who has been granted specific access to this asset. This list is read-only here; open the edit form to change it.

Triggering workflows

Click the Workflow tab to see the workflow configurations for this asset and trigger review or approval processes. This is where a DPO or compliance officer initiates a formal review cycle, which will send notifications to the responsible persons listed in the header. If no responsible person is set on the asset, workflow completion is not possible — set the responsible person in the header first.

Field reference

Description (General tab) — A rich-text description of the asset's purpose, content, or risk context. You can edit this inline on the detail page without going to the edit form. There is no character limit, but concise descriptions are easier for reviewers to process. Leave it blank when the asset name is fully self-explanatory, but a description is strongly recommended for audit readiness.

Status (header) — The lifecycle stage of the asset. Common values are Draft, Active, Inactive, and Review, though your organisation may have configured additional custom statuses. Changing this value takes effect immediately. Moving an asset to "Active" signals it is production-ready and in scope for monitoring.

Responsible person(s) (header) — The person(s) accountable for this asset. They receive workflow notifications, deadline reminders, and risk threshold alerts. At least one responsible person must be set before workflows can be completed.

Risk standard / model — The framework (e.g. an ISO 27001-based asset risk model or a GDPR privacy risk model) used to calculate the asset's risk score. An asset can be enrolled in multiple standards. Assign or change standards via the edit button in the Risk card.

Mitigation threshold — The numerical score above which a risk scenario must be addressed in a treatment plan. Set per-standard and optionally overridden per-asset in the Threshold edit form.

How this connects to the rest of DPMS

The Asset Detail page is a central hub that both receives information from and sends information to many other parts of DPMS. Understanding these connections helps you work more efficiently.

What depends on this page: The current risk score you set here (by entering likelihood and damage values for implemented TOMs) feeds directly into the asset group's aggregate score, the ROPA risk summary for any ROPA linked to this asset, and any assessment that references the asset. In other words, keeping the risk data on this page current improves the accuracy of risk reporting everywhere else in DPMS. The treatment plan workflow is only available once a valid mitigation threshold is configured — without a standard and a threshold, the Treatment Plan tab shows no actionable button. Workflow notifications sent from the Workflow tab are addressed to whoever is listed as the responsible person in the header; if that field is empty, notifications cannot reach anyone.

Where to go next: After reviewing or updating an asset's risk posture, typical next steps are to open the treatment plan, navigate to linked assessments to verify they are complete, review the External Recipients list for GDPR Article 30 compliance, and check that all data deletion tasks are on track. You can reach any of those areas directly from the tabs on this page. If you need to update the risk model configuration (for example, to change the likelihood scale), the Risk model settings button in the Threshold tab takes you there without navigating through the Settings menu.

Tips & common pitfalls

Heads up: If almost all the risk tabs are empty or hidden when you open an asset, it almost certainly means no risk standard has been assigned yet. Look for the orange warning banner at the top of the screen and click the edit button in the Risk card to assign a standard. Without a standard, the Threshold, Risk Scenarios, Implemented TOMs, Treatment Options, and Treatment Plan tabs either show warnings or do not appear at all.
Tip: The Asset view / Groups view toggle only appears when the asset belongs to at least one asset group. If you expect to see group-level risk data but the toggle is missing, the asset needs to be added to a group first via the Standards & Groups edit tab.
  • "Score missing information" on a risk scenario means that neither likelihood nor damage has been set for the implemented controls. Click the pen icon in that scenario's row to open the Current Asset Risk edit form and fill in the values. If the scenario has no implemented TOMs at all, the warning icon appears instead. In that case, link TOMs first via the Implemented TOMs tab, then return to set the values.
  • The Link all relevant button may show an informational message instead of linking anything. This happens when the TOMs in the library have no "relevance" relationship configured with this asset's risk scenarios. The relevance relationship is set on each TOM's own detail page. The info message includes a direct link to the Controls & TOMs index so you can update the settings there.
  • Edit buttons appear greyed out and show a tooltip. This means you have read access but not edit access on this asset. Contact your DPMS administrator to request the appropriate permission.
  • All edit buttons are suddenly greyed out even though you had them before. A background risk recalculation job is likely running. DPMS locks editing during recalculation to prevent data conflicts. Wait a moment and refresh the page — the buttons will re-enable once the job completes.
  • The previous/next navigation arrows are greyed out. You are either at the first or last asset in your current filtered list. Return to the index to change your filter or sort order.


Was this article helpful?

English
Powered by Product Fruits