Help Center
News
Help Center
News
Getting Started
Compliance Settings
IT Settings
Risk Settings
Modules
Document
Documents & PoliciesAssessmentsControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterInternational StandardsRecord of Processing Activities (ROPA)Exporting your ROPAVendorsData Protection Impact Assessments (DPIA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
Manage
React & Resolve
Sharing & Group functions
Assessments
Features
How-To Guides & Tips
Get Help
Release Notes
Legal

Asset Register

Overview

To process personal data properly, various assets are required.

Assets are all resources used to process data, such as software, databases, personnel, or data centers. They can also protect personal data from loss, damage, unauthorized access, or other risks. Therefore, security measures like firewalls are also classified as assets.

Asset Register

This is a complete record of all your assets in the field of data protection and information security. These are categorized by status: All, Active, Draft, Inactive, and Review. Additionally, you can filter assets by standards by selecting the preferred standard from the dropdown list. The search bar's filtering functionality allows you to look for specific assets and customize your view accordingly.

The Asset View provides a clear overview of essential information for each asset, including:

  • Name: The name of the asset.
  • Managed by: The company responsible for managing the asset.
  • Type: An organizational tag, such as software, hardware, or database.
  • Locations: The physical or virtual locations of the asset.
  • Group(s): The groups to which the asset belongs.
  • Asset Owner: The person responsible for managing the asset.
  • Risk Owner: The person responsible for assessing and managing risks related to the asset.

Asset Groups

Assets can be grouped to simplify management. You can switch between the Asset View and the Group View on the overview page using the toggle at the top right.

The Group View provides a summary of the following details:

  • Name: The name of the group.
  • Current Risk: The current risk associated with the group.
  • Risk After Mitigation: The remaining risk after implementing measures.
  • Assets with Asset Specific Risks: The number of assets within the group with individual risks.
  • Group Owner: The person responsible for managing the group.
  • Group Risk Owner: The person responsible for assessing and managing risks at the group level.

To view the assets within a group, click on the group. Then, click on the group name at the top to navigate to the Asset View filtered by that specific group.
Alternatively, you can use the Groups filter in the search bar within the asset view to select the desired group.

Creating a new Asset

As with every element, you can create the Asset manually or download a shared one from the organization. This guide focuses on manual creation. To learn more about downloading elements, read the corresponding guide.

To create a new asset, click Create and select Create Asset.

  • Assign a responsible person and specify the current status of the asset.
  • Provide a unique name for the asset.
  • Assign the asset to a type, such as software or data center. Types act as organizational attributes and can be selected or created as needed.
  • Provide a detailed description of the asset, its location, and the country. Optionally, add a custom ID number.
  • Assign a risk owner responsible for risk options and treatment. If the risk owner has delegated their authority, specify the responsible person above and the risk owner below.
  • Click Save once all the information has been entered.

Creating a New Asset Group

To create an asset group, click Create and select Create Asset Group. Enter the required details and click Save.

Adding Assets to a Group

To combine various assets into a group, follow these steps:

  • In the Asset View on the overview page, select all assets you want to group by checking their boxes.
  • A black bar will appear at the top right. Click Set Group/Standard.
  • Select the preferred group from the list.
  • You can add the assets to the scope of one or multiple standards. In such case, you can monitor, assess and treat risks based on the standard's risk model.
  • Save your changes.

Assets can also be added individually to groups via their respective Edit Page under the Risk tab.

Editing an Asset

General

You can find general information about the asset on the overview page. When you click on a particular Asset, you are provided with more detailed information that you may update by clicking the Edit button.

As with most elements, you can set the Group Sharing, manage its Access, or write notes by clicking the Notes button on the right.

Click on the blue menu icon at the top left to expand the menu; you can then select the different tabs to edit.

Tip: Click on the arrow next to the asset's name at the top to easily navigate through the assets and edit them one by one – for simple and efficient handling.

Tasks

The tasks linked to your Asset are on the Tasks tab. To link a task to the Asset, choose one from the library with the Add button. To create new tasks, follow the steps in the Tasks guide.

Assessments

Depending on the Asset, you may want to link or conduct an assessment.

If you have already created an assessment, click the Add button and choose the ones you want to link. Otherwise, you may also create new ones. To learn more, you can follow the guide on Assessments.

Vendors

It is essential to track the "data flow" for several purposes. One should record where personal data comes from, what is done with it, and where it flows. Under the Vendors tab, you will comply with the latter. The tab shows all the third-party recipients and lets you choose new ones with the Add button.

Regarding the Asset register, it's essential to link all vendors in the context of the particular Asset. If an Asset relies on or uses an external vendor that receives personal data, you must link it to that Asset.

If the vendor is not in your library yet, you can create a new one by clicking the Create button. The Vendors guide will help you with that.

Risk

Each asset is subject to one or more types of risks. To ensure data protection compliance, it is important to consider the risk scenarios threatening each asset. This enables you to develop and implement the necessary technical and organizational measures to minimize the likelihood and damage of these risks.

First, click on Edit.

By adding this asset to a group, the following parameters will be managed at the group level:

  • Risk Scenarios
  • Implemented TOMs
  • Current Asset Risk
  • Risk Treatment Options
  • Risk Treatment Plan

Add the asset to the scope of one or multiple standards.

Lastly, you have the option to enable asset-specific risk management, allowing you to add asset-specific risk parameters in addition to the group parameters.

Click Save to return to the management page, where you will find various tabs under Risk.

​Standard

If you have specified multiple standards, select the standard under which you want to manage the risks. If you previously enabled asset-specific risk management and want to manage only this asset, switch from "Group" to "Asset."

Threshold

Under the Threshold tab, you will see the model for the relevant standard. Below is the threshold for risks to be mitigated. Everything above this score needs to be treated. You can adjust the threshold by clicking on Edit.

Scenarios

Click Add to include all risk scenarios relevant to this asset.

Implemented TOMs

Under the Implemented TOMs tab, you can now add the implemented Technical and Organizational Measures to the previously identified risks. Click on the icon under TOMs and select the appropriate measures from the list. If you want to add TOMs that are not yet included in the library, you can refer to the Controls & TOMs guide for more information.

Current Asset Risk

Under the next tab, you can specify the current asset risk with the already implemented TOMs. To do this, click on the small icon under "Current Risk of Scenario".

You will be redirected and can then set the likelihood and damage levels of the scenario after the implementation of the measure.

Treatment Options

Under the Treatment Options tab, you will see a graph of the set threshold. Only risk scenarios with a score above the applicable threshold must be treated. To do this, click on the small icon.

You can then select as many TOMs as needed and determine the likelihood and damage after their implementation. In the fourth field, you can specify the estimated implementation costs. Choose as many measures as necessary.

Treatment plan

The next step is to create a treatment plan: 

  • Click on Create Risk Treatment Plan.
  • You can decide whether to implement or ignore each proposed TOM. If you choose to implement, you must set a deadline. If not defined, the default deadlines in the risk settings apply.
  • On the left, you can also indicate if the residual risk should be insured or if the process (i.e., the asset) should be stopped entirely.
  • Click on Temporary save to adjust the treatment plan later. Clicking Finalize will send it to the implementation phase. It can then be viewed at any time under the tab but cannot be changed anymore.

Treatment Status

Under the Treatment Status tab, you will see the TOMs to be implemented. Click on the small icon to change the implementation deadline.

Editing an Asset Group

Editing is the same for asset groups as it is for individual assets.

When you switch to Group, you can use the dropdown to select from all the groups the asset belongs to for editing. Below are three additional tabs for Tasks, Assessments, and Vendors that apply to the entire group.

Workflows

View an overview of existing workflows or trigger a new one under the corresponding tab. For more detailed information about workflows, refer to the relevant guide.


 

 

Was this article helpful?

English
Powered by Product Fruits