Help Center
News
Help Center
News
Sign in
Document
Documents & PoliciesQuestionnairesControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterFrameworksRecord of Processing Activities (ROPA)Exporting your ROPAVendorsImpact Assessments (IA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
DPIA
Assessments
ROPA
Assets
Create an asset groupBrowse assetsCreate an assetEdit an assetAsset detail pageBrowse asset groupsEdit an asset group
International Standards & Frameworks
TOMs & Controls
Categories & Attributes
Data Collection Points
Legal Basis
Legitimate Interest
Documents & Policies
Retention & Deletion
Data Flow
Vendors
Questionnaires
Manage
Process Risk OverviewData Flow Map
Dashboards
AI Assistance & Automation
Projects
Tasks
Meetings & Activities
Workflows & Automations
Reporting
React & Resolve
TasksProjectsIncidents & BreachesData Subject Requests
Risk Scenarios & Treatments
Incidents & Breaches
Release Notes
Q2 2026
Q1 2026
Q4 2025
Q3 2025
Q2 2025
Q1 2025
Q4 2024
Q3 2024
Q2 2024
Q1 2024
Q4 2023
Q3 2023
Q2 2023
Q1 2023
Q4 2022
Q3 2022
Getting Started
Quickstart GuideQuestionnairesTasksProcess Risk OverviewIT SettingsFrameworksThe Information Security / Asset Risk ModelData Subject RequestsDownloading an elementLegitimate Interest DocumentationsAssigning Audiences to ElementsDocuments & PoliciesControls & Technical and Organizational Measures (TOMs)General SettingsCreating attributes that fit your industryDocument list for onboardingThe Data Protection Risk ModelIncidents & BreachesProjectsManaging audiencesAdd documents to vendorsHow to answer an assessment/questionnaireSetting up the first organization or companyData Collection Point (DCP)Use AI to create elementsSetting Risk models in General SettingsSharing ElementsHow can a user change the language?Data Flow MapRecord of Processing Activities (ROPA)Time MachineCreate and evaluate assessments Company Widget FeatureAsset RegisterVendorsImpact Assessments (IA)Creating organizational unitsExporting your ROPAMeetings & ActivitiesTerms for legitimate processingRetentions & Deletions PeriodsHow to create a new user and how to change the password for loginReport ExplorerMaturity modelAdding risk scenarios to assets or asset groupsRelevant Risk SzenariosPriverion GRC Platform overviewDocument list for onboardingHow can a user change the language?Setting up the first organization or companyCreating attributes that fit your industry
User account
Sharing & Group functions
Features
How-To Guides & Tips
Get Help
Legal
Settings
General Settings
Compliance settings
Identity and access management
IT Settings
Risk Settings

Browse asset groups

Manage logical groupings of assets that share risk evaluations and controls.

Browse Asset Groups

The Asset Groups screen is the central hub for managing logical collections of information assets in your organisation. Instead of assessing every individual system or database on its own, you bundle related assets into a group and then run risk evaluations, attach compliance frameworks, and manage treatment plans once at the group level — results flow down to each asset in the group automatically. DPOs, Information Security Managers, risk managers, and compliance coordinators all come here regularly: to see at a glance where risks are concentrated, to drill into a specific group's treatment plan, or to create a new grouping that reflects a business process.

How to open it

Navigate to Assets → Asset Groups in the main left-hand sidebar. The screen is available to any user who has been granted read access to asset groups. If you hold only an edit permission but not read access, DPMS will show a "Forbidden" page instead of the list. Users who are restricted to viewing only their own assigned groups will see a filtered list containing just those groups.

Screenshot

What you see

When you arrive, the main content area is a clean, sortable data table. Each row is one asset group, and clicking anywhere on a row opens that group's detail view. Above the table sits a search-and-filter bar that lets you narrow the list by name, type, responsible person, country, or other attributes. In the top-right corner, users with create or edit access will see a Create button — if you only have read access, this button is hidden.

Each row in the table shows several columns at once: the group's name, its type tags, the responsible persons, a colour-coded current risk indicator (a bolt icon that turns red for high risk, amber for medium, and so on), a similar risk after mitigation indicator showing the expected residual risk once treatment measures are applied, the group's location and country, and a standard-specific progress fraction (for example "3 of 5") showing how many assets in the group are compliant with the currently selected standard.

The risk colours come directly from your organisation's configured risk model — they are not fixed in the software. If your risk model uses five levels with custom names, those same names and colours will appear here.

Working with this screen

Creating a new asset group

Suppose your organisation has just started managing HR data and you want to group all HR-related systems together so you can assess and treat their risks collectively.

  • Click the Create button in the top-right corner of the list. The creation form opens on the General tab.
  • Fill in the Name field (you can enter translations if multiple languages are configured in DPMS). Select one or more Type tags — for example, "IT System" or "HR Application". Write a Description that explains what the group represents, then enter a Location and select a Country.
  • Use the person picker to assign a Risk Owner — the person formally responsible for this group's risk. If that person is acting on behalf of someone else (for instance, a line manager covering for a colleague on leave), use the "On behalf of" selector directly below. Important: the system will automatically clear the "On behalf of" field if you accidentally select the same person as the Risk Owner, and will silently prevent you from doing the same in reverse. Choose two different people.
  • Set the group's Status (typically "Draft" for a new group) and assign Responsible Persons from the action bar at the top of the form.
  • Click Save. DPMS creates the record, redirects you to the new group's detail page, and updates the index list in the background so the new group appears immediately when you return to the list.

Once the group is saved, your next step is to link it to at least one international standard (via the Group Standards tab in the edit form). Without a standard, the Risk tab will be hidden on the detail view — see the Tips section below for more on this.

Reviewing the risk posture of an existing group

A risk manager needs to check whether a critical group's treatment plan is on track before the quarterly board report.

  • From the Asset Groups index, use the filter bar to search for the group by name or by responsible person. Alternatively, click the current risk column header to sort by risk level and bring the highest-risk groups to the top.
  • Click the group's row to open its detail view. At the top of the detail view, a sticky header bar shows the group's status, responsible persons, last updated date, and last review date. The colour-coded bolt icon in the header gives you an immediate read on the current risk.
  • In the left-hand tab menu, click the Risk tab. If the group has multiple standards linked, you will see a sub-menu of standard names. Select the standard you want to review (for example, ISO 27001).
  • Click the Treatment Plan sub-tab to see all open treatment items, their owners, and their deadlines. If items are overdue, they will be highlighted.
  • If the group's status should move from "Draft" to "Active" now that the setup is complete, click the status selector in the sticky header and choose "Active". The change is saved immediately via an instant update — you do not need to open the edit form or click a separate Save button.

Auditing a group's change history

An auditor needs to verify when a group's risk owner was last changed and whether any treatment plan updates were made in the past month.

  • Open the detail view of the relevant asset group (either by clicking its row in the index or by navigating directly from a bookmark).
  • In the top-right area of the detail view, click the clock icon (labelled "Activity Log" in the tooltip). A slide-in panel opens showing the complete change history for this group — every edit, status change, and responsible person update, with the name of the person who made the change and the timestamp.
  • Use the previous/next chevrons in the breadcrumb area to move to the next asset group in your current filtered list without going back to the index. This is particularly useful when auditing several groups in sequence: set your filter on the index first (for example, "Country = Germany"), drill into the first group, then step through the list using the arrows.
Heads up: The Activity Log button is hidden for groups that your organisation receives through the sharing feature (groups published from another organisation). The changelog is only visible to the organisation that owns the original record.

Linking assessments and handling the risk recalculation prompt

A DPO wants to connect a completed vendor assessment to an asset group so that the group's risk scores are updated based on the assessment results.

  • Open the asset group's detail view and click the Assessments tab in the left-hand tab menu.
  • From the Assessments tab, navigate to the edit view for that tab and select the assessment(s) you want to link from the available list, then click Save.
  • If the newly linked assessments contain risk evaluation data that affects this group, a confirmation dialog will appear on screen asking whether you want to update the group's risk scores based on the new data.
  • Click Yes to trigger the recalculation. DPMS will update the risk scores in the background. Once the job finishes, return to the Risk tab to see the updated current risk indicator. While the recalculation is running, some edit controls on the detail view may be temporarily greyed out — this is expected. Wait a moment and the controls will become available again.

Field reference

The following fields appear on the General creation and edit form and are worth explaining:

  • Name — The display name for the asset group. If your organisation uses multiple languages in DPMS, you can enter translations for each active language. Required.
  • Type — One or more tags that categorise the group (for example, "IT System", "Cloud Service"). Used for filtering on the index. Optional but recommended for searchability.
  • Risk Owner — The person formally responsible for managing the risk of this group. Required for risk workflows. The name appears in the index table and in the sticky header of the detail view.
  • On behalf of — If the Risk Owner is acting as a delegate for someone else, enter the original owner here. The system records both names and shows them together in the General tab as "Risk Owner (on behalf of Original Owner)". Must be a different person from the Risk Owner — selecting the same person will automatically clear this field.
  • Description — A free-text explanation of what the group represents. Supports long text and is displayed in a readable format on the General tab.
  • Locations — A text description of where the group's assets are physically located. Combined with Country in the index table's Location column.
  • Country — The country where the group's assets are located. Used for geographic filtering and compliance cross-referencing.
  • Status — The workflow status of the group (Draft, Active, Inactive, Review). Can also be updated inline from the detail view's sticky header without opening the edit form.
  • Responsible Persons — One or more people with operational responsibility for the group. Different from the Risk Owner, who holds formal risk accountability.

How this connects to the rest of DPMS

Asset groups sit at the heart of the asset-level risk workflow in DPMS. Before you can run risk scenario evaluations, set risk thresholds, or create a treatment plan for a set of assets, those assets must belong to a group — and the group must have at least one international standard linked to it. If neither condition is met, the Risk tab is hidden entirely and risk work for those assets cannot proceed.

Once a group is set up with standards and risk scenarios, other parts of DPMS depend on it:

  • The Asset index lets you filter assets by group: clicking a group name link on the asset list pre-filters the view to show only assets in that group.
  • TOMs (Technical and Organisational Measures) can be linked to risk scenarios within a group. The Implemented TOMs sub-tab tracks which measures are in place and feeds into the risk-after-mitigation calculation.
  • Assessments linked to an asset group can trigger automatic risk recalculation, keeping scores current as your vendor and compliance landscape evolves.
  • Sharing: if your organisation is part of a consulting or multi-entity setup, asset groups can be published to subsidiary or partner organisations via the sharing feature, accessible from the three-dot options menu.

After finishing on this screen, your typical next steps are: use the Group Standards edit tab to link international standards, configure the Risk Threshold for each standard, and then visit the Risk Scenarios sub-tab to review or create the scenarios that will drive the risk scoring for the group.

Tips & common pitfalls

Heads up: If the Risk tab disappears from a group's detail view, it almost always means the group has no international standards linked. Go to the edit form and open the Group Standards tab to link at least one standard. A notification banner on the detail view also provides a direct link to this setting.
Tip: Status changes made from the sticky header at the top of the detail view are saved immediately — there is no separate Save button and no undo. If you change a group's status by accident, simply change it back using the same dropdown.
  • On-behalf-of validation is silent. If you try to set the "On behalf of" person to the same individual as the Risk Owner, the field simply will not update — no error message appears. If the selector seems unresponsive, check that you are choosing a different person.
  • Previous/next navigation respects your active filter. If you filtered the index by country or responsible person before drilling into a detail record, the breadcrumb chevrons will skip groups that do not match that filter. If the arrows seem to jump unexpectedly, check whether a filter is still active on the index.
  • Risk recalculation jobs can temporarily disable editing. After linking new assessments and confirming the risk update, a background job runs to recalculate scores. During this time the edit button on the detail view may appear greyed out even if you have full edit permissions. This is temporary — wait a moment and try again.
  • The Activity Log is only available on owned records. Groups shared to your organisation from another entity (visible in "consulted" or shared mode) do not show the changelog. To see the full history, you would need to contact the originating organisation.
  • Filters persist during your session. If you applied filters on the Asset Groups index and then navigated away, those filters will still be active when you return. Clear them using the filter bar to see the full list again.


Was this article helpful?

English
Powered by Product Fruits