How to Collaborate within the Organisation to Capture All Assets?

Creating an asset inventory isn’t about getting it perfect from day one—it’s about ensuring you have a complete and usable list when you need it, whether for audits, risk assessments, or compliance reporting.

Creating a comprehensive asset inventory is not a task that can be completed by the information security manager alone. They will never have enough context to know all the assets or bandwidth to find out. 

Your role as the information security manager is to facilitate and coordinate the process, ensuring that all key stakeholders are involved and aligned. You need to involve other people, people that often don’t see this as “their job” and “responsibility”. 

The actual collaboration doesn’t need to be rigid or overly formal. Instead of complex hierarchies and frequent meetings, asset inventory collaboration should be efficient, straightforward, and adapted to the organisation’s culture. The key is to keep things simple while ensuring everyone involved knows their responsibilities.

Next, a few tips on how to run this collaboration that hopefully set you up for success.

Who should be involved in the Asset Discovery Process?

1. Information Security Manager: Facilitates the process, collaborating with department leads to kick off asset discovery. Rather than micromanaging, the security manager provides guidance and ensures that the right people are involved in the discovery process.
2. Department/Team Leads: Work with the information security manager to identify asset champions within their teams. Department leads ensure that the chosen champions have the appropriate knowledge and access to compile asset information effectively.
3. Asset Champions: Responsible for gathering and logging the relevant asset data for their department. By keeping the process focused on essential information, asset champions ensure that the inventory remains accurate and manageable.

How to Collaborate With Stakeholders for Asset Discovery?

1. Create Clear and Simple Guidelines for Data Collection
   Keep things simple by giving each department clear guidelines on what information to collect. Focus on the essentials: asset type, owner, location, and criticality. Avoid overwhelming teams with too many requirements—just gather the information that will help build a solid foundation for security and decision-making.
2. Use Accessible Tools for Data Collection
   You don’t need complex asset management software at this point. Simple tools like Excel or Notion are more than enough for gathering asset data. These familiar tools let department champions log information quickly and easily in a shared document, making sure everyone can contribute without hassle and keeping the data in one place.
3. Set a Realistic Timeline for Discovery
   Set a clear deadline for the initial asset discovery, but keep it realistic. Instead of formal check-ins, let teams work independently while offering support if they need it. A single deadline keeps things moving without putting unnecessary pressure on anyone.
4. Encourage Informal Cross-Team Communication
   Asset discovery works best when there’s open communication between departments. Encourage champions to reach out to each other informally—quick emails or chat messages are great for getting clarifications or help. This way, teams can collaborate without needing formal meetings.
5. Focus on High-Value Assets First
   Start by identifying high-value assets that are critical to your business and security, like core servers, major software platforms, cloud services, and key employee devices. Focusing on these first helps you build a strong foundation, and you can expand to less critical items later as the process continues.

Here’s how the initial asset discovery process typically unfolds:

1. Kickoff: The information security manager works with department leads to find asset champions and provide clear guidelines for data collection. The kickoff makes sure everyone knows their role so that the process starts off smoothly. This is the place you share all the prepared material with the champions.
2. Discovery: Asset champions collect asset information for their departments, following the guidelines. They log this information into a shared document or sheet, keeping it simple and accessible. You’ll probably need to remind them only 3 times to actually do it. 
3. Submission: Champions submit their collected data by the (third) deadline. The information security manager reviews it to ensure everything is complete and follows up on any gaps or inconsistencies.
4. Cross-Team Communication: If there are any uncertainties during discovery, asset champions reach out informally to other departments for clarification or to fill in missing details.

After the initial discovery, the organisation has a solid baseline asset inventory, focusing on high-value assets that are critical to operations and security. This foundation can be expanded as needed, but the first phase keeps things efficient and practical.

Learn more about other aspects of asset inventory management in compliance with frameworks like ISO 27001, NIS 2 and DORA here.