Category,Secondary Category,Name,Description,Asset Owner,Asset Manager,Location,Status ,Criticality ,Data Sensitivity
,,"Unique identifier of an asset or name of the asset group to which the asset belongs, based on similar characteristics, functions, or risk profiles (e.g., grouping all laptops together or categorising data stores containing confidential information))","Brief summary of the asset, its function, and importance to the organization",Who is ultimately accountable for the asset. Making the big decisions.,Who is responsible for the day to day maintainance and up keep of the asset.,Physical location for hardware or logical location for software/data.,"Is this asset active, retired, or in use? This helps track lifecycle stages.","How important is this asset to your organisation's operations? Consider using a simple scale (e.g., high, medium, low) to keep this manageable.","If this asset is a data store, is it confidential, public, or internal? This helps prioritise security controls like encryption."
Information Assets,Core Business & Security-Critical Data,Customer Database,"The foundation of any business. Losing customer data can mean financial loss, reputational damage, and legal trouble.",,,,,,
Information Assets,Core Business & Security-Critical Data,Source Code Repositories,"The backbone of technology companies. Losing control of code can halt development, impact innovation, and lead to IP theft.",,,,,,
Information Assets,Core Business & Security-Critical Data,Financial Records,"Essential for business continuity and regulatory compliance. Unauthorized access or loss can lead to fraud, fines, and operational issues.",,,,,,
Information Assets,Core Business & Security-Critical Data,Contracts & Legal Agreements,Protects the company from legal risks. Contracts ensure obligations are met and define liability in case of disputes.,,,,,,
Information Assets,Core Business & Security-Critical Data,GDPR & Compliance Documentation,Vital for proving regulatory compliance and avoiding heavy fines. Losing this data can have serious legal consequences.,,,,,,
Information Assets,Core Business & Security-Critical Data,Encryption Keys & Certificates,"These secure all other assets, ensuring data integrity and confidentiality. If compromised, they can expose critical systems to attackers.",,,,,,
Information Assets,Operational Continuity & Business Strategy,Corporate Email System,A primary communication tool for employees and executives. A breach here can expose confidential information and harm the business.,,,,,,
Information Assets,Operational Continuity & Business Strategy,Business Strategy Documents,"Plans for growth, market positioning, and competitive advantage. Exposure to competitors could significantly impact business success.",,,,,,
Information Assets,Operational Continuity & Business Strategy,Risk Register,Helps proactively manage security and operational risks. Keeping this updated ensures informed decision-making and compliance with standards like ISO 27001.,,,,,,
Information Assets,Operational Continuity & Business Strategy,"Intellectual Property (Patents, Trademarks, Copyrights)","Protects proprietary innovations, brand value, and business uniqueness. Losing or exposing these can weaken competitive advantage.",,,,,,
Information Assets,Operational Continuity & Business Strategy,IT System Configurations,Defines infrastructure security and stability. Poorly documented or mismanaged configurations can lead to downtime and security breaches.,,,,,,
Information Assets,Operational Continuity & Business Strategy,Incident & Audit Logs,"Tracks security incidents, system changes, and compliance evidence. Essential for detecting security threats and responding effectively.",,,,,,
Information Assets,Business efficiency & customer experience,CRM System Data,Centralizes customer interactions and sales pipelines. Losing access can impact revenue and customer relationships.,,,,,,
Information Assets,Business efficiency & customer experience,Operational Procedures & Policies,Ensures consistency and compliance in how teams operate. A well-documented process framework improves efficiency and security.,,,,,,
Information Assets,Business efficiency & customer experience,Product Designs & Prototypes,Protects innovations and future products. Competitors gaining access to early-stage designs can impact market leadership.,,,,,,
Information Assets,Business efficiency & customer experience,Marketing & Sales Data,Supports revenue generation and strategic decision-making. Exposure of marketing strategies could reduce competitive effectiveness.,,,,,,
Information Assets,Business efficiency & customer experience,Customer Support Tickets & Logs,Provides valuable insights into product and service quality. Losing this data can hurt customer satisfaction and internal operations.,,,,,,
Information Assets,Internal Knowledge & Routine Documentation,Employee Records,"Important for HR and payroll but typically less critical than financial or customer data. However, mishandling can lead to compliance issues.",,,,,,
Information Assets,Internal Knowledge & Routine Documentation,Confidential Meeting Notes & Minutes ,"Helps keep track of key decisions, but security impact is lower unless tied to strategy or sensitive negotiations.",,,,,,
Information Assets,Internal Knowledge & Routine Documentation,Backup & Disaster Recovery Plans,Critical for business continuity but not a primary target for attacks. Regular updates ensure they remain effective when needed.,,,,,,
IT Infrastructure & Devices,Core Infrastructure & Security-Critical Assets,Production Servers,Runs critical applications and stores business data. Downtime or breaches can cripple operations.,,,,,,
IT Infrastructure & Devices,Core Infrastructure & Security-Critical Assets,Employee Laptops & Desktops,The most commonly used endpoints. Lost or compromised devices can expose sensitive information.,,,,,,
IT Infrastructure & Devices,Core Infrastructure & Security-Critical Assets,Cloud-Hosted Virtual Machines,"AWS, Azure, Google Cloud instances. These need tight access controls to prevent unauthorized changes.",,,,,,
IT Infrastructure & Devices,Core Infrastructure & Security-Critical Assets,"Networking Equipment (Routers, Switches, Firewalls)",Controls company-wide connectivity and security. Misconfigurations can open the door to attackers.,,,,,,
IT Infrastructure & Devices,Core Infrastructure & Security-Critical Assets,"Storage Devices (NAS, SAN, Cloud Storage Gateways)",Where business-critical files live. Poor security or access control can lead to data leaks.,,,,,,
IT Infrastructure & Devices,Core Infrastructure & Security-Critical Assets,Backup Servers & Devices,"Protects against data loss. If backups aren’t secure, they can become an attack vector.",,,,,,
IT Infrastructure & Devices,Core Infrastructure & Security-Critical Assets,Privileged Access Workstations (PAWs),Isolated machines for high-risk admin tasks. Essential for securing sensitive operations.,,,,,,
IT Infrastructure & Devices,Endpoint & Operational Device Assets,Mobile Devices (Company Phones & Tablets),"Work happens on mobile. Unsecured devices can expose emails, files, and internal apps.",,,,,,
IT Infrastructure & Devices,Endpoint & Operational Device Assets,IoT Devices & Smart Office Equipment,"Smart locks, cameras, and conference room tech. Often overlooked but easy targets for hackers.",,,,,,
IT Infrastructure & Devices,Endpoint & Operational Device Assets,VPN & Remote Access Devices,Enables remote work. A weak or outdated VPN setup can put internal networks at risk.,,,,,,
IT Infrastructure & Devices,Endpoint & Operational Device Assets,"Security Appliances (IDS, IPS, Web Proxies)",Dedicated hardware for detecting and blocking cyber threats. Critical for compliance and network security.,,,,,,
IT Infrastructure & Devices,Endpoint & Operational Device Assets,Point-of-Sale (POS) Systems,"If you process payments, these devices must be locked down to prevent fraud and data breaches.",,,,,,
IT Infrastructure & Devices,Operational & Specialized Equipment Assets,Printers & Scanners,"Often unsecured, but still process sensitive documents. Can be an entry point for attackers.",,,,,,
IT Infrastructure & Devices,Operational & Specialized Equipment Assets,Developer Workstations & Test Machines,Used for building and testing software. Often hold sensitive code and should be treated like production systems.,,,,,,
IT Infrastructure & Devices,Operational & Specialized Equipment Assets,Patch Management Servers,Pushes security updates to devices. A compromised patch server can spread malware across the entire network.,,,,,,
IT Infrastructure & Devices,Operational & Specialized Equipment Assets,R&D and Lab Equipment,"Specialized hardware for engineering, AI, biotech, or research teams. Security is often overlooked but should be a priority.",,,,,,
IT Infrastructure & Devices,Support & Peripheral Device Assets,"Conference Room Equipment (Video Conferencing Systems, Projectors)",Stores meeting data and connects to the network. Should be properly configured to prevent unauthorized access.,,,,,,
IT Infrastructure & Devices,Support & Peripheral Device Assets,Uninterruptible Power Supplies (UPS) & Backup Generators,Keeps systems online during outages. Required for compliance in some industries.,,,,,,
IT Infrastructure & Devices,Support & Peripheral Device Assets,Legacy Systems & Deprecated Hardware,Old but still in use. Typically vulnerable and should have extra security measures.,,,,,,
IT Infrastructure & Devices,Support & Peripheral Device Assets,"External Storage (USB Drives, External Hard Drives, SD Cards)",Small but risky. Unencrypted drives can easily expose sensitive data.,,,,,,
People & Roles,Security & High-Privilege Roles,CISO / Security Lead,"Owns security strategy, risk management, and compliance oversight. Their decisions shape the company’s security posture.",,,,,,
People & Roles,Security & High-Privilege Roles,System Administrators,"Manages critical IT infrastructure, access controls, and user permissions. Often have the highest privilege levels.",,,,,,
People & Roles,Security & High-Privilege Roles,Developers & Engineers,"Writes and maintains code, often with access to repositories, production environments, and internal tooling.",,,,,,
People & Roles,Security & High-Privilege Roles,Cloud & DevOps Engineers,"Manages cloud platforms, CI/CD pipelines, and automated deployments. Their permissions can impact production security.",,,,,,
People & Roles,Security & High-Privilege Roles,IT Support & Helpdesk Staff,"Handles user accounts, password resets, and troubleshooting. A common target for social engineering attacks.",,,,,,
People & Roles,Security & High-Privilege Roles,Incident Response Team,"Investigates security breaches, mitigates risks, and restores operations. Their access is crucial during emergencies.",,,,,,
People & Roles,Security & High-Privilege Roles,"Privileged Users (Root, Superuser, Admins)",Any individual with elevated permissions across systems. Must be monitored closely to prevent misuse.,,,,,,
People & Roles,Core Business & Compliance Roles,Risk & Compliance Officers,"Ensures the company meets security frameworks, regulations, and industry standards like ISO 27001 and SOC 2.",,,,,,
People & Roles,Core Business & Compliance Roles,Finance & Accounting Team,"Manages financial records, transactions, and payroll data. Often a target for fraud and phishing attacks.",,,,,,
People & Roles,Core Business & Compliance Roles,Legal & Contract Managers,"Handles sensitive contracts, intellectual property, and compliance documentation. Their access needs strict controls.",,,,,,
People & Roles,Core Business & Compliance Roles,HR & People Operations,"Manages employee records, personal data, and onboarding/offboarding processes. Plays a key role in identity lifecycle management.",,,,,,
People & Roles,Core Business & Compliance Roles,Data Protection Officer (DPO),Required for GDPR compliance. Oversees data privacy policies and ensures personal data is handled correctly.,,,,,,
People & Roles,Core Business & Compliance Roles,Procurement & Vendor Managers,"Evaluates and manages third-party services, contracts, and vendor security assessments.",,,,,,
People & Roles,Departmental & Specialized Roles,Customer Support & Account Managers,"Interacts with customer data, support tickets, and account credentials. Often targeted in phishing attacks.",,,,,,
People & Roles,Departmental & Specialized Roles,Marketing & Sales Team,"Handles CRM systems, customer segmentation, and lead data. Improper access controls can lead to data leaks.",,,,,,
People & Roles,Departmental & Specialized Roles,Product Managers & Analysts,"Works with internal dashboards, analytics, and user behavior data. May have indirect access to sensitive information.",,,,,,
People & Roles,Departmental & Specialized Roles,Facility & Physical Security Staff,"Manages office access control, surveillance, and building security. Often overlooked in digital security discussions.",,,,,,
People & Roles,External & Non-permanent Roles,Contractors & Consultants,Temporary staff with access to company systems. Their accounts must be carefully managed to prevent lingering access risks.,,,,,,
People & Roles,External & Non-permanent Roles,Third-Party Vendors & MSPs,"External companies providing IT services, security monitoring, or cloud hosting. Must be monitored for compliance with security policies.",,,,,,
People & Roles,External & Non-permanent Roles,Board Members & Executives,"Senior leadership may not access systems daily, but their devices and accounts often contain highly sensitive company data.",,,,,,
Facilities & Physical Infrastructure,Critical Infrastructure & Access Control,Office Buildings & Workspaces,"Physical locations where employees work, including main offices, satellite branches, and co-working spaces.",,,,,,
Facilities & Physical Infrastructure,Critical Infrastructure & Access Control,Data Centers & Server Rooms,Secure environments housing servers and networking equipment. Strict access control is essential.,,,,,,
Facilities & Physical Infrastructure,Critical Infrastructure & Access Control,Access Control Systems,"Keycards, biometric scanners, and security badges that regulate entry to company facilities. A weak access system is an open door to insider threats.",,,,,,
Facilities & Physical Infrastructure,Critical Infrastructure & Access Control,"Surveillance Systems (CCTV, motion sensors)",Security cameras and monitoring systems that track activity in sensitive areas. Useful for both security incidents and compliance.,,,,,,
Facilities & Physical Infrastructure,Critical Infrastructure & Access Control,Security Alarm Systems,Intrusion detection alarms that help prevent unauthorized physical access and theft.,,,,,,
Facilities & Physical Infrastructure,Critical Infrastructure & Access Control,Physical Safes & Secure Storage,"Locked areas for storing confidential documents, encryption keys, or other sensitive materials.",,,,,,
Facilities & Physical Infrastructure,Operational Infrastructure & Business Continuity,Workstations & Meeting Rooms,Shared office spaces equipped with networked devices and communication tools. Access to these areas should be controlled and monitored.,,,,,,
Facilities & Physical Infrastructure,Operational Infrastructure & Business Continuity,"Backup Power Systems (UPS, generators)",Prevents downtime and protects critical systems during power failures.,,,,,,
Facilities & Physical Infrastructure,Operational Infrastructure & Business Continuity,HVAC & Environmental Controls,Temperature and humidity control systems for server rooms and data centers. Critical for preventing hardware failures.,,,,,,
Facilities & Physical Infrastructure,Operational Infrastructure & Business Continuity,Network Cabling & Physical Connectivity,"Ethernet cables, fiber optic connections, and patch panels that support internal network infrastructure.",,,,,,
Facilities & Physical Infrastructure,Operational Infrastructure & Business Continuity,Physical Document Storage & Archives,"Filing cabinets and storage rooms for contracts, HR records, and compliance documentation. Should be secured against unauthorized access.",,,,,,
Facilities & Physical Infrastructure,Operational Infrastructure & Business Continuity,Employee Lockers & Personal Storage Areas,"Used for storing work devices, security tokens, and personal belongings within office environments.",,,,,,
Facilities & Physical Infrastructure,Company-Owned or Managed Facilities,Company Vehicles (if applicable),"Cars, vans, or fleet vehicles used for business purposes. Can store sensitive equipment and may require tracking.",,,,,,
Facilities & Physical Infrastructure,Company-Owned or Managed Facilities,Remote Office Setups & Home Office Equipment,"Monitors, docking stations, and furniture provided for remote workers. Ensuring security policies extend to these setups is essential.",,,,,,
Facilities & Physical Infrastructure,Company-Owned or Managed Facilities,Physical Signage & Branding Assets,"External company signage, trade show displays, and marketing materials used at offices or events.",,,,,,
Facilities & Physical Infrastructure,Supporting Infrastructure & External Facilities,Parking Lots & Garages,"Company-owned or leased parking areas, which may require security controls like cameras or access gates.",,,,,,
Facilities & Physical Infrastructure,Supporting Infrastructure & External Facilities,Visitor Management Systems,Logs and digital tools used to track guest access to offices and restricted areas.,,,,,,
Facilities & Physical Infrastructure,Supporting Infrastructure & External Facilities,Reception & Front Desk Areas,First point of contact for employees and visitors. A well-secured reception area can prevent unauthorized access.,,,,,,
Facilities & Physical Infrastructure,Supporting Infrastructure & External Facilities,Third-Party Facility Management Services,"Vendors responsible for cleaning, maintenance, and security. Their access and compliance with security policies should be monitored.",,,,,,
Facilities & Physical Infrastructure,Supporting Infrastructure & External Facilities,Storage & Warehouse Facilities,"Offsite locations for equipment, hardware, or product inventory. Often require additional security controls.",,,,,,
Third-Party & Vendor Relationships,Core Service Providers & High-Risk Vendors,"Cloud Service Providers (AWS, Azure, Google Cloud)","Hosts infrastructure, applications, and data. Security misconfigurations here can lead to major breaches.",,,,,,
Third-Party & Vendor Relationships,Core Service Providers & High-Risk Vendors,"Managed IT & Security Service Providers (MSSPs, MSPs)","External teams responsible for IT operations, cybersecurity monitoring, and system maintenance. They often have privileged access.",,,,,,
Third-Party & Vendor Relationships,Core Service Providers & High-Risk Vendors,Software-as-a-Service (SaaS) Vendors,"Business-critical applications (CRM, HR tools, finance software). Each SaaS tool needs security reviews and access controls.",,,,,,
Third-Party & Vendor Relationships,Core Service Providers & High-Risk Vendors,Payment Processors & Financial Service Providers,"Handles company transactions and financial data (e.g., Stripe, PayPal, banks). Security breaches can lead to fraud and compliance issues.",,,,,,
Third-Party & Vendor Relationships,Core Service Providers & High-Risk Vendors,Identity & Access Management (IAM) Providers,"Manages user authentication (Okta, Microsoft Entra ID, Google Workspace). A compromise here means compromised identities across systems.",,,,,,
Third-Party & Vendor Relationships,Core Service Providers & High-Risk Vendors,Security & Compliance Audit Firms,"External auditors and consultants who assess compliance with ISO 27001, SOC 2, GDPR, and other regulations. Their findings impact business reputation.",,,,,,
Third-Party & Vendor Relationships,Core Service Providers & High-Risk Vendors,Penetration Testing & Red Team Vendors,Security firms hired to test defenses. They handle sensitive data about vulnerabilities and should be carefully vetted.,,,,,,
Third-Party & Vendor Relationships,Essential Business Vendors & Risk-Related Services,Legal & Compliance Consultants,"Lawyers and external compliance advisors who manage contracts, regulatory requirements, and risk assessments.",,,,,,
Third-Party & Vendor Relationships,Essential Business Vendors & Risk-Related Services,HR & Payroll Service Providers,"Processes employee salaries, benefits, and records. Often stores personal and financial data.",,,,,,
Third-Party & Vendor Relationships,Essential Business Vendors & Risk-Related Services,Customer Support Outsourcing Providers,External teams handling customer interactions and support tickets. They often have access to customer data.,,,,,,
Third-Party & Vendor Relationships,Essential Business Vendors & Risk-Related Services,"Enterprise Software Vendors (ERP, supply chain, IT management tools)","Critical backend systems for finance, logistics, and operations. A breach could disrupt business continuity.",,,,,,
Third-Party & Vendor Relationships,Essential Business Vendors & Risk-Related Services,Backup & Disaster Recovery Vendors,"Companies providing offsite backups, cloud storage, and failover systems. Their security controls directly impact data resilience.",,,,,,
Third-Party & Vendor Relationships,Essential Business Vendors & Risk-Related Services,Email & Communication Service Providers,"Business email platforms, internal chat tools, and VoIP providers. Often targeted in phishing and business email compromise (BEC) attacks.",,,,,,
Third-Party & Vendor Relationships,Operational & Industry-Specific Vendors,Marketing & Analytics Platforms,"Handles customer insights, ad targeting, and website tracking. Can be a data privacy risk if mishandled.",,,,,,
Third-Party & Vendor Relationships,Operational & Industry-Specific Vendors,Event & Travel Management Providers,"Organizes company events, travel, and conferences. Typically lower risk but may handle employee PII.",,,,,,
Third-Party & Vendor Relationships,Operational & Industry-Specific Vendors,Logistics & Supply Chain Vendors,"Manages shipping, warehousing, and inventory. A supply chain attack can disrupt operations.",,,,,,
Third-Party & Vendor Relationships,Operational & Industry-Specific Vendors,Facilities Management & Office Service Providers,"Cleaning, maintenance, and physical security services. Their access to offices needs monitoring.",,,,,,
Third-Party & Vendor Relationships,Non-Critical Vendors & Short-Term Contracts,Freelancers & Independent Consultants,Temporary workers with project-based access to company tools. Offboarding procedures are critical.,,,,,,
Third-Party & Vendor Relationships,Non-Critical Vendors & Short-Term Contracts,Print & Document Management Vendors,External companies managing printing services or secure document shredding. May handle confidential materials.,,,,,,
Third-Party & Vendor Relationships,Non-Critical Vendors & Short-Term Contracts,Training & E-learning Service Providers,Platforms or instructors delivering internal training. Typically low risk but may have access to employee records.,,,,,,
Intellectual Property & Brand Assets,Legally Protected IP & Proprietary Technology,Patents & Patent Applications,Protects unique inventions and processes; ensures competitive advantage.,,,,,,
Intellectual Property & Brand Assets,Legally Protected IP & Proprietary Technology,Trademarks & Registered Brand Names,"Ensures exclusive rights to your company’s name, logos, and product names. Essential for brand identity and legal protection.",,,,,,
Intellectual Property & Brand Assets,Legally Protected IP & Proprietary Technology,Copyrighted Materials,"Covers written content, software code, designs, and creative works. Mismanagement can lead to IP theft or legal challenges.",,,,,,
Intellectual Property & Brand Assets,Legally Protected IP & Proprietary Technology,Source Code & Proprietary Software,The backbone of tech-driven companies. Securing repositories prevents leaks and unauthorized modifications.,,,,,,
Intellectual Property & Brand Assets,Legally Protected IP & Proprietary Technology,Product Designs & Technical Blueprints,Protects physical and digital product development. Exposure could result in replication by competitors.,,,,,,
Intellectual Property & Brand Assets,Legally Protected IP & Proprietary Technology,Confidential Algorithms & Proprietary Data Models,"AI models, pricing algorithms, and business logic that give companies a competitive edge.",,,,,,
Intellectual Property & Brand Assets,Legally Protected IP & Proprietary Technology,Trade Secrets & Internal Know-How,"Non-public strategies, methodologies, and processes that provide a business advantage. Keeping these secure prevents industrial espionage.",,,,,,
Intellectual Property & Brand Assets,Digital Brand Assets & Online Presence,Company Domain Names & Website Assets,"Losing control of a domain can severely impact operations, security, and brand reputation.",,,,,,
Intellectual Property & Brand Assets,Digital Brand Assets & Online Presence,Social Media Accounts & Handles,"Official LinkedIn, Twitter, and other accounts tied to the brand. Account takeovers can damage trust and credibility.",,,,,,
Intellectual Property & Brand Assets,Digital Brand Assets & Online Presence,Brand Guidelines & Visual Identity,"Defines logo usage, typography, color schemes, and other branding elements. Protects brand consistency.",,,,,,
Intellectual Property & Brand Assets,Digital Brand Assets & Online Presence,Marketing & Advertising Assets,"Digital and print advertisements, campaign visuals, and creative content. Misuse or theft can harm brand perception.",,,,,,
Intellectual Property & Brand Assets,Digital Brand Assets & Online Presence,Product Names & Service Offerings,Unique product names and service categories that are tied to branding and market positioning.,,,,,,
Intellectual Property & Brand Assets,Legal Agreements & Licensing,Licensing Agreements & IP Contracts,Outlines ownership rights when collaborating with third parties or licensing IP. Poorly managed agreements can result in ownership disputes.,,,,,,
Intellectual Property & Brand Assets,Legal Agreements & Licensing,Partnership & Co-branding Agreements,Governs how intellectual property is shared and marketed in joint ventures or partnerships.,,,,,,
Intellectual Property & Brand Assets,Legal Agreements & Licensing,Customer & Vendor Brand Usage Permissions,"Agreements that control how customers, vendors, and partners can use your company’s logo or name in their materials.",,,,,,
Intellectual Property & Brand Assets,Supporting Brand Assets & Legacy Materials,Archived Brand Materials & Historical Marketing Assets,"Past logos, old branding guidelines, or retired marketing campaigns. Useful for reference but lower risk.",,,,,,
Intellectual Property & Brand Assets,Supporting Brand Assets & Legacy Materials,Company Swag & Branded Merchandise,"T-shirts, mugs, and giveaways. While not a security risk, unapproved merchandise can create brand inconsistencies.",,,,,,
Intellectual Property & Brand Assets,Supporting Brand Assets & Legacy Materials,Website Templates & Design Elements,UX/UI assets and website themes used in branding. Losing control could lead to unauthorized modifications.,,,,,,
Intellectual Property & Brand Assets,Supporting Brand Assets & Legacy Materials,Employee-created Content & Presentations,"Internal and external presentations, speeches, or blog posts tied to the company’s expertise.",,,,,,
Intellectual Property & Brand Assets,Supporting Brand Assets & Legacy Materials,Event & Sponsorship Materials,"Banners, booths, and event presentations used for industry conferences or sponsorships.",,,,,,
Regulatory & Compliance Assets,Security Policies & Legal Requirements,Information Security Policies,Defines how security is implemented across the company. A core requirement for compliance frameworks like ISO 27001.,,,,,,
Regulatory & Compliance Assets,Security Policies & Legal Requirements,Data Protection & Privacy Policies,"Governs how personal data is collected, processed, and stored. Critical for GDPR, CCPA, and similar regulations.",,,,,,
Regulatory & Compliance Assets,Security Policies & Legal Requirements,Acceptable Use Policies (AUPs),Outlines how employees can use company resources and data. Prevents misuse and ensures accountability.,,,,,,
Regulatory & Compliance Assets,Security Policies & Legal Requirements,Access Control Policies,"Defines who can access systems, data, and physical locations. Essential for securing sensitive information.",,,,,,
Regulatory & Compliance Assets,Security Policies & Legal Requirements,Incident Response Plans,"Details how the company detects, reports, and responds to security incidents. Required for regulatory compliance.",,,,,,
Regulatory & Compliance Assets,Security Policies & Legal Requirements,Business Continuity & Disaster Recovery Plans,"Covers how the company will continue operations in case of a security breach, natural disaster, or other disruption.",,,,,,
Regulatory & Compliance Assets,Security Policies & Legal Requirements,Risk Management Framework & Assessments,Documents the company’s approach to identifying and mitigating security risks.,,,,,,
Regulatory & Compliance Assets,Compliance Evidence & Audit Records,Audit Logs & Security Monitoring Reports,"Tracks access attempts, security events, and system changes. Required for compliance audits.",,,,,,
Regulatory & Compliance Assets,Compliance Evidence & Audit Records,"Regulatory Compliance Certifications (ISO 27001, SOC 2, PCI DSS, etc.)",Official documentation proving compliance with industry standards.,,,,,,
Regulatory & Compliance Assets,Compliance Evidence & Audit Records,Vendor Risk Assessments & Due Diligence Reports,Evaluates security risks associated with third-party vendors. Essential for supply chain security.,,,,,,
Regulatory & Compliance Assets,Compliance Evidence & Audit Records,Penetration Test & Vulnerability Assessment Reports,Documents security testing results to identify and mitigate weaknesses.,,,,,,
Regulatory & Compliance Assets,Compliance Evidence & Audit Records,Statements of Applicability (SoA),"Required for ISO 27001, listing which security controls are applied and why.",,,,,,
Regulatory & Compliance Assets,Legal Agreements & External Compliance Requirements,Data Processing Agreements (DPAs),Contracts that define how vendors process personal data. Essential for GDPR compliance.,,,,,,
Regulatory & Compliance Assets,Legal Agreements & External Compliance Requirements,Non-disclosure Agreements (NDAs),Legal agreements protecting confidential company information.,,,,,,
Regulatory & Compliance Assets,Legal Agreements & External Compliance Requirements,Security Awareness Training Records,Documentation proving employees have completed cybersecurity and compliance training.,,,,,,
Regulatory & Compliance Assets,Legal Agreements & External Compliance Requirements,Encryption & Key Management Policies,"Defines how sensitive data is encrypted and protected. Important for compliance with GDPR, HIPAA, and financial regulations.",,,,,,
Regulatory & Compliance Assets,Supporting Compliance Documentation,Third-party Compliance Attestations,Proof that external vendors meet security and regulatory requirements.,,,,,,
Regulatory & Compliance Assets,Supporting Compliance Documentation,Physical Security Policies & Site Access Logs,Covers facility security measures and tracks who enters restricted areas.,,,,,,
Regulatory & Compliance Assets,Supporting Compliance Documentation,User Access Reviews & Privilege Audits,Ensures that only authorized employees have access to critical systems.,,,,,,
Regulatory & Compliance Assets,Supporting Compliance Documentation,Backup & Data Retention Policies,"Defines how long data is kept, archived, or deleted based on regulatory requirements.",,,,,,