Skip to main content

Manage your Assets

Read about how to manage asset data fields and set up connections to other elements on the platform.

Søren Hjertholm avatar
Written by Søren Hjertholm
Updated yesterday

The video above walks you through the full asset page. The first section revisits the Master Data and Compliance cards covered in the "Create your first asset" guide, so if you’re already familiar with those, feel free to jump ahead.

1. Data Fields

When working with an asset, you have several sections where you can enter information about the asset. These are divided into:

  • Master data

  • Compliance

  • Physical Asset

  • Digital Asset

1.1 Master data

In the master data section, you can fill out the following fields:

  • Name: Enter a clear and descriptive title, etc. "CRM - Hubspot"

  • Type: Choose between the options: Digital and Physical

  • Criticality: Describes how important the asset is for compliance and operations. High score indicates the asset is storing critical data or is critical to operations.

  • Responsible: Assign a specific user or user group as responsible for the asset.

  • Departments: Select the department(s) the asset belongs to / is used by

  • Category: Use this to categorize assets as you prefer

  • Note: Add internal remarks or comments about the asset

1.2 Compliance

In this section, you can determine relevance to compliance frameworks:

  • Relevant for GDPR: In this field, you can mark whether the asset contains personal information, which would make the asset relevant to GDPR.

    Note: When selected, you unlock the “Data Management” page, where you can describe the personal data stored and the deletion routine.

  • Relevant for NIS2: In this field, you can mark whether the asset supports NIS2 regulated processes.

1.3 Digital Asset

In this section, you can add information about how the digital asset is hosted, accessed, and used:

  • Self hosted: Specify whether the asset is hosted internally or provided as a cloud service.

  • Sign-in: Select how users sign in to the asset, whether through SSO, local user accounts (with or without 2FA), or temporary/guest accounts.

  • Access: Select how the asset can be accessed, whether only through the internal network (with or without VPN) or publicly from all networks.

1.4 Physical Asset

In this section, you can describe how the physical asset is stored and accessed:

  • Access: Describe how access to the physical asset is controlled. This could be keys, badges, locked rooms, or similar.

  • Note: Add additional context about location, storage, or handling of the asset.

2. Connections

For any given asset, you can connect it to various elements on the platform:

  • Suppliers

  • Tasks

  • Documentation

  • Services

  • Risk Assessments

  • Security Incidents

For all the connections, you can choose to create a new element from the asset page (which will also link the element to the asset) or attach existing elements to the asset.

2.1 Suppliers

The suppliers you connect to an asset represent the company delivering or hosting it. If the asset is developed internally, you can simply leave this section empty.

Example: An asset could be Microsoft Teams, where Microsoft is the supplier. In this case, the two elements should be connected.

2.2 Tasks

Tasks connected to an asset represent work that must be done to maintain or review the asset. This can be recurring checks, onboarding tasks, compliance reviews, etc.

Example: A recurring task could be to review access rights for the asset every quarter.

2.3 Documentation

Here you can attach documentation relevant to the asset, such as policies, procedures, user manuals, audit evidence, etc.

Example: You might upload the audit evidence showing the latest access-right review and who approved it.

2.4 Services

Service elements represent services you offer to your customers. If the asset plays a role in delivering that service, the two should be connected.

Example: A service could be Complychain. As part of this service, we rely on a database that is registered as an asset. In this case, the two elements should be connected, as the asset is an essential part of delivering the service.

2.6 Risk Assessments

If you have performed a risk assessment for the asset, you can link it here. This makes it easier to follow risks and related mitigations directly from the asset page.

Example: A risk assessment could evaluate the impact of downtime on our database, which the product depends on.

2.7 Security Incidents

Security incidents connected to an asset represent events where the asset was involved or affected.

Example: If a data leak exposed personal data from a specific asset, the security incident should be connected to that asset.

Related Articles
Create your first Asset
Asset Data Management
Did this answer your question?