Resources
Everything you need to know
Company
Security and customers first
Close

Request a demo

Find out today the difference that Hicomply’s unique solution can make to your business.

Close

Thank you for your request

Success

In the meantime, connect with Hicomply for insights on authentication and fraud prevention

Close

ROI Calculator

See how much you could save with Hicomply

Hicomply feature Yearly saving
Automated scoping Easily scope your ISMS with the Hicomply platform
Asset register autogeneration A shorter learning curve for organisations and a simplified process
Risk assessment Autogenerate your risk register and risk treatment plan
Extended policy templates 90% of the essential are already written out of the box
Controls framework All controls are pre-loaded and already linked to the risks they mitigate
Task management Automate all actions, administration and setup time of your ISMS
Real time monitoring Understand status and progress across your ISMS with the Hicomply dashboard
Compliance & Training Your whole team, on the same page
Audit readiness Hicomply makes sure you have everything in place for your audit
Auditor access Give auditors a dedicated login to access and audit your ISM
Back to Knowledge & Insights

ISO 27001 Asset Register: How To Build Your Asset Inventory

When it comes to implementing ISO 27001, businesses need to provide a complete asset register as part of their information security management system (ISMS). Having an up-to-date ISO 27001 compatible asset register allows you to undertake risk assessments and delegate tasks to ensure each asset is safely managed and risks are suitably controlled. This also acts as evidence, showing your external auditor that your business protects and preserves its assets and is continually working to mitigate risk. In short, your asset register is a crucial part of your ISMS and is a key component when being assessed for ISO 27001 certification.

Which assets should I include?

You should include both physical and informational assets in your asset inventory, in line with the standard’s focus on information security and risk management. This means you should include assets such as data and intellectual property as well as physical assets like your offices, laptops and computers. A list of asset types we recommend including in your ISO 27001 asset register, no matter your business or industry, is below:

  • Physical security systems;
  • Licenses;
  • Removable media;
  • Electronic documentation;
  • Physical documentation;
  • System software;
  • Network equipment;
  • Networks;
  • Furniture;
  • Application software;
  • Critical business data;
  • Websites and webpages;
  • Mobile phones;
  • Desktop phones;
  • Personnel;
  • IP;
  • Contracts and agreements;
  • Electronic documentation;
  • Electronic correspondence;
  • Physical correspondence;
  • Hardware;
  • Laptops;
  • Desktop computers;
  • Internal services;
  • Removable media;
  • Outsourced services;
  • IP;
  • Partnerships;
  • Personally identifiable information (PII);
  • Electrical equipment;
  • Receipts, records and logs;
  • Installations/buildings.

Please note that the above list is not exhaustive, so be sure to consider any other asset types associated with your business’s information and information facilities.

What should my ISO 27001 asset register look like?

Below, you’ll see an ISO 27001 asset register example as viewed on the Hicomply platform. The asset name, type, location and owner are all visible, which allows an external auditor to assess your business against Annex A.8.1.1 – ensuring that your register is well-labelled, updated, free of errors and compliant with any other records available.

This can be a difficult task due to the constantly evolving nature of a business’s information and the assets themselves. Hicomply’s information asset management module allows assets to be quickly loaded into your workspace from your own list or our comprehensive library, with locations, asset details and ownership clearly identified. Once you have loaded your assets into the ISO 27001 asset register on the platform, the Hicomply software can also link your assets to other functionalities, such as policy and procedure documentation.

Asset register example

A step closer to implementing ISO 27001

Your asset register is complete, what’s the next step? You can now move on to step four of our six steps to success guide: undertaking risk assessment and task management. This involves assessing the level of risk to each asset and assigning tasks to specific users, or even every user in your business, to ensure appropriate controls are in place.

Ready to automate the administration of your ISMS and achieve ISO 27001 certification with Hicomply? Book your demo today.

More Insights

ISO27001
The 10 Biggest GDPR Fines Ever (2023)
ISO27001
The Rise of the Smishing Scam
ISO27001
Four Steps to Successful Cybersecurity Risk…