Overview #
Where to find it in ISOPlanner: https://portal.isoplanner.app/assets/overviewUse the Assets menu in ISOPlanner to describe the assets in your organization.
Properties #
When you add an asset, you can enter the following basic properties:
- Code
- Name
- Physical asset checkmark
- One or more tags
- [Premium] Containers that contain this newly created asset
Examples of assets are:
- Laptops
- Customer data
- CRM application
- Server 8
Important: only create assets on a level that you either want to classify as a group or that you want to identify a risk for. In other words, don’t create an asset for a specific laptop – instead create ‘Laptops’ as an asset. If you see specific risks for a specific type of laptops, say “Developer laptops”, then create those as a separate asset. Then you can also classify those developer laptops in another way.
For instructions on how to manage the list of assets, including on how to search, filter, remove and report, see list actions.
When you edit an asset, you can modify the following extra properties:
Description #
Describe your asset in this text field.
Unique ID #
Optionally give your asset a unique ID, perhaps referencing the asset registered in another system.
Status #
Choose from the following options:
- Active
- Registered
- Archived
The difference between ‘Active’ and ‘Registered’ is that a registered asset may not actually be in use yet.
Date active #
The date that the asset was actively taken in use.
Archiving date #
The date that the asset was archived – and therefore no longer in use.
Owner #
The person responsible for the asset.
List on SharePoint #
Here you can link a SharePoint list with items for this asset.
Example: create an asset ‘Laptops’ and link a list on SharePoint containing all laptops.
Standards #
If an asset in not relevant in all activated standards, then use this option to identify for which activated standards the asset is relevant.
Classifications #
Add classifications from a predefined list to the asset. An asset can be classified in several ways. For example, on Confidentiality, Environmental impact or Reputation.
Related information #
The pane which can be opened on the left contains more information related to asset. For example, in the ‘Library’ tab you can link documents to the asset. That may include a document that describes your asset. If the linked document lives in SharePoint, then you can include the document content in a tab in ISOPlanner with the asset.
Also, in the ‘Context’ tab, you can link risks and processes to this asset. Read more about related information.
Classifications #
List your classification here. They are grouped. A classification group is a topic for which you want to add classifications, like ‘Confidentiality’ or ‘Environment’.
Within that group, you may identify levels, such as ‘Internal’ and ‘Sensitive’ for the ‘Confidentiality’ group.
The classification groups as defined here will also be available in the ‘risk analysis’ part of all risks, with checkmarks to indicate that the risk is related to that topic (‘classification group’).
When adding or editing a classification, the following properties are available.
Group #
Select from the already available list of groups here. To add a new classification group, type its name over the current group name in this field instead of selecting from the list.
Value #
A numerical value that determines the level of the classification relative to other classifications in the group. For example, in the Confidentiality group the classification ‘Internal’ may have value 1, where the classification ‘Classified’ may have value 2.
Classification #
The name of classification within the group. Each classification within a group must be unique.
An option is provided to change the color of the classification.
Description #
A description of the classification for internal use. A rich text editor is available for formatting this description.
Examples #
You may provide examples of assets with this classification for internal use.
Editing classification groups #
With the ‘Edit group’ button, for a selected classification the following actions are available:
Rename #
To rename the group.
Remove #
To remove the entire group. It will also remove all classifications within the group and therefore remove them from any asset that had a classification within the group. It will also remove the classification group from the risk analysis part of all risks. That means that the information that the classification group was checked as applicable – or not – for all risks will disappear.
Group up #
Move the group up in the list of groups and underlying classifications.
Group down #
Move the group down in the list of groups and underlying classifications.