What is an asset register?
An asset register is a detailed list of all valuable things a company owns. Think of it as a master inventory for a business, but instead of just products for sale, it lists everything from computers and software to office buildings and vehicles. This list helps a company keep track of its resources, know their value, and protect them.
Examples
- A software company’s asset register might list every server, laptop, and software license it owns, including the date they were bought, their serial numbers, and their location.
- A manufacturing company’s asset register would include large machinery, tools, and company vehicles, along with details like purchase price and who is responsible for each item.
- A hospital’s asset register would track everything from MRI machines to patient data systems and even medical equipment like stethoscopes.
Context
Having an accurate asset register is vital for a few reasons. It helps with financial reporting, as a company needs to know the value of what it owns. It’s also critical for security. For instance, if a company wants to protect its most important data, the first step is to know which computers or servers hold that data. This is where the asset register comes in—it tells the company exactly what needs to be protected.
The process of creating and maintaining this list is called asset management. It’s a key part of good business practice and a core part of protecting a company’s information and physical property.
Relevant ISO 27001 Controls
The following controls from the ISO/IEC 27001:2022 standard are related to the asset register:
- ISO 27001:2022 Annex A 5.9 Inventory Of Information And Other Associated Assets: This control requires an organisation to create and maintain an inventory of all assets associated with information and information processing facilities.
- ISO 27001:2022 Annex A 5.11 Return Of Assets: This controls sets rules for returning assets to the organisation when no longer required.
- ISO 27001:2022 Annex A 5.10 Acceptable Use Of Information And Other Associated Assets: This control requires that rules be established and enforced for the acceptable use of information and assets.
- ISO 27001:2022 Annex A 7.9: Security Of Assets Off-Premises: This control requires controls to be in place when assets are away from the organisation.