Home / ISO 27001 Glossary of Terms / Inventory of assets

Inventory of assets

13/09/2025

Author: Stuart Barker | ISO 27001 Expert and Thought Leader

An asset inventory is a detailed list of all the things a company owns. Think of it like a treasure map for a business’s stuff, but instead of ‘X marks the spot,’ the map shows exactly what each item is, where it is, and who’s in charge of it. This includes everything from computers and software to office furniture and important documents. Keeping this list up-to-date helps a company know what it has and where everything is.

Examples

  • Computers: This includes laptops, desktops, and servers. Each entry would list the computer’s name, its location, and the person who uses it.
  • Software: This list would include all the programs a company has, like word processors, design tools, and security software.
  • Data: This is a record of important information, such as customer lists and financial reports. It’s important to know where this data is stored and who can access it.

Context

An asset inventory is a key part of asset management, which is the process of keeping track of and managing a company’s assets. It’s super important for things like figuring out what equipment needs to be replaced, making sure a business has enough insurance, and keeping its information safe. Without a good inventory, a business might not know if something is missing or if it’s being used incorrectly. This can lead to problems like lost items or security risks.

Relevant ISO 27001 Controls

The following controls from the ISO/IEC 27001:2022 standard are related to the inventory of assets:

ISO 27001:2022 Annex A 5.9 Inventory Of Information And Other Associated Assets: This control requires an organisation to create and maintain an inventory of all assets associated with information and information processing facilities.

ISO 27001:2022 Annex A 5.11 Return Of Assets: This controls sets rules for returning assets to the organisation when no longer required.

ISO 27001:2022 Annex A 5.10 Acceptable Use Of Information And Other Associated Assets: This control requires that rules be established and enforced for the acceptable use of information and assets.

ISO 27001:2022 Annex A 7.9: Security Of Assets Off-Premises: This control requires controls to be in place when assets are away from the organisation.

About the author

Stuart Barker is an information security practitioner of over 30 years. He holds an MSc in Software and Systems Security and an undergraduate degree in Software Engineering. He is an ISO 27001 expert and thought leader holding both ISO 27001 Lead Implementer and ISO 27001 Lead Auditor qualifications. In 2010 he started his first cyber security consulting business that he sold in 2018. He worked for over a decade for GE, leading a data governance team across Europe and since then has gone on to deliver hundreds of client engagements and audits.

He regularly mentors and trains professionals on information security and runs a successful ISO 27001 YouTube channel where he shows people how they can implement ISO 27001 themselves. He is passionate that knowledge should not be hoarded and brought to market the first of its kind online ISO 27001 store for all the tools and templates people need when they want to do it themselves.

In his personal life he is an active and a hobbyist kickboxer.

His specialisms are ISO 27001 and SOC 2 and his niche is start up and early stage business.