Asset Inventory
Complete IT asset list for ISMS
Practitioner's note: This article is practice-oriented compliance documentation, not legal advice. We are a compliance specialist, not a law firm. For legally binding information please consult a licensed lawyer.
TL;DR
Asset inventory is the structured recording of all IT assets requiring protection. ISO 27001 (5.9) and Section 30 (2) No. 1 NIS2 require complete inventorisation.
What is an asset inventory?
Asset classes:
- Hardware (servers, PCs, mobile)
- Software (licences, versions)
- Data (classification, owner)
- Cloud services (SaaS, IaaS)
- Network (switches, routers, firewalls)
- People (with access)
Tools: GLPI, Snipe-IT, Microsoft Intune, Lansweeper.
Practical example
An SME with 80 employees inventories: 95 end-user devices, 23 servers, 47 SaaS tools, 12 data classes, 134 user accounts. Quarterly update.
Frequently asked questions
Update cycle?
On every change plus a monthly reconciliation audit.
What counts as an asset?
Anything that has value for a business process. SaaS subscriptions included.