The ICT Asset Management module maintains a comprehensive inventory of all ICT assets supporting your organization's critical and important functions. This inventory is a core requirement under DORA Article 8 and supports risk assessment, business continuity planning, and third-party dependency mapping.

Asset List Page

The asset list provides a filterable, sortable view of all registered ICT assets.

Filters

FilterOptionsDescription
SearchFree textSearch by asset name, description, or location.
Asset TypeHardware, Software, Network, Data, Cloud Service, Virtual Infrastructure, Endpoint, OtherFilter by the type classification of the asset.
CriticalityCritical, Important, SupportingFilter by the criticality level assigned to the asset based on its role in supporting business functions.
StatusActive, Inactive, Decommissioned, PlannedFilter by the current operational status of the asset.

Table Columns

ColumnDescription
Name + LocationThe asset name with the physical location displayed beneath it. Click to open the asset detail/edit form.
TypeThe asset type classification (Hardware, Software, Network, etc.).
CriticalityDisplayed as a color-coded badge: Critical (red), Important (amber), Supporting (gray).
CIAThree small pill indicators showing the Confidentiality, Integrity, and Availability ratings. Each pill displays a number from 1-5 and is color-coded: 1-2 (green/low), 3 (amber/moderate), 4-5 (red/high impact). Hover for the full label.
ProviderThe linked ICT provider name, if assigned.
StatusA badge showing the operational status: Active (green), Inactive (gray), Decommissioned (red), Planned (blue).

Creating or Editing an Asset

Click New Asset to create a new entry, or click an existing asset name to edit it. The form covers identification, classification, technical details, and relationships.

Identification

FieldTypeDescription
NameText inputA unique, descriptive name for the asset (e.g., "Production Database Server", "Azure AD Tenant", "Core Banking Application"). Required
DescriptionTextareaA detailed description of the asset's purpose, function, and significance to the organization. Optional

Classification

FieldTypeDescription
Asset TypeSelect dropdownThe category of the asset. Options:
Hardware — Physical servers, routers, switches, storage arrays, etc.
Software — Applications, operating systems, middleware, databases.
Network — Network infrastructure, firewalls, load balancers, VPNs.
Data — Data stores, databases, data lakes, file shares.
Cloud Service — SaaS, PaaS, IaaS services (e.g., Azure, AWS, GCP).
Virtual Infrastructure — Virtual machines, containers, orchestration platforms.
Endpoint — Workstations, laptops, mobile devices, thin clients.
Other — Assets that do not fit the above categories.
StatusSelect dropdownThe current operational state:
Active — Currently in production use.
Inactive — Exists but not currently in use.
Decommissioned — Retired from service.
Planned — Approved but not yet deployed.
CriticalityRadio buttonsThe importance of this asset to the organization's critical functions:
Critical — Essential for critical or important business functions. Disruption would have severe impact.
Important — Supports important functions but has some redundancy or workaround options.
Supporting — Used in day-to-day operations but disruption would have limited impact.

Location and Network

FieldTypeDescription
Physical LocationText inputWhere the asset is physically located. Examples: "Frankfurt DC-1", "AWS eu-west-1", "Office Floor 3 Rack B". Optional
Logical LocationText inputThe network or architectural placement. Examples: "Production VLAN", "DMZ", "Management Network", "Azure West Europe". Optional
IP AddressText input (monospace)The primary IP address of the asset, displayed in monospace font for readability. Optional
HostnameText input (monospace)The DNS hostname or FQDN of the asset, displayed in monospace font. Optional
External ExposureCheckboxCheck if this asset is directly accessible from the internet. Externally exposed assets typically warrant higher scrutiny in risk assessments.
⚠️
Externally exposed assets are prime targets for cyber threats. Ensure these assets have appropriate controls, regular vulnerability assessments, and are included in penetration testing scope.

CIA Rating

Rate the asset across the three dimensions of information security. Each dimension uses a 1-5 scale with descriptive labels:

DimensionRating Scale
Confidentiality1: Not rated — 2: Low impact — 3: Moderate — 4: High impact — 5: Critical. Measures the sensitivity of information the asset handles and the impact of unauthorized disclosure.
Integrity1: Not rated — 2: Low impact — 3: Moderate — 4: High impact — 5: Critical. Measures the importance of data accuracy and the impact of unauthorized modification.
Availability1: Not rated — 2: Low impact — 3: Moderate — 4: High impact — 5: Critical. Measures how essential continuous access to this asset is and the impact of downtime.

Each rating is selected by clicking one of five pills (1 through 5). The selected pill is highlighted and the descriptive label updates accordingly.

💡
CIA ratings inform risk assessment scoring and help prioritize controls. An asset with high Availability (4-5) should have robust redundancy and disaster recovery measures. High Confidentiality (4-5) warrants encryption and strict access control.

Recovery Objectives

FieldTypeDescription
RTO (Recovery Time Objective)Text inputThe maximum acceptable time to restore this asset after a disruption (e.g., "4 hours", "30 minutes", "1 business day"). Optional
RPO (Recovery Point Objective)Text inputThe maximum acceptable amount of data loss measured in time (e.g., "1 hour", "15 minutes", "zero"). Optional

Lifecycle Information

FieldTypeDescription
VersionText inputThe current version or firmware level of the asset (e.g., "16.0.4", "Ubuntu 22.04 LTS"). Optional
License InfoText inputLicensing details such as license type, key, or subscription tier. Optional
Support End DateDate pickerThe date vendor support expires. Assets past support end date represent increased risk. Optional
End of LifeDate pickerThe date the asset reaches end of life and should be replaced or decommissioned. Optional

Relationships

FieldTypeDescription
ICT ProviderSelect dropdownThe third-party provider or vendor that supplies or manages this asset. Populated from the ICT Providers register. Optional
Business FunctionsMulti-select checkboxesSelect one or more business functions that depend on this asset. Functions marked as critical in the Register of Information display a Critical badge to highlight their importance.
DependenciesMulti-select (assets)Select other ICT assets that this asset depends on. This builds a dependency map used for impact analysis and business continuity planning.
ℹ️
Asset dependencies are essential for understanding cascading failure scenarios. If a Critical asset depends on a Supporting asset, the Supporting asset's effective criticality may need to be reassessed.

Review Dates

FieldTypeDescription
Last Review DateDate pickerWhen this asset record was last reviewed and confirmed accurate. Optional
Next Review DateDate pickerWhen this asset should next be reviewed. DORA requires periodic review of the ICT asset inventory. Optional