When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this to maintain the inventory required by A.5.9 for information and associated assets, including owners, custodians, classification, location, backup/recovery, retention, and disposal status.
Inventory
| Asset ID | Asset name | Asset type | Owner | Custodian | Location/hosting | Business value | Classification | Special requirements | Backup/DR | Retention/lifespan | Status | Last reviewed |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TBD | TBD | Information / Hardware / Software / Service / Document / Process / Media | TBD | TBD | TBD | TBD | TBD | Personal data / Regulated / Confidential / None | TBD | TBD | Active / Retired / Disposed | TBD |
Disposal record
| Asset ID | Disposal date | Disposal method | Approved by | Performed by | Recipient/vendor | Evidence location |
|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD | TBD |
Maintenance checklist
- Major information and associated assets are included.
- Each important asset has an owner.
- Custodians are assigned where day-to-day operation is delegated.
- Business value and security classification are recorded.
- Location or hosting is recorded.
- Backup and disaster recovery arrangements are recorded.
- Retention period or lifespan is recorded.
- Software and licensing details are tracked where relevant.
- Disposals are recorded.
- Project, procurement, and change processes update the inventory.
- Inventory accuracy is checked at least annually.
- Inventory access is restricted and backed up.
Related notes
- Template
- Iso27001
- A5 9
- Asset management
Note Metadata
Aliases: Asset Inventory, Information Asset Register
Source: 90 Templates/Information and Associated Asset Inventory.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- Risk Assessment
- ISO 27001 A.5.10 - Acceptable Use of Information and Other Associated Assets
- ISO 27001 A.5.11 - Return of Assets
- ISO 27001 A.5.12 - Classification of Information
- ISO 27001 A.5.13 - Labelling of Information
- ISO 27001 A.5.32 - Intellectual Property Rights
- ISO 27001 A.5.33 - Protection of Records
- ISO 27001 A.5.34 - Privacy and Protection of PII
- ISO 27001 A.5.9 - Inventory of Information and Other Associated Assets
- A.5.11 Audit Evidence Pack
- A.5.9 Audit Evidence Pack
- ISO 27001 A.8.10 - Information Deletion
- A.5 Organizational Controls Implementation Guide
- ISMS Implementation Roadmap
- ISO 27005 Risk Process Notes
- ISO 27002 Annex A Control Interpretation Map
- A.5.9 Audit Checklist
- Asset Return Checklist
- Backup Scope and Coverage Register
- Template - Control Owner Register
- Information Classification and Handling Matrix
- Intellectual Property Rights Register
- Records Retention and Protection Register
- Software and Content Licence Compliance Inventory
- Templates MOC