Asset inventory
The inventory is displayed as a table. Each row represents one asset with its classification attributes and calculated criticality.Default assets
ISOwl ships with four pre-configured example assets to illustrate the data model:| ID | Name | Type | Owner | C | I | D | Criticality |
|---|---|---|---|---|---|---|---|
| A001 | Base de Datos de Clientes | Información | CISO | 3 | 3 | 3 | Critical |
| A002 | Servidor ERP Principal | Hardware | IT | 2 | 3 | 2 | Critical |
| A003 | Código Fuente App Móvil | Software | DevOps | 3 | 2 | 1 | Critical |
| A004 | Despachos Gerencia | Infraestructura | Operaciones | 1 | 1 | 1 | Normal |
Default assets are examples only. Replace or remove them to reflect your organisation’s actual asset inventory before conducting a formal risk assessment.
Adding an asset
Enter the asset name
Provide a descriptive name that clearly identifies the asset (e.g. Customer Database, Office Wi-Fi Network).
Select the asset type
Choose one of the six asset types:
| Type | Examples |
|---|---|
| Information | Databases, customer records, contracts |
| Hardware | Servers, laptops, mobile devices |
| Software | Applications, operating systems, SaaS tools |
| Infrastructure | Network equipment, data centres, offices |
| Services | Cloud providers, outsourced services |
| People | Key personnel, roles with privileged access |
Assign an owner
Enter the name or role of the person responsible for this asset (e.g. CISO, IT Manager).
Score confidentiality, integrity, and availability
Set each CIA dimension on a scale of 1 to 3:
Criticality is calculated automatically as:
| Score | Level | Description |
|---|---|---|
| 1 | Low | Breach has minimal impact |
| 2 | Medium | Breach has significant but recoverable impact |
| 3 | High | Breach has severe or irreversible impact |
Criticality levels
Criticality is derived from the highest CIA score and used to colour-code assets throughout the application:| Max CIA score | Criticality | Color |
|---|---|---|
| 3 | Critical | Rose (red) |
| 2 | Important | Amber (yellow) |
| 1 | Normal | Emerald (green) |
Editing and deleting assets
- Edit an asset
- Delete an asset
Click the edit icon on any asset row to open the asset edit form. All fields — name, type, owner, and CIA scores — can be updated. Changes take effect immediately and are reflected in any linked risk entries.
Link between assets and risks
Every risk in the Risk Management module must be linked to an asset. This ensures that:- Risk exposure can be attributed to specific assets.
- Deleting an asset also removes orphaned risks.
- High-criticality assets can be prioritised for risk treatment.
Frequently asked questions
Can I import assets from a spreadsheet?
Can I import assets from a spreadsheet?
Bulk import is not currently supported. Assets must be added individually through the form. You can use the default example assets as a starting point and edit them to match your inventory.
What does an availability score of 1 mean for a critical database?
What does an availability score of 1 mean for a critical database?
A score of 1 on availability means that short-term unavailability of this asset has minimal business impact. If the database underpins core business operations, the availability score should be 3. Ensure CIA scores reflect your actual business context.
Can an asset belong to more than one risk?
Can an asset belong to more than one risk?
Yes. A single asset can be linked to multiple risk entries. For example, a customer database might have separate risks for ransomware, accidental deletion, and unauthorised access.
How are assets used in the compliance modules?
How are assets used in the compliance modules?
Assets are used as the foundation for risk assessments in the Risk Management module and in Clause 6 of the Clauses module. They are not directly linked to individual Annex A controls, but high-criticality assets should inform which controls you prioritise in the SoA.