The information asset inventory is complete (the inventory includes all assets within the function)
Context and Guidance: This practice expands the inventory scope of ASSET-2a. The level of detail at which information assets are documented in the inventory should be determined with consideration for the importance and sensitivity of the asset to the organisation. In many cases, it may be beneficial to consolidate types of information assets into a single entry in the information asset inventory. For example, employee-created assets residing on individual workstations (such as files or databases) may not warrant separate entries in the information asset inventory, unless they have special or critical value to the delivery of the function. The relationship of assets to business functions should also be included to enable prioritisation and development of protection and sustainment strategies. The implementation of the inventory should be proportional to the organisation’s size, complexity, and risk. For example, for a small, low-complexity organisation, a simple spreadsheet may be used for the inventory. For larger, more complex organisations, more sophisticated methods such as a dedicated asset inventory application is appropriate.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ASSET-2a, ASSET-2b, ASSET-2f, ASSET-2g.