ID.AM-02.124

Does your organization maintain a comprehensive inventory of all systems within your environment?

Explanation

A system inventory is a foundational security control that documents all hardware, software, and information systems that process, store, or transmit organizational data. Without knowing what systems exist in your environment, it's impossible to properly secure them against threats or ensure they meet compliance requirements. Evidence of fulfillment could include a centralized asset management database, spreadsheet, or specialized inventory management tool that lists all systems with details such as system name/ID, owner, location, purpose, operating system, IP address, and security classification.

Implementation Example

Maintain an inventory of the organization's systems

ID: ID.AM-02.124

Context

Function: ID: IDENTIFY
Category: ID.AM: Asset Management
Sub-Category: Inventories of software, services, and systems managed by the organization are maintained

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub