Checklist of ISO/IEC 27001-A.8.1.1 Inventory of assets


In today’s digital age, companies store a vast amount of data, including business data, digital certificates, passwords, and biometrics. 

It’s crucial for organizations to maintain an accurate inventory of their assets to secure their data effectively. 

A comprehensive inventory management process helps organizations maintain a complete, accurate, and up-to-date inventory of their assets, including software, infrastructure, and people.

Sample Checklist:

  • Review the inventory of assets: Start by reviewing the existing inventory management process. Identify any gaps and areas for improvement.
  • Digital data: Inventory all types of digital data, including business data and IT/support data. Include passwords, digital certificates, and keys.
  • Hardcopy information: Identify and inventory all hardcopy information, including system and process documentation, licenses, agreements, and contracts.
  • Software: Inventory all software, including system software, applications, IT management utilities, databases, middleware, and patches.
  • Infrastructure: Inventory all infrastructure, including servers, network devices, security devices, communication devices, cables, end-user devices, IoT devices, SANs, and back-up drives.
  • Information services and service providers: Inventory all information-related operations and services, including Internet and cloud services, third-party operations, and maintenance.
  • Physical security and safety: Inventory all physical security and safety equipment, including smoke detectors, alarms, fire suppression systems, power provision, air conditioning, server racks, and perimeter fences.
  • Business relationships: Inventory all business relationships with external parties, including suppliers, partners, customers, advisors, regulators, and authorities.
  • People: Identify and inventory all critical or valuable individuals with unique knowledge, experience, skills, expertise, or contacts.


Maintaining an accurate inventory of assets is critical for organizations to secure their data effectively. 

See also  Checklist of ISO/IEC 27001-A.12.5.1 Installation of software on operational systems

An inventory management process helps organizations identify gaps and areas for improvement, including digital data, hardcopy information, software, infrastructure, information services, physical security and safety, business relationships, and people. 

By following a comprehensive inventory management process, organizations can ensure that their assets are up-to-date, accurate, and complete.

Leave a comment

Your email address will not be published. Required fields are marked *