Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Asset Register Guideline

Find a step-by-step overview of how to complete Asset Registers in the Copla Platform.

Topics covered in this page:

 

 

Accessing the Register

    • Go to the system and navigate to the “Dynamic Registers” field.

    • Click on “Register List”, then proceed to the “Asset Register” section.

Asset Identification

    • A unique Asset ID should be created by the customer for each asset entered.

    • Ensure that the ID format is consistent and traceable (e.g., SW-001, HR-EMP-03).

 

Field-by-Field Completion

    • Each column in the register represents a required or optional detail to be captured.

    • Follow the detailed column descriptions in the next section to ensure accurate and compliant completion.

Column-by-Column Completion Guide

Column

Description (with details & examples)

Required (People)

Required (Device/Hardware)

Required (3rd Party)

Asset ID

A unique identifier you create for each asset (e.g., ASSET-001, HR-DEV-03). This ensures traceability and consistency across the asset inventory. Recommended to follow a consistent naming convention across categories.

✅ Yes

✅ Yes

✅ Yes

Asset Name / Description

A clear name and short description of the asset. Example: “John Doe – Security Engineer” for a person, or “AWS EC2 Production Instance” for a system. This should allow someone unfamiliar with the asset to understand what it is immediately.

✅ Yes

✅ Yes

✅ Yes

Asset Category

A more specific classification within a category (e.g., for People: “Top Management” / “Employees – Experts”; for Software: “Licensed Paid Software”, “CRM SaaS”). Helps refine reporting and controls per sub-group.

⚠️ Pre-filled

    

⚠️ Pre-filled

⚠️ Pre-filled

      

Asset Sub-category

A more specific classification within a category (e.g., for People: “Top Management” / “Employees – Experts”; for Software: “Licensed Paid Software”, “CRM SaaS”). Helps refine reporting and controls per sub-group.

✅ Yes

✅ Yes

✅ Yes

Asset Class

Type of the asset: Physical (tangible equipment), Digital (software, SaaS, databases), HR (employees, contractors), Logical (networks, access rights). Add clear definitions and examples for each to avoid confusion.

✅ Yes

✅ Yes

✅ Yes

Location

The physical or logical location of the asset. For People: office site or remote location. For Devices: data center, HQ, or cloud region (e.g., Azure West Europe, Google Drive).

✅ Yes

✅ Yes

✅ Yes

Assigned To / Owner

The individual, department, or team currently using or responsible for the asset. For People assets, this is the person themselves; for systems, the department using it (e.g., Finance Team).

✅ Yes

✅ Yes

✅ Yes

Responsible Manager

The accountable manager or role overseeing the asset. Ensures ownership and governance. Example: CTO for servers, HR Manager for employee records.

✅ Yes

✅ Yes

✅ Yes

Issue Date

The date when the asset was acquired, onboarded, or assigned. For employees, it is their employment start date. For devices, the purchase or allocation date.

✅ Yes

✅ Yes

✅ Yes

Decommissioning Date

Planned date when the asset will be retired or replaced. Useful for lifecycle planning. For People, this can be end-of-contract; for Devices, expected replacement date.

❌ Optional

✅ Yes

❌ Optional

Retention Period

How long the asset/data must be retained. People: employee file retention (e.g., 5 years after termination). Devices: logs kept until warranty/contract end. Third Party: vendor data retention obligations.

✅ Yes (HR/legal records)

✅ Yes

✅ Yes

Disposal Method

Method of secure disposal at end-of-life. People: not applicable (covered under HR exit process). Devices: shredding, wiping, degaussing. Third Party: vendor’s certified disposal method.

❌ No

✅ Yes

✅ Yes

Support end date

When official support ends. People: not applicable. Devices: manufacturer/vendor support expiration. Third Party: contract or SLA end date.

❌ No

✅ Yes

✅ Yes

Return Date

When asset is expected to be returned (e.g., employee laptop after leaving, vendor-leased equipment).

✅ Yes (for issued devices)

✅ Yes

✅ Yes

Actual Return Date

The real return date (must match/close to Return Date). Key for audits.

✅ Yes

✅ Yes

✅ Yes

Condition on Return

Physical/operational state when returned. People: laptop damaged/good. Devices: condition check. Third Party: service/system audit.

✅ Yes (if issued equipment)

✅ Yes

✅ Yes

Condition Comments

Additional notes on asset return condition. Example: “Screen cracked”, “HDD replaced before return”.

✅ Yes (if equipment assigned)

✅ Yes

✅ Yes

Exposure to external networks

Whether asset is connected to/publicly exposed on external networks. People: N/A. Devices: internet-facing servers. Third Party: cloud service endpoints.

❌ No

✅ Yes

✅ Yes

Business Function Supported

Which business process relies on this asset. People: “Payroll management”. Devices: “Network security”. Third Party: “Outsourced HR services”.

✅ Yes

✅ Yes

✅ Yes

Interdependencies

Dependencies with other assets. People: role depends on specific tools. Devices: DB depends on storage. Third Party: vendor tied to internal systems.

✅ Yes

✅ Yes

✅ Yes

Asset Value

People: assessed as the strategic/business value of the employee’s role, not salary, but impact if unavailable.

      

Devices: financial value (purchase price, depreciation) or operational impact.

✅ Yes

✅ Yes

✅ Yes

  

Asset Group / System

The system or grouping the asset belongs to. For example, “Payroll System” for HR software, or “Corporate Wi-Fi” for infrastructure.

✅ Yes

✅ Yes

✅ Yes

Is Cloud-based?

Indicates whether the asset is hosted in the cloud (Yes/No). For SaaS/software, always specify.

❌ No

✅ Yes

✅ Yes

Hosting Provider

If cloud-based, state the provider (e.g., AWS, Azure, Google Cloud). Ensures clarity on external dependencies.

❌ No

❌ Optional

✅ Yes

Used by Third Party (Y/N)

Whether the asset is accessible to or managed by a third party. Example: Payroll SaaS used by external provider = Yes. Helps with third-party risk management.

✅ Yes (if outsourced HR)

✅ Yes (if external support)

✅ Yes

Key Functions / Use

The purpose of the asset. For People: role and responsibilities (“Incident Response Lead”). For Devices: main function (“Customer database server”).

✅ Yes

✅ Yes

✅ Yes

Justification for Inclusion

Why the asset is tracked in the register. Example: “Critical for DORA compliance”, “Stores customer data”. Ensures each entry is business-relevant.

✅ Yes

✅ Yes

✅ Yes

Data Type Handled

Types of information managed by the asset: Personal Data, Credentials, Financial Records. For People: what data they work with; for Devices: what data is stored/processed.

✅ Yes

✅ Yes

✅ Yes

Business Continuity Requirements

Defines recovery needs if the asset fails. Example: “Must be restored within 4 hours”. For People: how quickly role needs backup; for Devices: RTO/RPO definitions.

✅ Yes

✅ Yes

✅ Yes

Confidentiality Level

People: how sensitive the data linked to them is (HR files, contracts). Example: High for HR staff with personal data.

      

Devices: how sensitive the data stored/processed is. Example: High for production DB server, Low for projector.

✅ Yes

✅ Yes

✅ Yes

  

Integrity Level

People: importance of correctness of the work/data they handle. Example: Finance manager = High.

      

Devices: criticality of accuracy of data. Example: database = High, printer = Low.

✅ Yes

✅ Yes

✅ Yes

  

Availability Level

People: how important it is that the person is reachable/active. Example: Incident responder = High, external consultant = Moderate.

      

Devices: uptime needs. Example: authentication server = High, training laptop = Low.

✅ Yes

✅ Yes

✅ Yes

  

Business Criticality

People: business impact if they are unavailable. Example: CEO = Critical, intern = Low.

      

Devices: impact of failure. Example: Firewall = Critical, scanner = Low.

✅ Yes

✅ Yes

✅ Yes

  

Backup Status

People: indirectly relevant (e.g., backup of their documents/work CEO backup CCO).

      

Devices: whether backups are enabled (e.g., daily server snapshot).

⚠️ Conditional

✅ Yes

✅ Yes

  

Legacy System (Yes/No)

People: not applicable.

      

Devices: whether the system/equipment is outdated but still in use (e.g., unsupported OS).

❌ No

✅ Yes

✅ Yes (if vendor runs legacy system)

  

Relevant Regulations / Standards

List applicable compliance frameworks: DORA, GDPR, ISO 27001, etc. Each asset should be mapped to the regulatory context.

✅ Yes

✅ Yes

✅ Yes

Related Documentation / Links

Internal references: architecture docs, contracts, manuals, runbooks. Helps auditors and colleagues quickly find related material.

❌ Optional

❌ Optional

✅ Yes

Status

Current lifecycle stage: Active, Planned, Retired, Legacy. Important for lifecycle & risk tracking.

✅ Yes

✅ Yes

✅ Yes

Asset Types for Guidance

Asset Category

Asset Sub-category

Asset Class

People

Top Management

HR

People

Middle Management

HR

People

Employees – Experts

HR

People

Other Employees

HR

People

Part-time External Employees

HR

Software

Licensed Paid Software

Digital

Software

Freeware / Shareware

Digital

Software

Development Tools

Digital

Software

Communication Tools

Digital

Software

Security Tools

Digital

Software

IT Monitoring

Digital

Software

Backup Software

Digital

Software

Virtualization

Digital

Software

Database Clients

Digital

Software

Graphic Editors

Digital

Software

Browsers

Digital

Software

Email Clients

Digital

Software

File Transfer

Digital

Software

Accounting Software

Digital

Software

ERP

Digital

SaaS

Collaboration

Digital

SaaS

File Sharing

Digital

SaaS

Project Management

Digital

SaaS

CRM

Digital

SaaS

Communication

Digital

SaaS

HR Management

Digital

SaaS

Payroll

Digital

SaaS

Accounting

Digital

SaaS

Cloud Storage

Digital

SaaS

Developer Platforms

Digital

SaaS

CI/CD Tools

Digital

SaaS

Cloud Services

Digital

SaaS

Monitoring & Logging

Digital

SaaS

Marketing Automation

Digital

SaaS

Social Media Management

Digital

SaaS

Customer Support

Digital

SaaS

Document Management

Digital

SaaS

eCommerce Platforms

Digital

SaaS

Learning Management Systems

Digital

SaaS

Security Tools

Digital

SaaS

DNS Management

Digital

SaaS

Vulnerability Scanners

Digital

SaaS

Endpoint Detection

Digital

SaaS

Compliance Mgmt

Digital

SaaS

Password Management

Digital

SaaS

MDM

Digital

SaaS

Time Tracking

Digital

SaaS

Productivity Tools

Digital

SaaS

BI/Reporting

Digital

SaaS

A/B Testing

Digital

SaaS

Code Repositories

Digital

SaaS

Container Registry

Digital

SaaS

Payment Processing

Digital

SaaS

Pen Testing Platforms

Digital

SaaS

E-Signature Tools

Digital

Applications & Databases

Tools

Digital

Applications & Databases

Databases

Digital

Documentation

Contracts

Digital

Documentation

Correspondence

Digital

Documentation

Logs

Digital

Documentation

Manuals

Digital

Documentation

Standards

Digital

Documentation

Receipts

Digital

Documentation

Training Docs

Digital

Documentation

HR Docs

Digital

Documentation

Accounting Docs

Digital

IT, Communication & Other Equipment

Desktops

Physical

IT, Communication & Other Equipment

Laptops

Physical

IT, Communication & Other Equipment

Mobile Devices

Physical

IT, Communication & Other Equipment

Servers

Physical

IT, Communication & Other Equipment

Network Equip.

Physical

Infrastructure

Physical Premises

Physical

Infrastructure

Archives

Physical

Infrastructure

Warehouses

Physical

Infrastructure

Safes/Cabinets

Physical

Outsourced Services

Power Supply

Other

Outsourced Services

Communication Links

Other

Outsourced Services

ICT Maintenance

Other

Outsourced Services

Info Systems Maintenance

Other

Outsourced Services

Mail Services

Other

Outsourced Services

Audit Services

Other

Outsourced Services

Consulting

Other