Adding Physical and Virtual Assets to the Register
The Physical & Virtual Asset Register allows you to keep track of important assets within your business, and comply with standards such as ISO 27001 and SOC 2, as they require an up-to-date list of both physical and virtual assets, including tings like laptops, servers, virtual machines, cloud resources, and software applications.
Once you have accessed the Physical & Virtual Asset Register, you will be presented with a page similar to the following. To add a new asset, click the Create Asset button on the top right, as shown below:
Once selected, a new window will open prompting you to add information about the asset you wish to register. Let's examine each of these areas:
Field | Purpose | Mandatory? |
|---|---|---|
Asset ID | The name/internal designation of the asset | Yes |
Serial Number | The serial number if the asset is a device | No |
Status | The current status of the asset (e.g. In storage, in use, destroyed) | Yes |
Importance | The associated importance of the asset | Yes |
Asset Description | A description of what the asset is | Yes |
Asset Purpose | A short explanation of what the asset is used for | Yes |
Data Held on Asset | An overview of the data currently stored on the asset | Yes |
Asset Owner | Who currently owns/is using the asset | Yes |
Classification | Whether the asset is public, for internal use, or confidential | Yes |
Location | Where the asset is currently located, either physically or digitally | Yes |
Assigned | The date the asset was assigned to the asset owner | No |
Last Checked By | Who the asset was last checked by | Yes |
Last Checked On | The date the asset was last reviewed | Yes |
Returned | Whether the asset has been returned to the business (e.g. returning a work phone or laptop) | No |
Destruction Certificate Number | The destruction certificate number if the asset has been disposed of | No |
Once this information has been added, the asset will appear in the register, as shown by the two examples above. It's vital that this list is updated regularly, and that reviews of all currently held assets take place frequently. An asset register is required by standards such as ISO 27001 and SOC 2 because it is incredibly difficult to protect something if you are unaware of its existence.
Auditors will want to see these lists to verify that you are aware of all aspects of your business, and that the appropriate steps are taken to ensure security, such as the patching of work devices, or the destruction of redundant hardware like storage drives.
Updated on: 26/06/2025
Thank you!