Working with assets

Assets represent things that are of value to your organization. Assets can be tangible, like laptops, servers, and software, or they can be intangible, like third-party business relationships, intellectual property, and policies. By tracking your organization's assets, you protect your organization from fraud, theft, compliance issues, and unacceptable risk. In the filing cabinet analogy, assets are folders.

Asset Inventory requires a subscription to IT Risk Management (previously ITRMBond) or Third Party Risk Management (previously ThirdPartyBond).

Note

When working with assets in the Projects or Frameworks apps, you must use the IT Risk and Control Assessment project type. You can also use the Secure Controls Framework template, which comes pre-populated with a catalog of risk categories, controls, and more content that you may find useful.

How it works

You create assets in the Asset Inventory app.

All assets are instances of an asset type. They are not children of that asset type (assets are root objects). The asset type is a class that defines the format and behavior of its assets: what attributes they have, what workflow they move through during their life-cycles, and who can see them and work on them. The exact behavior of each asset type is determined by its relationship to a workflow, record types, attribute types, and roles.

Example

Scenario

As part of your organization's third-party risk management program, you track all third-party assets using an asset type called Third Party.

Your organization wants to do business with a new vendor called Slack, to handle your internal communication needs. Before this can happen, you need to create a new Slack asset and put it through your normal third-party risk assessment process.

Process

  1. Navigate to the Third Party asset type.
  2. Create a new asset called Slack.
  3. Move Slack through your Third Party asset workflow.
    1. Register and categorize the asset by entering critical details about Slack, like the vendor's owner, risk manager, its type, a brief description, and a criticality level.
    2. Assess Slack's risk, either manually or by distributing a risk assessment and allowing HighBond to calculate an assessment for you.
    3. Activate Slack.

Result

Your Slack asset has been created, registered, categorized, and assessed. It is marked as Activated, and the purchase can go through. Periodically, you can re-assess Slack, and if your organization stops using it one day, you can archive it.

Creating, updating, and deleting asset types

We supply asset types as part of your solution. You cannot create, update, or delete asset types on your own, but you can engage our consulting team to customize your environment.

Managing associations between asset types and risk categories in frameworks

Manage associations between asset types and risk categories in a framework. Then, you can use those associations in a project, where you can assess risks and controls in the context of those assets.

  1. Open the Frameworks app.
  2. Open the framework you want to associate the asset types to.
  3. On the Assessment tab, navigate to a risk category's Overview tab.
  4. Under Associated asset types, click Manage associations.
  5. In the Manage asset type associations panel, select or deselect asset types to create or remove associations between them and the framework.
  6. Click Save.

Result You can now create a project using the asset type associations in your framework. If required, you can then add additional associations at the project level.

Importing risk categories from a framework to a project

After associating risk categories to asset types in a framework, you can import the risk categories into a project.

  1. Open the Projects app.

    The Projects homepage opens.

  2. Open a project you want to import objectives to.

    The project dashboard opens.

  3. Click the Assessment tab.
  4. Click Import Risk Category.
  5. Select the appropriate framework from the Framework list that you want to import risk categories from.
  6. Select the risk categories you want to import.
  7. Click Import.

    Result HighBond imports your selected risk categories.

For more information, see Cloning and importing objectives.

Note

Interface terms are customizable, and fields and tabs are configurable. Elsewhere in HighBond, the term for risk categories may vary.

Managing associations between assets and risk categories in projects

After you have associated asset types to risk categories in a framework, you can import those risk categories into a project. Then, in that project, you can choose individual assets from the asset types you associated with those risk categories, and mitigate the risks associated with those assets in your project.

Associating assets to projects

Create associations between assets and risk categories, so you can mitigate the risks associated with those assets in your project.

  1. Open the project you want to associate assets with, and click the Scoping & BIA tab.
  2. On the Scope tab, click Scope assets.
  3. In the Scope assets window, select an asset type and click Continue.
  4. Optional. Narrow down the list of assets by filtering by attribute types.
    1. Click Filter. In the Filter side panel, create one or more filters using any attribute types that have dropdown list inputs in Asset Inventory.
    2. Click Apply. HighBond filters out the assets that don't match your criteria.
  5. Select the assets you want to associate with your project and click Continue.
  6. Select the risk categories to associate with your project and click Continue.
  7. Review and finalize your selected assets and risk categories. You can go back and make changes, or click Save and scope assets to continue with your selected associations.

After associating assets with your project, you can click on the asset names to view more details about them, or to remove the association from your project.

Removing associations between assets and risk categories

You can remove the association between assets and risk categories if the assets are no longer needed, or if they were associated to risk categories accidentally. By removing those associations, you remove the assets from the scope of the project.

  1. Open the project you want to remove an associated asset from, and click the Scoping & BIA tab.
  2. On the Scope tab, navigate to the asset type associated with the asset you want to remove and click the Expand icon .
  3. Click the name of the asset you want to remove.
  4. In the Asset details panel that appears, click Remove asset.
  5. In the confirmation message that appears, click Remove asset.
  6. Repeat steps 1-5 for any remaining assets you want to deassociate from your project.

Result You have removed the associations between the required assets and risk categories from your project.

Creating assets

Add an asset to Asset Inventory, so you can store and gather information about it, assess the risks that come with it, and take actions to mitigate those risks.

  1. Open the Asset Inventory app.
  2. Navigate to the asset type you want to add your asset to.
  3. Click Add [asset type].
  4. In the Add [asset type] window, enter information about your new asset.
  5. Click Add. HighBond creates a page for your asset.
  6. On the Details tab, enter information about the asset. You must complete all required fields.
  7. Click Save changes.

Result Your asset has been created. You can begin to move it through its life-cycle by transitioning it to another status.

Updating asset details

You can update the data associated with an asset to reflect new information when that asset changes.

  1. Open the Asset Inventory app.
  2. Navigate to the asset type you want to edit.
  3. In the table that contains asset details, click the name of the asset you want to edit. If you have a large number of assets, you can search for the asset using any data associated with it, choose an attribute to sort the table by, or click Arrange to show or hide columns in the table.
  4. In the Details tab, update the required details and click Save changes.
  5. If your asset's status has also changed, you can transition it to another status.

Transitioning assets to another status

Transitioning assets to another status is how you move assets through their life-cycle. Depending on the workflow an asset type uses, different actions can happen during a transition. For example, HighBond might check that the required fields contain data, or it may trigger a questionnaire to get further information about the asset.

  1. Open the Asset Inventory app.
  2. Navigate to the asset type for the asset you want to transition.
  3. In the table that contains asset details, click the name of the asset you want to transition. If you have a large number of assets, you can search for the asset using any data associated with it, choose an attribute to sort the table by, or click Arrange to show or hide columns in the table.
  4. In the visual workflow, click the current status. A list appears, showing you the available statuses that you can transition to.

    Note

    Alternatively, click the Actions button to see a list of available statuses and actions relative to the current status.

  5. Click the status you want to transition the asset to.

Note

Different status transitions can require different conditions, such as certain attributes being filled in; or they can trigger events, like sending questionnaires to gather incomplete information. If you have problems moving your asset to another status, contact a System Admin or your Diligent representative for assistance.

Linking assets with other assets or asset records

You can create custom relationships between assets and other assets, or with asset records. For more information, see Managing relationships in Asset Inventory.

Deleting assets

You can permanently delete assets. Generally, unless an asset was created in error, it's better to transition it through its normal life-cycle.

Caution

Deleting an asset cannot be undone. This will also delete any associated work, including its asset profile, and any related assessments or related records. Make sure you do not need any of these things before you delete an asset.

  1. Open the Asset Inventory app.
  2. Navigate to the asset type for the asset you want to delete.
  3. In the table that contains asset details, click the name of the asset you want to transition. If you have a large number of assets, you can search for the asset using any data associated with it, choose an attribute to sort the table by, or click Arrange to show or hide columns in the table.
  4. On the page for that asset, click Actions, then Delete.
  5. Click Delete to confirm. The asset is deleted.