Content library
Management of data sets
Documentation of assets inventories outside the ISMS
Management of data sets
Management of data sets

Documentation of assets inventories outside the ISMS

Start free trial

Task description

Documentation of assets inventories outside the ISMS

Assets to be protected related to information and data processing services should be inventoried. The purpose is to ensure that the cyber security is focused on the necessary information assets.

Inventory can be done directly in the management system, but an organization may have other, well-functioning inventory locations for certain assets (including code repositories, databases, network devices, mobile devices, workstations, servers, or other physical assets).

Describe in this task, which lists outside the management system are related to protection of information assets.

Requirements connected to the task

1.1: Establish and Maintain Detailed Enterprise Asset Inventory
CIS 18 controls
1.3.1: Identification of information assets
TISAX: Information security
12.2.9° (actifs): Gestion des biens
Projet de loi n° 8364 (Luxembourg)
13.1.f (activ): Gestionarea activelor
Ordonanța de Urgență a Guvernului nr. 155/2024 (România)
14.5.10.c): Turto valdymas
Kibernetinio Saugumo Įstatymas (Lithuania)
15.2.θ (ενεργητικό): Διαχείριση περιουσιακών στοιχείων
Εθνική αρχή για την ασφάλεια στον κυβερνοχώρο και άλλες διατάξεις (Ελλάδα)
15.5.γ: Απογραφή των περιουσιακών στοιχείων
Εθνική αρχή για την ασφάλεια στον κυβερνοχώρο και άλλες διατάξεις (Ελλάδα)
19.2.i (assi): Ġestjoni tal-assi
Avviż Legali 71 tal-2025 (Malta)
2.4: Utilize Automated Software Inventory Tools
CIS 18 controls
21.2.i (assets): Asset management
NIS2 Directive

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Rules ensuring secure network data transfer
Critical
High
Normal
Low
Management of data sets
5
requirements

Examples of other requirements this task affects

5.1.2: Information transfer
TISAX
PR.AA-04: Identity assertions
NIST 2.0
PR.DS-02: Data-in-transit is protected
NIST 2.0
Article 35: Data, system and network security
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Rules ensuring secure network data transfer
Personnel guidelines for file usage and local data
Critical
High
Normal
Low
Management of data sets
12
requirements

Examples of other requirements this task affects

7.2.2: Information security awareness, education and training
ISO 27001
11.2.9: Clear desk and clear screen policy
ISO 27001
6.6.4: Fyysisten tilojen, laitteiden ja tulosteiden turvallisuus
Omavalvontasuunnitelma
FYY-04: Tiedon säilytys
Julkri
5.10: Acceptable use of information and other associated assets
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Personnel guidelines for file usage and local data
Documentation of data sets for data stores
Critical
High
Normal
Low
Management of data sets
66
requirements

Examples of other requirements this task affects

Članak 30.1.i (Imovina): Upravljanja programskom i sklopovskom imovinom
NIS2 Croatia
2.4: Luokittelu ja turvallisuusluokittelu
TiHL tietoturvavaatimukset
3.1: Tietoaineistojen tietoturvallisuus
TiHL tietoturvavaatimukset
2.5: Riskienhallinta
TiHL tietoturvavaatimukset
9.5 §: Suojattavan omaisuuden hallinta
Kyberturvallisuuslaki
See all related requirements and other information from tasks own page.
Go to >
Documentation of data sets for data stores
Information to market surveillance authorities
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

Article 23: Identification of economic operators
CRA
See all related requirements and other information from tasks own page.
Go to >
Information to market surveillance authorities
Keeping documentation available after release
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

Article 13.18: Information and instructions
CRA
See all related requirements and other information from tasks own page.
Go to >
Keeping documentation available after release
Voluntary vulnerability notifications
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

Article 15.1: Vulnerability reporting
CRA
See all related requirements and other information from tasks own page.
Go to >
Voluntary vulnerability notifications
Organizing long-term records retrieval
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Organizing long-term records retrieval
Auditing the information and documentation management process
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Auditing the information and documentation management process
Clear desk and monitors policy
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Clear desk and monitors policy
Information Protection and Secure Data Exchange
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Information Protection and Secure Data Exchange
Use of correct and valid medical code sets
Critical
High
Normal
Low
Management of data sets
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Use of correct and valid medical code sets
Limited data set usage and agreements
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Limited data set usage and agreements
Documentation maintenance and six-year retention rule (HIPAA)
Critical
High
Normal
Low
Management of data sets
4
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Documentation maintenance and six-year retention rule (HIPAA)
Use of standard transactions
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Use of standard transactions
Rules for the use of nonmedical standard code sets
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Rules for the use of nonmedical standard code sets
Safe destruction of data
Critical
High
Normal
Low
Management of data sets
3
requirements

Examples of other requirements this task affects

Article 13.1(.2.m): Removing data
CRA
Article 35: Data, system and network security
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Safe destruction of data
Process for secure information return or removal upon service termination
Critical
High
Normal
Low
Management of data sets
3
requirements

Examples of other requirements this task affects

5.3.3: Secure removal of IT assets from services
TISAX
GV.SC-10: Post-partnership activities in cybersecurity supply chain risk management plans
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Process for secure information return or removal upon service termination
Tietoaineistojen tuhoaminen osana laitteiden elinkaaren hallintaa
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

3.4: Tietoturvallinen arkistointi ja tuhoaminen
TiHL tietoturvavaatimukset
See all related requirements and other information from tasks own page.
Go to >
Tietoaineistojen tuhoaminen osana laitteiden elinkaaren hallintaa
System to check trade report data
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

Article 10: Detection
DORA
See all related requirements and other information from tasks own page.
Go to >
System to check trade report data
Ei-sähköisten tietojen tuhoaminen (TL IV-TL II)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

F-08.4: EI-SÄHKÖISTEN TIETOJEN TUHOAMINEN
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Ei-sähköisten tietojen tuhoaminen (TL IV-TL II)
Designation of data set owners
Critical
High
Normal
Low
Management of data sets
12
requirements

Examples of other requirements this task affects

T07: Tietojen luokittelu
Katakri
13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus
TiHL
15 §: Tietoaineistojen turvallisuuden varmistaminen
TiHL
32. Security of processing
GDPR
8.1.2: Ownership of assets
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Designation of data set owners
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST IV)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

I19: Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen
Katakri
See all related requirements and other information from tasks own page.
Go to >
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST IV)
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST III)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

I19: Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen
Katakri
See all related requirements and other information from tasks own page.
Go to >
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST III)
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST II)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

I19: Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen
Katakri
See all related requirements and other information from tasks own page.
Go to >
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST II)
Salassa pidettävien tietojen käsittely fyysisesti suojattujen alueiden sisällä (ST IV)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

I21: Fyysinen turvallisuus
Katakri
See all related requirements and other information from tasks own page.
Go to >
Salassa pidettävien tietojen käsittely fyysisesti suojattujen alueiden sisällä (ST IV)
Salassa pidettävien tietojen käsittely fyysisesti suojattujen alueiden sisällä (ST III-II)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

I21: Fyysinen turvallisuus
Katakri
See all related requirements and other information from tasks own page.
Go to >
Salassa pidettävien tietojen käsittely fyysisesti suojattujen alueiden sisällä (ST III-II)
Documentation of assets inventories outside the ISMS
Critical
High
Normal
Low
Management of data sets
38
requirements

Examples of other requirements this task affects

Članak 30.1.i (Imovina): Upravljanja programskom i sklopovskom imovinom
NIS2 Croatia
9.5 §: Suojattavan omaisuuden hallinta
Kyberturvallisuuslaki
3.1.3: Management of supporting assets
TISAX
1.3.1: Identification of information assets
TISAX
30 § 3.9° (actifs): Gestion des actifs
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Documentation of assets inventories outside the ISMS
Secure transfer of confidential data outside the organization
Critical
High
Normal
Low
Management of data sets
7
requirements

Examples of other requirements this task affects

A.11.6: Encryption of PII transmitted over public data-transmission networks
ISO 27018
TEK-16: Tiedon salaaminen
Julkri
PR.DS-2: Data-in-transit is protected.
CyberFundamentals
2.7.4: Use encryption when transferring confidential information or when trust in the information channel is low
NSM ICT-SP
14.4: Train Workforce on Data Handling Best Practices
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Secure transfer of confidential data outside the organization
Approval of data transfers outside the organization
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Approval of data transfers outside the organization
Limiting hard copy creation of material displaying personal data
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

A.11.2: Restriction of the creation of hardcopy material
ISO 27018
See all related requirements and other information from tasks own page.
Go to >
Limiting hard copy creation of material displaying personal data
Archiving and destruction processes for data sets
Critical
High
Normal
Low
Management of data sets
13
requirements

Examples of other requirements this task affects

PR.IP-6: Data destruction
NIST
A.7.4.5: PII de-identification and deletion at the end of processing
ISO 27701
A.7.4.8: Disposal
ISO 27701
8.10: Information deletion
ISO 27001
P4.3: Secure disposal of personal information
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Archiving and destruction processes for data sets
Tietojen tuhoaminen pilvipalveluissa
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

TEK-21.2: Sähköisessä muodossa olevien tietojen tuhoaminen - pilvipalveluissa olevan tiedon tuhoaminen
Julkri
See all related requirements and other information from tasks own page.
Go to >
Tietojen tuhoaminen pilvipalveluissa
Tietojenkäsittely-ympäristön toimijoiden tunnistaminen (TL IV)
Critical
High
Normal
Low
Management of data sets
2
requirements

Examples of other requirements this task affects

TEK-08.4: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen - TL IV
Julkri
I-07: MONITASOINEN SUOJAAMINEN – TIETOJENKÄSITTELY-YMPÄRISTÖN TOIMIJOIDEN TUNNISTAMINEN FYYSISESTI SUOJATUN TURVALLISUUSALUEEN SISÄLLÄ
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Tietojenkäsittely-ympäristön toimijoiden tunnistaminen (TL IV)
Toisen viranomaisen laatimien sähköisten tietojen tuhoaminen (TL II)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

TEK-21.4: Sähköisessä muodossa olevien tietojen tuhoaminen - toisen viranomaisen laatimat tiedot - TL II
Julkri
See all related requirements and other information from tasks own page.
Go to >
Toisen viranomaisen laatimien sähköisten tietojen tuhoaminen (TL II)
Measures for the storage of incoming information, information being processed and outgoing information
Critical
High
Normal
Low
Management of data sets
6
requirements

Examples of other requirements this task affects

PI1.5: Procedures for storing inputs, items in processing, and outputs in accordance with system spefications
SOC 2
3.4: Tietoturvallinen arkistointi ja tuhoaminen
TiHL tietoturvavaatimukset
5.2.4: Log management and analysis
TISAX
ID.AM-3: Organizational communication and data flows are mapped.
CyberFundamentals
3.14: Log Sensitive Data Access
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Measures for the storage of incoming information, information being processed and outgoing information
Access management for personal data in files and papers
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

9.2.5: Review of user access rights
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Access management for personal data in files and papers
Minimization of information outside data systems
Critical
High
Normal
Low
Management of data sets
7
requirements

Examples of other requirements this task affects

32. Security of processing
GDPR
8.1.3: Acceptable use of assets
ISO 27001
8.3.1: Management of removable media
ISO 27001
9.4.4: Use of privileged utility programs
ISO 27001
A.11.2: Restriction of the creation of hardcopy material
ISO 27018
See all related requirements and other information from tasks own page.
Go to >
Minimization of information outside data systems
Using data loss prevention policies
Critical
High
Normal
Low
Management of data sets
14
requirements

Examples of other requirements this task affects

18.1.2: Intellectual property rights
ISO 27001
18.1.3: Protection of records
ISO 27001
8.12: Data leakage prevention
ISO 27001
5.33: Protection of records
ISO 27001
C1.1: Identification and maintainment of confidental information
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Using data loss prevention policies
IRM protection of files
Critical
High
Normal
Low
Management of data sets
0
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
IRM protection of files
Preventing downloads of confidential information on unsupported devices
Critical
High
Normal
Low
Management of data sets
2
requirements

Examples of other requirements this task affects

6.2.1: Mobile device policy
ISO 27001
13.2.1: Information transfer policies and procedures
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Preventing downloads of confidential information on unsupported devices
Blocking downloads of confidential information on external networks
Critical
High
Normal
Low
Management of data sets
2
requirements

Examples of other requirements this task affects

13.1.1: Network controls
ISO 27001
13.2.1: Information transfer policies and procedures
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Blocking downloads of confidential information on external networks
Documentation of personal data outside data systems
Critical
High
Normal
Low
Management of data sets
15
requirements

Examples of other requirements this task affects

Članak 30.1.i (Imovina): Upravljanja programskom i sklopovskom imovinom
NIS2 Croatia
9.5 §: Suojattavan omaisuuden hallinta
Kyberturvallisuuslaki
27.(d): Sistēmas un aktīvu pārvaldība
NIS2 Latvia
Art. 24.2.i.3 (Assetti): Sicurezza e affidabilita' del personale, politiche di controllo dell'accesso e gestione dei beni e degli assetti
NIS2 Italy
63: Rakenteettoman tiedon tunnistaminen ja hallinta
Digiturvan kokonaiskuvapalvelu
See all related requirements and other information from tasks own page.
Go to >
Documentation of personal data outside data systems
Tietoaineistojen turvalliset säilytystilat
Critical
High
Normal
Low
Management of data sets
3
requirements

Examples of other requirements this task affects

15 §: Tietoaineistojen turvallisuuden varmistaminen
TiHL
3.1: Tietoaineistojen tietoturvallisuus
TiHL tietoturvavaatimukset
3.2: Toimitilaturvallisuus
TiHL tietoturvavaatimukset
See all related requirements and other information from tasks own page.
Go to >
Tietoaineistojen turvalliset säilytystilat

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security