CRISP Security Shield Logo

Compliance Risk &

Information Security Partners

Introducing the new small business third-party risk management company

16-O: IT Asset Management

This section evaluates how your organization inventories, tracks, and manages IT assets throughout their lifecycle.

The questions focus on whether you maintain an accurate and up-to-date asset register, assign ownership, and classify assets based on criticality and data sensitivity. They also address how assets are provisioned, moved, and decommissioned, including secure reuse or disposal.

Overall, this section confirms that hardware and software assets are controlled in a structured way so they do not become blind spots or unmanaged sources of risk.

Explanation: An asset management program ensures accurate tracking of organizational assets, preventing unauthorized use or loss of critical hardware and software.

Risks of Incorrect Answer: Lack of asset inventory may result in unmonitored devices accessing sensitive data.

Untracked software could lead to licensing non-compliance or exposure to vulnerabilities.

Applicable Frameworks: ISO 27001 (A.8.1.1): Emphasizes asset management and maintaining an inventory.

NIST CSF (ID.AM-1): Requires identification and management of physical and software assets.

CIS Controls (1): Includes inventory and control of hardware and software assets.''

Explanation: A formal process ensures that sensitive data on physical media is irretrievably destroyed or securely handled to prevent unauthorized recovery or reuse.

Risks of Incorrect Answer: Improper disposal could lead to data breaches or regulatory non-compliance.

Reusing media without secure erasure may allow access to previously stored sensitive data.

Applicable Frameworks: ISO 27001 (A.8.3.2): Requires secure disposal or destruction of media.

NIST CSF (PR.IP-6): Covers secure data destruction processes.

HIPAA (164.310(d)(2)(i)): Mandates proper disposal of health information.

THANK YOU


You have successfully completed
the IT Asset Management
portion of this Assessment.

Please Press Submit
so that we can process your results

NEXT
CRISP Secrity Logo

​Compliance Risk &

Information Security
Partners

CRISP

Empowering small businesses
with BIG Solutions

Some or all of the services described in this engagement may not be available to certain clients, including those who have affiliations or relationships with audit firms or related entities.

The information provided herein is of a general nature and is not intended to address the specific circumstances of any individual or entity. While we strive to offer accurate and up-to-date information, we cannot guarantee its accuracy at the time it is received or in the future. No action should be taken based solely on this information without seeking appropriate professional advice tailored to your particular situation. CRISP does not provide legal or tax advice.

This information is not intended to constitute “written advice concerning one or more Federal tax matters” as defined by section 10.37(a)(2) of Treasury Department Circular 230.

Contact Us

Let’s discuss your unique security needs and address any other questions you may have. Contact us today for a free consultation and take the next step towards strengthening your company’s defenses.

LEGAL POLICIES

Privacy Policy

Terms & Conditions

Disclaimer

Cookie Policy

DSAR

Refunds/Returns

Shipping Policy

EULA

Message

© 2025 Compliance Risk & Information Security Partners (CRISP). All rights reserved.