ISO/IEC 27001 Control 5.9: Inventory of information and other associated assets


An inventory of information and other associated assets, including owners, should be developed and maintained.

Necessity of MidPoint

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

Implementation Overview

MidPoint can manage applications, roles and entitlements that are closely related to assets.

Implementation Details

Application inventory capability of midPoint is essential first step to catalog assets. MidPoint capability to maintain various relations of objects can be used to track owners of applications, roles and other asset-related objects. Applications without owners can be reported. Applications can be classified, setting classification-specific requirements and policies on applications. Application roles are linked to the application, enabling application-level policies to be applied to all users using the application.

Was this page helpful?
Thanks for your feedback