ISO/IEC 27001 Control 5.9: Inventory of information and other associated assets

An inventory of information and other associated assets, including owners, should be developed and maintained.

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

MidPoint can manage applications, roles and entitlements that are closely related to assets.

Application inventory capability of midPoint is essential first step to catalog assets. MidPoint capability to maintain various relations of objects can be used to track owners of applications, roles and other asset-related objects. Applications without owners can be reported. Applications can be classified, setting classification-specific requirements and policies on applications. Application roles are linked to the application, enabling application-level policies to be applied to all users using the application.