The asset system in Control Compliance Suite represents the following kinds of assets:
Technical and tangible assets as computers and databases.
Business assets that are business entities associated with business functions. Business assets can also be collections of physical assets that represent business entities. For example, banks with departments, servers, processes and data centers are business assets.
Business assets fall into the following categories:
Business Units as Investment, Corporate, Consumer, Commercial, or Treasury
Departments as Credit Card, Trading, or Retail
Business Processes as GRC, Shipment, or Security
The following features characterize business assets:
Business assets are unique. The asset system prevents the duplication of a business asset within the system.
Business assets can be tagged.
A business asset can be available only in one asset folder at a time.
Business assets add value to the organization, and are vulnerable to security threats. Risk is the possibility of a business incurring loss from security threats. Control Compliance Suite uses business assets to model risk. Control Compliance Suite associates business assets and controls to risk objectives. Through associations with policies and questionnaires, business assets also make the evaluation of compliance possible.