DORA-Art7-P1

ICT Asset Inventory Register COMMON

Structured register of all ICT assets including hardware, software, network components, and data assets, with classification, ownership, and dependency information as required by DORA Article 7.

Formats

CSV JSON

Evidence Class

ict-asset-inventory

Availability

COMMON

Update Frequency

quarterly

Typical Author

IT Asset Manager

Approval Chain

IT Asset Manager → CIO

Content Sections

• Asset Register

Expected Fields

• asset_id
• asset_name
• asset_type
• classification
• owner
• location
• criticality
• dependencies
• last_updated

Common Quality Issues

• Incomplete coverage of shadow IT assets
• Stale entries for decommissioned assets
• Missing dependency mappings between assets
• Inconsistent classification taxonomy

ICT Asset Classification Scheme PARTIAL

XML-structured classification scheme defining asset categories, criticality levels, and data sensitivity tiers used to classify ICT assets per DORA Article 8.

Formats

XML

Evidence Class

ict-asset-classification

Availability

PARTIAL

Update Frequency

annual

Typical Author

Information Security Officer

Approval Chain

Information Security Officer → CISO

Content Sections

• Classification Taxonomy
• Criticality Levels
• Data Sensitivity Tiers
• Mapping Rules

Expected Fields

• scheme_version
• effective_date
• asset_categories
• criticality_levels
• sensitivity_tiers
• classification_criteria

Common Quality Issues

• Classification scheme not aligned with industry standards (ISO 27001)
• Missing criteria for cloud-hosted assets
• No mapping between classification levels and required controls
• Outdated sensitivity tiers not reflecting current data types

ict_asset_inventory_status

Schema ID

fs-ict-asset-inventory

Control

DORA-Art7-P1

Valid Ranges

inventory_date

within last 6 months

classified_assets

should equal total_assets for full compliance

unclassified_assets

should be 0 for full compliance

Related Schemas

• fs-ict-asset-classification
• fs-ict-dependency-mapping

JSON Schema

{
  "properties": {
    "classified_assets": {
      "minimum": 0,
      "type": "integer"
    },
    "critical_assets_count": {
      "minimum": 0,
      "type": "integer"
    },
    "has_dependency_mapping": {
      "type": "boolean"
    },
    "inventory_date": {
      "format": "date",
      "type": "string"
    },
    "last_full_review_date": {
      "format": "date",
      "type": "string"
    },
    "total_assets": {
      "minimum": 0,
      "type": "integer"
    },
    "unclassified_assets": {
      "minimum": 0,
      "type": "integer"
    }
  },
  "required": [
    "inventory_date",
    "total_assets",
    "classified_assets",
    "has_dependency_mapping"
  ],
  "type": "object"
}

ict_asset_classification_status

Schema ID

fs-ict-asset-classification

Control

DORA-Art7-P1

Valid Ranges

effective_date

within last 18 months

criticality_levels_defined

typically 3-5 levels

Related Schemas

• fs-ict-asset-inventory

JSON Schema

{
  "properties": {
    "aligned_with_iso27001": {
      "type": "boolean"
    },
    "covers_cloud_assets": {
      "type": "boolean"
    },
    "criticality_levels_defined": {
      "minimum": 1,
      "type": "integer"
    },
    "effective_date": {
      "format": "date",
      "type": "string"
    },
    "scheme_version": {
      "type": "string"
    },
    "sensitivity_tiers_defined": {
      "minimum": 1,
      "type": "integer"
    }
  },
  "required": [
    "scheme_version",
    "effective_date",
    "criticality_levels_defined",
    "sensitivity_tiers_defined"
  ],
  "type": "object"
}