Creating your Asset Inventory in TrustWorks

The Asset Inventory helps you track where personal data is used within your organisation, how it is shared and organised, and where it is physically located. This data map also helps identify risks that could impact compliance and reputation. Moreover, having a well-organised asset inventory can mitigate penalties in case of regulatory issues. It also facilitates compliance with Article 30 of the GDPR regarding the Record of Processing Activities (RoPA).

Creating your Asset inventory

The first step in building your data map is to identify all locations where personal data is processed in your organisation as part of various business tasks and processes. This includes both third-party vendors and internal applications and tools.

By creating this inventory, you gain an overview of:

• Where data processing occurs
• The categories of individuals whose data is processed
• The types of personal data involved
• The associated risk levels

There are different ways to create your asset inventory, which we will cover below.

Adding Assets Manually

You can manually add assets by clicking +New and filling in the mandatory fields:

• Step 1: Create a New Asset

  1. Navigate to Assets.
  2. Click + New.
  3. Select the asset Classification.

• Step 2: Provide General Asset Details

  Fill in the mandatory fields:

  • Classification

    Select the type of asset, such as:

    • Application
    • Webform
    • Database
    • Backup Storage
    • Application Logs
    • Server / Infrastructure
    • Physical Document
    • Service
    • Cloud Storage
    • API / Web Service
    • Device
    • File / Document

  • Provider

    Indicate whether the asset is Internal or Third-party.

  • Type

    Select a predefined asset type.

    If the asset is not listed or is a proprietary/internal system, it can be added as Custom.

  • Name

    Enter a clear and recognisable name for the asset.

    Status

    Define the current lifecycle status:

    • Draft – Not yet operational
    • In Review – Under evaluation
    • Active – In regular operational use
    • Inactive – Not currently in use
    • Exempt – Not subject to certain validation requirements
    • Archived – Retained for historical or legal purposes

• Authorisation Status

  Set whether the asset is Unknown, Authorised, or Unauthorised.

Owner

• Assign responsibility to either:
• A User, or
• A Team

• Legal Entity

  Link the asset to the relevant internal legal entity or vendor.

• Description

  Provide a short explanation of the asset’s purpose and usage.

Step 3: Complete Data Mapping

• Categories of Individuals: Define the categories of individuals whose data is processed. These categories can be found under Settings menu > Data practices > Category of individuals, where default categories exist and additional ones can be added. 
• Categories of Personal data: Specify the types of personal data processed, available under Settings menu > Data practices > Data categories. 

• Actions: Enable or disable data mapping verification.

  
  

Step 4: Manage Risks and Assessments

• Risks Management

  Add and assess risks associated with the asset.

• Assessments

  View and manage assessments linked to the asset.

• Processing Activities

  See which processing activities reference this asset.

Step 5: Add Additional Information

The Additional Information tab allows you to enrich the asset record with supporting details:

• Reference Documents
  • Terms of Service (URL)
  • Privacy Policy (URL)
  • List of Sub-processors (URL)
• Processing Locations
• Source of Information / Comments

• Custom Fields

  Use custom fields to capture organisation-specific information consistently.

Learn more about custom fields here.

By default, all assets that are not classified as “Applications” are marked as Custom. You can also classify Code Repositories and internal applications as Custom.

Getting started with your Asset Inventory

If your organization uses Single Sign-On (SSO) (e.g., Okta or Microsoft Entra), you can automate part of the asset inventory process by integrating with your SSO system. This integration retrieves a list of all connected tools and helps identify shadow IT—applications that employees use without going through procurement.

The SSO integration scans for new assets daily. Detected assets are placed in the Staging Area of the Asset Inventory, where you can assign an owner, import them, or discard them.

If your required asset type is missing, you can add it as ‘Custom’. Additionally, if you already have a list of assets, we can import it for you.

Running Assessments on Assets

You can run assessments to verify an asset’s function and compliance. This is done via surveys set up on the platform. Learn more about Assessments here.

Assets in processing activities

In the Data Mapping section of Processing Activities, you can link assets used for data storage and processing, helping maintain an up-to-date Record of Processing Activities (RoPA) and building data flows.

Conclusion

Maintaining a structured inventory of all data-processing assets is a critical step in compliance with privacy regulations. The Asset Inventory in TrustWorks helps you create a comprehensive data map, identify risks, and improve data governance.