Primary information assets are the data, information and knowledge that an organization needs to run its operations and making decisions. They are somewhere stored, processed or provided by its information system, on paper or in people's minds. When primary assets are disrupted, the organization cannot run and making decision and management cannot take place.
- it is controlled and organized collection of data, information or knowledge that has value to the organization
- primary assets depends on support assets
- primary assets are only available if the supporting assets are available and working
See here how to identify data (primary assets) and their examples
Examples of primary information assets
Each organization has a different list of its primary assets, depending on its line of business. However, you won't go wrong if you start from the following list, where most companies will hit:
- your business data, orders, project data etc
- your customer data
- personal data of your employees
- your know-how
- data about your products or technologies (e.g. recipe, source code)
- login data (for banking, other systems)
- all information marked as confidential
Why you need to know your primary information assets
- The determination of primary assets is the first step of information security risk analysis
- Together with threats and vulnerabilities, they help identify risks
- How to identify primary assets see here.
How to keep primary assets inventory
- How to keep a catalog of primary assets see here
- For the purposes of complying information security standards such ISO 27 000 or NIS2, you must also keep the dependencies between primary and supporting assets.