🎯 Free Website Audit. Get Yours →
Optimum Web
ISO 27001NIS2CR-ISO-03

Asset Inventory & Classification

ISO 27001 asset inventory: catalogue all assets, assign owners, classify C/I/A, define handling rules. Links to risk assessment and SoA. $349.

Asset Inventory & Classification by Optimum Web is a fixed-price compliance service covering ISO 27001 Annex A 5.9–5.13 — Information classification and asset management. It costs €319 with 3–5 business days delivery by senior security engineers. Information asset register (all assets, owners, locations, types). 14-day warranty included.

Covers: ISO 27001 Annex A 5.9–5.13 — Information classification and asset management

3 clients onboarded this month
4.8·172 clients·25 yrs

"Senior engineers who actually deliver what they promise. Rare."

Thomas K., IT Manager · Austria

€319
Fixed price, VAT excluded
3–5 business daysSenior only
Information asset register (all assets, owners, locations, types)
Classification scheme (confidentiality/integrity/availability levels)
Handling procedures per classification level
Labeling guidance + integration with risk assessment
🛡️
14-Day Money-Back Guarantee
Issue recurs? We fix it free or refund in full. No questions asked.

Secured by PayPal · 256-bit SSL encryption

or order without payment
+373 22 843569
PayPal · SSL
👨‍💻 Senior only
14-day warranty
🆔 CR-ISO-03

This Service Covers

ISO 27001Annex A 5.9–5.13 — Asset inventory, classification, labeling, handling
NIS2Article 21(2)(a) — Information system security

What You Get

Complete information asset inventory and classification for ISO 27001. We catalogue: all information assets (databases, servers, network devices, SaaS services, documents, people), assign owners, classify by confidentiality/integrity/availability (C/I/A) using a 3-level or 4-level scheme, define handling procedures per classification level, and create labeling guidance. The asset register links directly to the risk assessment (CR-ISO-04) and Statement of Applicability.

Who Needs This

  • Companies pursuing ISO 27001 needing Annex A 5.9-5.13 controls
  • Organizations that don't know all their information assets
  • Businesses that completed GDPR data mapping and need to extend it to all asset types
  • Companies whose risk assessment needs a proper asset baseline

SAVE 40–50%

Need Compliance Across Multiple Frameworks?

Our Multi-Framework Assessment (€639) covers GDPR + NIS2 + ISO 27001 + SOC 2 in one engagement — saving 40–50% compared to separate assessments.

Multi-Framework Assessment — €639

Ready to Start?

€319 · 3–5 business days · 14-day warranty

+373 22 843569

Secured by PayPal · 256-bit SSL encryption

or order without payment

Need a full compliance assessment? Multi-Framework Assessment — €639

Learn more
CLIENT REVIEWS

What Our Clients Say

4.8 / 5·172 clients · 25+ years

"Senior engineers who actually deliver what they promise. Fixed price, fixed timeline, thorough documentation. Rare combination."

T
Thomas K.
IT Manager · Manufacturing company · Austria

"Worked with 4 agencies before finding Optimum Web. First team that delivered exactly what the scope said, on time."

S
Sophie V.
Operations Manager · Logistics company · Belgium

"The 14-day warranty is real. Had a small follow-up question and it was handled same day, no extra charge."

M
Mikael B.
CTO · B2B SaaS · Germany
Read all reviews on Clutch →

Frequently Asked Questions

What counts as an 'information asset' for ISO 27001?+
Everything that stores, processes, or transmits information: servers, databases, laptops, SaaS accounts, paper files, people (they have knowledge too), network devices, and backup media. We typically find 30-80 assets for a mid-size company.
How does classification work?+
We assign levels for each of Confidentiality (Public → Internal → Confidential → Restricted), Integrity (Low → Medium → High), and Availability (Low → Medium → High). Each combination determines the handling requirements.
Can this build on our GDPR data mapping?+
Yes. If you did CR-GDPR-03 (Data Mapping), we use that as a starting point and extend it to non-personal data assets (servers, network devices, code repositories, etc.). Saves 30-40% of the effort.
How does this connect to risk assessment?+
Each asset becomes an entry in the risk register. The classification determines the impact level if the asset is compromised. CR-ISO-04 builds directly on this inventory.
Do we need to classify every single document?+
No. We classify asset categories, not individual documents. 'Customer database' is one asset, not each record. 'HR file share' is one asset. The classification scheme then tells employees how to handle new items in each category.

Also Relevant

ISO 27001

Risk Assessment & Treatment Plan

€449 · 5–7 business days
ISO 27001

ISO 27001 Readiness Assessment

€539 · 5–7 business days
GDPR

Data Mapping & Personal Data Inventory

€359 · 3–5 business days
ISO 27001

ISMS Scope & Policy Document Pack

€449 · 5–7 business days
+373 22 843569

Secured by PayPal · 256-bit SSL encryption

or order without payment
📞Call Us💬Get Free Quote