A complete, classified inventory of systems, data, suppliers and AI components. One record feeds ISMS, BCMS, DSMS and AIMS.
The challenge
Ask three teams for a list of systems and you get three different answers. IT has a spreadsheet, security has a slightly older one, and the privacy team keeps its record of processing somewhere else entirely. None of them agree on what counts as critical, who owns it, or what data runs through it. Every audit starts with a week of reconciling lists that should have been one list all along.
The inventory is where everything else starts. Classification, risk scoring, business impact analysis, your GDPR record of processing, the register of AI systems: all of it reads from the same set of assets. Keep four copies and they drift apart by the next quarter. Keep one and a change to an asset shows up everywhere it matters, the first time you make it.
Benefits at a glance
Hardware, software, cloud services, data stores and AI components live in one structured register with owner, classification, lifecycle and dependencies. The record powers control selection, BIA, RoPA and AI governance at the same time.
Your record of processing activities sits in the same register as your IT assets. Personal data flows are linked to the systems and vendors that process them, so Article 30 compliance is a view of your operation, not a separate spreadsheet.
Each asset carries the risks it introduces, the controls that protect it, the vendors that touch it and the continuity dependencies it creates. When an asset changes, KaitoSec surfaces the impact on every management system that cared about it.
How it works
Apply confidentiality, integrity and availability classifications aligned with ISO 27001 and BSI Grundschutz, and add business criticality used by the BCMS. Classifications drive risk scoring, control recommendations and recovery prioritisation in one step.
Connect cloud providers, MDM, identity and infrastructure tools to pull assets automatically. Discovered records are matched, enriched and routed to owners, so the inventory stays current without manual maintenance.
Link assets to the vendors that supply or process them and visualise data flows across the organisation. The same view supports GDPR scoping, NIS2 supply-chain obligations and DORA ICT third-party reporting without separate diagrams.
Supported frameworks
KaitoSec