We repeatedly say in eramba that we strongly believe there is no one way to do GRC as it is a management practice and therefore all angles are probably valid if they deliver value to the organisation and its shareholders.
There are some exceptions, and one of them is the persistance of some practitioners on applying a CIA (confidentiality, integrity, etc) when it comes to Risk Management, in particular if they are after ISO 27001 certification.
When eramba was built, a few years after the 2005 version of the standard was published, the CIA thing was mandatory and explicit in the standard. No matter if you agree with it or not, you had to do it (classify assets on those three dimensions).
Luckly, or rather, obviously, it did not took long for the planet to complain about this non-sense (and some other) and unluckily, or rather, obviously, it took the ISO organisation 8 years to amend it. Since 2013, is perfectly fine to meet ISO 27001 requirements without doing CIA classifications.
We leave this comparison table for you to delight your auditor with facts and ensure you streamline your Risk practice with rather more important subjects than this.
While eramba can classify assets on any way you want, that classification is not used anywhere other than in the Risk module only if you use Magerit as a Risk calculation. Magerit is an old, purely academic Risk framework, not updated since 2012. Again, the reason being, this practice of classifying assets by CIA is totally nonsense and completely outdated in 2025. We do not recommend using Magerit in eramba.
You are welcome to read Magerit “Book”, is a mere 109 pages of guarnateed apathy: https://administracionelectronica.gob.es/pae_Home/dam/jcr:80b16a91-75b1-432d-ab23-844a12aab5fc/MAGERIT_v_3_book_1_method_PDF_NIPO_630-14-162-0.pdf