Question - Asset identification with multiple business units

zie.maini · April 17, 2020, 8:33am

Hi,

Based on this statement:
Warning: this module is not meant to be used as an inventory tool where you document every laptop or server in your organisation. The only reason you are creating assets is to include them on a risk. If you plan to describe “Malware” just create assets that make reference, such as “Laptop”, “Windows Laptop”, “Apple Phone”.

How we can have a number of asset within a business unit but it also part of other business unit too?
For example: Employee Data
BU - HR and Finance
Both needed for GDPR risk - to ensure no data leakage.
How we can differentiate Employee Data asset that belongs to 2 different business units in Asset Risk Management?

P.S:
My organization having 100 different business unit. We called it Entities or subsidiary. So each asset will be copied into each business units. Means, Employee Data asset categorized as data asset and will be appear in 100 business unit.

Thanks,
Zie

eramba · April 19, 2020, 5:31pm

Risks are not directly linked to BUs unless you are using business risk (BIA).

Instead Risks are linked to assets which are linked to one or more BUs. Therefore the risk module can tell for any given risks to what BUs are related. You can use filters on the asset risk module to include to which BU they relate (risk links to assets, assets links to BUs … eramba simply uses that relationship)

you also have a pie chart on teh asset risk module:

you can also do a similar query from the Business unit module using filters: