# Information Asset Register Our [information asset register \[Restricted to FundApps staff\]](https://www.notion.so/fundapps/230cff86db2d49d6b7662fc71e41979b?v=c3474be8e22c4138a2a3b3af307bf83e) contains every information asset of value to FundApps. For example, this includes: * Client support queries * Internal communications * Server logs * Development source code ## Identification Information assets are identified as part of: * Monthly company-wide security awareness sessions * Monthly security review meetings * Our software development lifecycle * Everyday working practice ## Assessment For each information asset identified, we * Assign an owner for the information * Identify if it falls under any specific regulation (primarily General Data Protection Regulation) * Assess CIA ratings in accordance with our [risk management](/client-portal/-LubIC9uIsME-_T0mNXu/fundapps-policies/risk-management/index.md) process * Identify an appropriate data classification from these ratings * Identify the [information systems](/client-portal/-LubIC9uIsME-_T0mNXu/fundapps-policies/risk-management/information-systems-register.md) that contain this data * Identify any specific information risks relating to this information and record it in our [infosec risk register](/client-portal/-LubIC9uIsME-_T0mNXu/fundapps-policies/infosec/risk-register.md) * Identify any specific business continuity risks relating to this information and record it in our [BC risk register](/client-portal/-LubIC9uIsME-_T0mNXu/fundapps-policies/business-continuity/risk-register.md) Any changes to the register results in: * updates to our [information systems register](/client-portal/-LubIC9uIsME-_T0mNXu/fundapps-policies/risk-management/information-systems-register.md) with regards the classification of information they hold * updates to our data classification policy with regards the information systems and asset information falling under each classification * updates to our [access control register](/client-portal/-LubIC9uIsME-_T0mNXu/fundapps-policies/infosec/access-control.md) requiring us to record privileges granted to this systems and ensuring revokation during the offboarding process ## Review Information systems are reviewed as part of our monthly security review meetings. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://policies.fundapps.co/client-portal/-LubIC9uIsME-_T0mNXu/fundapps-policies/risk-management/information-asset-register.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.