Information Asset Register
SquareX Holdings, Inc.
ISO/IEC 27001:2022 Annex A.8.1 Compliance
Document Control Information
Document Version: 1.0
Last Updated: 2025-08-22
Next Review: 2026-02-01
Owner: CISO (Jeswin Mathai)
Custodian: ISMS Lead
Classification: Internal Use
Review Frequency: Quarterly
Classification & Risk Level Legend
Classification Levels:
Confidential (restricted to authorized users only)
Internal (employees/contractors)
Public (available externally)
Risk Levels:
High Risk – critical asset, major impact if compromised
Medium Risk – important, but limited exposure
Low Risk – minimal impact on security posture
Value/Impact:
High Impact – significant operational, reputational, or legal consequences
Medium Impact – moderate disruption or loss
Low Impact – minimal disruption
Complete Asset Inventory
| Asset ID | Asset Name | Category | Description | Location | Owner | Custodian | Classification | Value/Impact | Access Mechanisms | Risk Level | Protection Controls | Procured On | Retention/Disposal | Review Date |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| A-002 | AWS Cloud Services | Cloud Platform | Production workloads for BDR and Browser DLP backend | AWS Regions (US/EU/Asia) | CISO | Cloud Ops Lead | Confidential | High | IAM with MFA, VPC isolation, AWS KMS encryption | High | A.5.23 Cloud service security, A.8.9 Configuration management, A.10.1 Cryptographic policy | 2022-04-01 | Per AWS lifecycle / contract | 2025-11-01 |
| A-003 | Azure Cloud Services | Cloud Platform | Hosting for Secure Access & enterprise integrations | Azure Global | CISO | Cloud Ops Lead | Confidential | High | Azure AD, conditional access, Key Vault encryption | High | A.5.23 Cloud services, A.8.8 Data leakage prevention, A.13.1 Network security controls | 2022-08-01 | Per Azure lifecycle / contract | 2025-11-01 |
| A-004 | Google Cloud Platform (GCP) | Cloud Platform | Sandbox analysis environments, ML/AI workloads | GCP US/EU | CISO | Cloud Ops Lead | Confidential | High | IAM with SSO, VPC, Cloud KMS | High | A.5.36 Cloud usage policy, A.8.10 Malware defenses, A.6.4 Monitoring activities | 2023-01-01 | Per GCP lifecycle / contract | 2025-11-01 |
| A-005 | Google Workspace (Gsuite) | SaaS Service | Email, Docs, Drive for corporate collaboration | Google Data Centers | CISO | IT Manager | Confidential | High | SSO, enforced MFA, DLP rules, conditional access | High | A.9.1 Access control, A.8.2.3 Media handling, A.5.23 Cloud governance | 2022-05-01 | Per retention policy | 2025-11-01 |
| A-009 | Security Monitoring (SIEM/EDR Logs) | Logs | Event logs, alerts, and telemetry from BDR/DLP | AWS S3, Splunk, CrowdStrike | SOC Lead | Security Team | Confidential | High | RBAC, encryption, immutable logs, alerting | Medium | A.12.4 Logging & monitoring, A.6.4 Monitoring activities, A.8.16 Logging | 2023-07-01 | 12–24 months | 2025-11-01 |
Notes & Compliance Context
Cloud Services: Unlike the Disruptive Edge example, SquareX uses AWS, Azure, and GCP extensively. Thus Annex A.5.23 and A.5.36 are fully applicable.
Hardware: Consultant laptops are protected with encryption and MFA.
Cloud/SaaS: Workspace, DevOps tools, and client repositories are high-value and high-risk.
Logs & Monitoring: Event telemetry and SIEM integration are part of Annex A.12.4 compliance.
End-user Browsers: As SquareX’s core product area, browsers are treated as critical customer-facing assets with layered security.
✅ Best Practices & Recommendations
Lifecycle Management:
Automate asset discovery in AWS/Azure/GCP.
Use tagging for cost/security accountability.
Ownership & Accountability:
Every asset mapped to an owner/custodian (per A.8.1.2).
Reviews:
Quarterly ISMS-led reviews of all cloud + SaaS assets.
Integration with ISMS:
Asset Register links to Risk Register, SoA, and RART.
Continuous Improvement:
Integrate with CMDB and extend SIEM coverage to Azure/GCP.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article