← Back to Dashboard
DOMAIN — ASSET & DATA-FLOW INVENTORY

You can’t protect, patch, or recover what you don’t know you have — and most companies can’t list half of it.

Recommended Module

Carriers ask whether you maintain an asset inventory because it is the foundation everything else stands on. You cannot patch a server you forgot about, secure a laptop that was never enrolled, or know what a breach touched if you never mapped where your data lives. And the fastest-growing risk — SaaS apps and cloud services teams sign up for on a credit card — is exactly the part no one has a list of.

The three things they’re really asking: Do you have an inventory of your hardware and endpoints? Do you have a list of your software and cloud services, including the shadow IT? And do you know how your sensitive data flows between them? If your answer is "mostly in people’s heads," this kit turns that into a living inventory.

YOU CAN DO THIS TODAY
1

List every device in one place.

Open a spreadsheet and write down every laptop, desktop, server, and phone that touches company data — who has it, and whether it’s encrypted. Even a rough list beats what most companies have, and it immediately shows you the gaps (the unencrypted laptop, the server nobody owns).

2

Hunt your shadow IT.

Pull the last few months of credit-card and expense statements and highlight every software subscription. You will almost certainly find SaaS tools holding company data that IT never knew about. That list is the start of a software inventory — and often the biggest risk surprise.

3

Trace your most sensitive data.

Pick your single most sensitive data type and, in five minutes, sketch where it comes in, what systems hold it, and which vendors touch it. That one flow is the start of a data map — and the thing you’ll wish you had during an incident.

THE ASSET & DATA-FLOW INVENTORY KIT

If the quick wins showed you the gap but not the path, the kit gives you a complete inventory program — hardware, software/SaaS, and a data-flow map, plus the lifecycle and offboarding steps that keep it accurate — without an IT asset-management platform.

WHAT'S INCLUDED IN EVERY KIT
01

Asset Management Policy

The policy that sets how you track and manage assets. Pre-structured; adapt and adopt.

02

Hardware & Endpoint Inventory

A living record of every device that touches your data — with owner, classification, and encryption status.

03

Software & SaaS / Cloud Inventory

Every application and cloud service, including the shadow IT — with the data each holds and whether it’s sanctioned.

04

Data-Flow Map

Traces how your sensitive data moves through your systems and vendors — the map you’ll need during an incident.

05

Asset Lifecycle & Decommission Checklist

Deploy securely and — the step most often skipped — retire assets with their data destroyed and access revoked.

06

Onboarding & Offboarding Asset Checklist

So every joiner is equipped correctly and every leaver’s devices, accounts, and access are reclaimed.

NEED MORE THAN A KIT?

Some environments need to be discovered and mapped, not just templated.

If your Whitestance score flagged Asset Inventory as a critical gap — or if you have sprawling hardware and SaaS across sites and teams — a kit gets you the program but a full engagement gets your environment actually inventoried and mapped. Whitestance’s fractional CISO engagements build and maintain your asset and data-flow inventory across your whole environment and produce documented evidence your board, auditors, and carriers can see. Engagements start at $40,000 for smaller organizations and scale from there.

Talk to us about a full engagement →