Why Asset Management Matters
Every major compliance framework requires organizations to maintain an inventory of information assets and manage vulnerabilities:| Framework | Asset Management Requirements |
|---|---|
| ISO 27001 | A.8.1 (Inventory of assets), A.8.2 (Classification of information) |
| SOC 2 | CC6.1 (Logical and physical access to assets), CC3.1 (Risk identification) |
| HIPAA | 164.310 (Workstation and device controls), 164.312 (Technical safeguards) |
| GDPR | Article 30 (Records of processing activities), Article 32 (Security measures) |
| PCI-DSS | Req 2 (System inventory), Req 6 (Vulnerability management), Req 11 (Regular testing) |
Asset Types
LowerPlane tracks four categories of assets:Cloud Resources
Virtual machines, databases, storage buckets, load balancers, serverless functions, and other infrastructure provisioned in cloud providers like AWS, Azure, and GCP.
Endpoints
Employee workstations, laptops, and mobile devices. Discovered through MDM integrations (Jamf, Intune, Kandji) and endpoint protection tools (CrowdStrike, SentinelOne).
Servers
Physical and virtual servers running in your data centers or cloud environments. Includes web servers, application servers, database servers, and infrastructure services.
Applications
Software applications your organization uses or operates. Includes SaaS tools, internal applications, and customer-facing services.
Asset Discovery
Assets enter LowerPlane through two channels:Automatic Discovery via Integrations
When you connect cloud providers, MDM tools, or endpoint protection platforms, LowerPlane automatically discovers and imports assets:- AWS / Azure / GCP — Discovers EC2 instances, VMs, databases, storage, networking, and other cloud resources
- CrowdStrike / SentinelOne — Discovers endpoints with protection agent installed
- Jamf / Intune / Kandji — Discovers managed devices from your MDM platform
- Snyk / Wiz — Discovers applications and repositories under security scanning
Manual Entry
For assets not covered by integrations (physical servers, legacy systems, or specialized hardware), you can add them manually from the Assets page.Asset Details
Each asset record contains:| Field | Description |
|---|---|
| Name | Display name for the asset |
| Type | Cloud resource, endpoint, server, or application |
| Source | Integration that discovered it, or “Manual” |
| Owner | Person or team responsible for the asset |
| Status | Active, inactive, or decommissioned |
| Compliance status | Whether the asset meets applicable compliance requirements |
| Vulnerabilities | Count and severity of known vulnerabilities |
| Last seen | When the asset was last detected by an integration sync |
How Assets Support Compliance
Assets tie into LowerPlane’s compliance engine in several ways:- Evidence generation — Asset inventory exports serve as evidence for asset management controls across all frameworks.
- Vulnerability tracking — Vulnerabilities discovered on assets are tracked and linked to remediation controls.
- Test evaluation — Automated tests verify that assets meet security requirements (encryption enabled, protection agent installed, etc.).
- Risk assessment — Asset data feeds into risk calculations, helping prioritize remediation by business impact.
Next Steps
Asset Inventory
Browse, filter, and manage your complete asset inventory.
Vulnerabilities
Track and remediate vulnerabilities across your asset inventory.