# Adding an Asset
Clicking the `Add Asset` button brings up the `Add Asset` form. The form contains two sections - General Information and Assurance. Only the General Information tab is required to add a new asset, but it is recommended that both areas are completed.
{% tabs %}
{% tab title="General Information" %}
Add Asset form - General Information
**Asset Name**
The name of the asset.
**Asset Type**
The type of asset. The options are as follows:
| Type | Description |
| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Browser | Any component of a web browser that is critical to maintaining the security and integrity of the information being accessed or transmitted through the browser. |
| Cloud Service | Any component of the cloud computing environment that is critical to the security and availability of the cloud service. This can include data storage, virtual machines, network infrastructure, and other resources provided by the cloud service provider. |
| Desktop | Any physical device, software or data stored on a computer that is considered important for maintaining the security and integrity of an organisations information system.Email Application. |
| Firewall | A security control that is used to protect a network from unauthorised access and to prevent malicious traffic from entering or leaving the network. |
| Hypervisor | Any software or hardware component that enables virtualisation on a server. |
| Information Asset | Any piece of information that is valuable to an organization and needs to be protected. It can be anything from customer data to financial information or intellectual property. |
| Laptop | Any laptop computer that contains sensitive or valuable information that needs to be protected from unauthorised access, use, or disclosure. |
| Malware Protection | A security measure that aims to prevent and detect malicious software or computer viruses from infecting computer systems or networks. |
| Mobile Device | Also known as a cell phone or smartphone, is a portable electronic device that allows people to make and receive phone calls, send and receive text messages, and access the internet and various mobile applications. |
| Network | A group of interconnected devices such as computers, servers, and other electronic devices that communicate with each other through various communication channels such as wired or wireless connections. |
| Office Application | Any type of computer software designed to help users perform common tasks related to office work, such as creating and editing documents, spreadsheets, presentations, emails, and other types of digital content. |
| Router | A router is a device that is used to connect different networks together and route data traffic between them. |
| Server | A computer system that is used to store and manage data and resources, and can be used to support information security management systems (ISMS). |
| Tablet | A type of mobile computing device that is typically larger than a smartphone but smaller than a laptop. It is a flat, portable computer that is operated through a touchscreen interface and typically lacks a physical keyboard. |
| Thin Client | A computer that runs a lightweight operating system, such as Google's Chrome OS, and relies on a remote server to perform most of the processing and data storage. |
| Virtual Desktop | A desktop computing environment that is hosted and managed in a virtualised environment, typically on a server or in the cloud. |
| Virtual Server | A type of server that runs within a virtual environment, created by a virtualisation technology. It is a simulated server that provides the same functionality as a physical server, but it exists only in software. |
**Asset Description**
A brief description of what the asset is.
**Date Onboarded**
The date on which this asset was first introduced to the organisation.
**Critical**
Whether the asset is critical for business operations or not.
**Asset Owner**
The person responsible for this asset.
**Last Review Date**
The last date on which this asset was reviewed.
**Next Review Date**
The next scheduled date for this asset to be reviewed.
{% endtab %}
{% tab title="Assurance" %}
Add Asset form - Assurance
**Has an access review been carried out in the last 12 months on the system, including administrators?**
Whether a review of employees' access has been conducted within the last 12 months on the respective asset.
**Does the system encrypt data in transit?**
Whether the asset encrypts data while it is being transferred over a connection.
**Does the system encrypt data at rest?**
Whether the asset encrypts data in its storage.
**Have logs been reviewed regularly and incidents raised for suspicious event?**
Whether any logs associated with the asset are regularly checked for potential incidents.
**Has a vulnerability scan or penetration test been performed on the system and issues remediated?**
Whether a vulnerability scan or penetration test has been performed to ensure there are no active vulnerabilities or misconfigurations within an asset.
**Has a backup and restore been carried out to ensure that the disaster recovery process works for the system?**
Whether backups of the assets data has been performed so that in case of an outage, any lost data can be restored.
**Has multi-factor authentication been implemented on the system for all users?**
Whether multi-factor authentication has been enabled where possible.
**Has the system been reviewed to cleanse and ensure quality of the data inline with retention policies?**
Whether the system has been checked to ensure data is within data retention parameters.
**Result of assessment**
Whether this asset has passed or failed its assessment based on previous answers.
**Conducted by**
The person responsible for conducting this assessment.
{% endtab %}
{% tab title="Disaster Recovery" %}
If an asset is marked as critical, the Disaster Recovery section will be available to complete.
Add Asset form - Disaster Recovery
**Disaster Recovery Plan**
The steps to follow in order to recover this asset in the event of an incident or disaster.
**Security considerations during DR**
What points of security must be considered in terms of this asset in the event of an incident. For example, employee or client data if a work laptop is stolen.
**RPO (Recovery Point Objective)**
The maximum tolerable loss of data in terms of time. For example, a loss in 2 hours work worth of data.
**RTO (Recovery Time Objective)**
The maximum tolerable time in which an asset can be unavailable. For example, if the RTO is 2 hours then the asset should be available again after failure in less than 2 hours.
**BIA Owner**
The person who is responsible for this disaster recovery assessment.
{% endtab %}
{% endtabs %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://manual.harpe.io/start/manual/assets/adding-an-asset.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.