When managing information security and privacy, it's important to understand how vendors, IT systems, and information assets are connected. These three elements form the foundation of your organization's digital ecosystem—and securing them is essential. This relationship shapes the context of your digital security management.
Security risk assessments can consider IT system, but also who provides it (vendor) and what it holds (information asset).
Privacy compliance (like GDPR) often requires mapping which vendors process personal data, on which systems, and for what purpose.
Access control, incident response, and data protection measures must be aligned across all three.
The Vendor Registry in Diri helps your organization keep track of all external vendors and service providers that may impact your information security or privacy compliance. Vendors are external parties who provide services, software, infrastructure, or support. This can include:
Why it matters: Vendors often have access to your systems or data, or process data on your behalf. Their security practices directly impact your organization’s risk.
The IT System Registry in Diri gives you a complete overview of the digital systems your organization uses—whether they're internal platforms, cloud services, or vendor-supplied tools. IT systems are the tools and platforms your organization uses to operate—many of which are delivered or maintained by vendors. Examples include:
Why it matters: These systems store, process, or transmit your organization’s information assets. Any vulnerabilities in these systems can expose data to unauthorized access or loss.
The Asset Register is a listing of all the assets that your users can see in the Diri application. The assets can be sorted according to location, risk assessment type, name, asset type, and criticality. And you can filter and search through your assets using the filtering function.
Information assets are the data and records that are valuable to your organization. These can include:
Why it matters: Protecting information assets is at the heart of both information security (confidentiality, integrity, availability) and privacy compliance (e.g., GDPR).
Information is ranked according to information classification standards:
The CIA levels are configured in the settings.