Last Reviewed: 2026-06-25
Reviewer Role: Insider Risk / Legal / Privacy review
Assets ModuleInteractive Sheet
Crown Jewel Registry Template
A crown jewel registry identifies data, systems, facilities, intellectual property, and business processes whose compromise or misuse would create outsized harm.
Primary Audience & Scope
Data owners, business owners, security leaders, risk teams
When to Use
- •Starting or updating a related process.
- •Preparing a downloadable template or checklist.
- •Documenting a repeatable review.
Interactive Work Area
Fill or track items interactively and copy out to your Clipboard
Template Table Structure
| Field | Reader input / completion prompt |
|---|---|
| Asset name | — |
| Business owner | — |
| Data owner/steward | — |
| Asset category | — |
| Business impact | — |
| Sensitivity drivers | — |
| Access populations | — |
| Systems/locations | — |
| Approved sharing channels | — |
| Current controls | — |
| Monitoring coverage | — |
| Review date | — |
Checklist Audit List
0% Done(0/5)
Check
Checklist item
Name only assets with material business impact.
Evidence: Owner / date / evidence
Assign business owner and data owner.
Evidence: Owner / date / evidence
Document access populations.
Evidence: Owner / date / evidence
Map protection and monitoring coverage.
Evidence: Owner / date / evidence
Review after business, system, or ownership change.
Evidence: Owner / date / evidence
What Completion Looks Like
- 1Required fields completed.
- 2Owner and review date captured.
- 3Legal/privacy review performed where relevant.
- 4Output linked to related procedure or risk register.
Insider Risk Capability Framework™ (IRCF™) Alignment
Primary IRCF™ Component
Data ProtectionProgrammatic RelevanceProvides a reusable artifact for accountable insider risk work.
Non-legal-advice Compliance NoteThis resource is a planning aid and does not provide legal advice. Organizations should adapt it to their policies, jurisdictions, labor obligations, privacy requirements, contracts, and risk appetite. Sensitive monitoring, investigation, employment, evidence, legal hold, and employee-data activities should be reviewed by appropriate Legal, Privacy, HR, Compliance, and labor stakeholders before use.
Operationalize This Template in RiskTKO®
Use RiskTKO® or request ITMG® support to adapt this template, align it to the Insider Risk Capability Framework™, and connect the output to measurable exposure reduction. Sensitive Data Inventory Checklist