Aligned with the frameworks
you already report to.
Struktive doesn't just normalise your asset data — it structures it to meet the documentation requirements of the security, regulatory, and industry standards your organisation already follows.
Security & Audit
SOC 2 · ISO 27001 · NIST SP 800-53 · PCI DSS
SOC 2 — Common Criteria 6.1
Logical and Physical Access Controls. Requires a complete, auditable inventory of all system components with documented chain of custody.
- Complete asset register with hostname, vendor, model, serial number, and location
- Transformation audit trail showing every normalisation change made to each record
- Duplicate detection register identifying assets that appear more than once
- Chain-of-custody metadata linking each output row to its source input row
ISO/IEC 27001:2022 — Annex A Control 5.9
Inventory of Information and Other Associated Assets. Requires organisations to identify, document, and maintain an inventory of assets associated with information and information processing facilities.
- Normalised asset register with asset type classification (Compute, Storage, Network, Power, Cooling)
- Vendor and model normalisation resolving aliases to canonical names
- Location hierarchy standardisation (site > hall > row > rack > unit)
- Asset status classification (Active, Inactive, Decommissioned, Unknown)
NIST Special Publication 800-53 — Control CM-8
Information System Component Inventory. Requires organisations to develop and document an inventory of information system components that accurately reflects the current system.
- Component inventory with make, model, serial number, and location fields
- Asset category and sub-category classification for each component
- Change history tracking via transformation audit trail
- Exception and anomaly register for components that could not be fully normalised
PCI DSS v4.0 — Requirement 12.5.1
Inventory of System Components in Scope. Requires a documented inventory of all system components that are in scope for the cardholder data environment.
- Scoped asset register with location and network segment fields
- Vendor and model normalisation for accurate component identification
- Duplicate detection to prevent double-counting of in-scope components
- Data quality score per record to flag low-confidence entries for manual review
European Regulatory
EU EED 2024/1364 · EN 50600 · NIS2
EU Energy Efficiency Directive — Annex I & II
Requires data centre operators above 500 kW IT load to report annual energy consumption, IT equipment inventory, and cooling infrastructure to the European Commission.
- IT power demand classification by asset category (server, storage, network)
- Rack count and rack unit utilisation summary
- Cooling equipment inventory with classification (CRAC, CRAH, in-row, liquid)
- UPS and power distribution inventory for PUE calculation support
EN 50600 — European Data Centre Standard
The European equivalent of TIA-942. Defines availability classes (1–4), physical security requirements, energy efficiency metrics, and telecommunications cabling infrastructure standards for data centres.
- Infrastructure category classification aligned to EN 50600 availability classes
- Physical location hierarchy documentation (site, building, room, row, rack)
- Power and cooling equipment classification for redundancy documentation
- Vendor and model normalisation for accurate infrastructure mapping
EU Network and Information Security Directive 2 (2022/2555)
In force since October 2024. Broadens the EU's cybersecurity regime to cover more sectors including data centre operators serving essential or important entities. Requires supply chain visibility, change tracking, and business continuity documentation.
- Complete asset register with vendor and supply chain provenance
- Change tracking via transformation audit trail (what changed, when, from what source)
- Duplicate and anomaly detection for data integrity assurance
- Asset status classification supporting business continuity planning
Industry Standards
TIA-942 · ASHRAE TC 9.9
TIA-942 — Telecommunications Infrastructure Standard for Data Centers
Defines four infrastructure ratings (Rating 1–4) covering power, cooling, cabling, and physical security. The North American equivalent of EN 50600 and widely referenced in global DC procurement.
- Infrastructure category breakdown by asset type and location
- Power and cooling equipment classification for redundancy tier documentation
- Physical location hierarchy aligned to TIA-942 space planning requirements
- Vendor and model normalisation for accurate infrastructure mapping
ASHRAE Technical Committee 9.9 — Thermal Guidelines for Data Processing Environments
Defines equipment thermal classes (A1–A4, H1) and recommended temperature/humidity operating ranges. Used by facilities engineers for cooling adequacy assessment and capacity planning.
- Server and compute equipment classification by thermal class (A1–A4) based on vendor/model
- Cooling equipment inventory (CRAC, CRAH, in-row, liquid cooling) for cooling capacity planning
- IT load distribution by rack and row for hot-spot identification
- Equipment age and model data supporting thermal class assignment
DORA — Financial Sector
In force Jan 2025The Digital Operational Resilience Act applies to banks, insurers, and their ICT service providers. DORA requires a complete ICT asset inventory, third-party dependency mapping, and defensible documentation of change management processes — all of which Struktive's audit trail and asset register directly support.
DORA is sector-specific and not included in the main framework grid above. If your customers include financial services firms or you operate as an ICT third-party provider to regulated entities, contact us to discuss how Struktive's outputs map to your DORA obligations.