Technology Register
Control & DirectionThe Technology Register is the authoritative catalog of every security technology in your organization. It replaces ad-hoc spreadsheets and tribal knowledge with a structured, searchable, and auditable record of your security tooling landscape. Each technology entry captures status, criticality, cost, vendor relationships, and the capabilities that tool delivers.
The Technology Register integrates with Capability Library (capability mapping), Risk Coverage (coverage contributions), Vendor Risk (vendor profile linking), Platform Evaluation (evaluation linking), Control Framework (control mapping), and Artifacts (evidence attachment).
Viewing the technology list
Navigate to Stack & Coverage > Technology Register to view all technologies in an editable table. The list supports inline editing, so you can update fields directly without opening each record. Use the status and category filters above the table to narrow the view to specific subsets of your portfolio.
Creating a technology
Open the creation form
Click New Technology from the Technology Register page. The creation form opens with all available fields.
Provide technology details
Fill in the following fields:
| Field | Description | Required |
|---|---|---|
| Name | The name of the technology (e.g., “CrowdStrike Falcon”) | Yes |
| Category | A classification for grouping (e.g., “EDR”, “SIEM”, “WAF”) | No |
| Status | The current lifecycle status (see status table below) | No |
| Criticality | How critical this technology is to your security program | No |
| Owner | The user responsible for managing this technology | No |
| Business Owner | The business stakeholder accountable for the technology | No |
| Annual Cost | The annual cost in the smallest currency unit (cents) | No |
| Cost Currency | The currency for the annual cost (e.g., “USD”, “GBP”) | No |
| Cost Confidence | How confident you are in the cost figure (Estimate, Budget, or Invoice) | No |
| Renewal Date | When the license or contract renews | No |
| Notes | Free-text notes about the technology | No |
Link to a vendor profile
Select a Vendor Profile from the Vendor Risk module to associate this technology with its vendor. This creates a traceable link between your technology investments and your third-party risk assessments.
Link to a platform evaluation
If this technology was assessed through a Platform Evaluation, select the evaluation record to connect the purchase decision to the evaluation criteria and outcomes.
Save the technology
Click Save to create the record. The technology appears in the register with a default status of Planned if no status was selected.
Technology statuses
Technologies move through lifecycle statuses that reflect their current state in your portfolio:
| Status | When to use |
|---|---|
| Planned | The technology has been identified but not yet deployed |
| Active | The technology is fully deployed and operational |
| Pilot | The technology is being evaluated in a limited deployment |
| Retiring | The technology is being phased out and replaced |
| Retired | The technology has been fully decommissioned |
Update the status from the list view via inline editing or from the technology detail page.
Criticality levels
Assign a criticality level to reflect how important the technology is to your security operations:
| Criticality | Description |
|---|---|
| Low | Supports non-essential or supplementary functions |
| Medium | Supports important but not mission-critical functions |
| High | Supports critical security functions with limited alternatives |
| Critical | Essential to core security operations; failure would cause significant impact |
Cost tracking
Each technology can track annual cost with supporting metadata to improve financial accuracy:
- Annual Cost is stored in the smallest currency unit (e.g., cents for USD) to avoid floating-point issues
- Cost Currency specifies the currency code (e.g., “USD”, “EUR”, “GBP”)
- Cost Confidence indicates the reliability of the cost figure:
| Confidence | Description |
|---|---|
| Estimate | A rough approximation, not backed by formal documentation |
| Budget | Based on approved budget figures or procurement plans |
| Invoice | Verified against an actual invoice or contract |
Cost data feeds into the Portfolio Dashboard for spend analysis and overlap detection.
Bulk CSV import and download
To populate the register quickly, use the CSV import feature. Click Import CSV from the Technology Register toolbar and upload a CSV file with columns matching the technology fields. The import validates each row and reports any errors before committing records.
To export the current register, click Download CSV to generate a file containing all technologies and their fields. This is useful for offline analysis, sharing with stakeholders, or migrating data.
Add from catalog
Click Add from Catalog to browse a pre-populated list of common security technologies. Selecting an entry from the catalog pre-fills the name, category, and suggested capabilities, saving time when building your initial register.
Technology detail page
Click any technology in the register to open its detail page. The detail page shows all fields, linked capabilities, coverage contributions, and related records. From here you can:
- Edit any field on the technology
- View and manage capability links with strength assignments (Primary, Secondary, Deprecated)
- View coverage contributions showing which risk scenarios this technology supports
- Manage control links connecting the technology to controls in your Control Framework
- Manage artifact links attaching evidence documents, configuration exports, or compliance reports
Linking to controls and artifacts
From the technology detail page, you can associate the technology with tenant controls from the Control Framework and with artifacts from Artifact Management. Control links document how the technology supports specific security controls, while artifact links attach evidence such as configuration screenshots, audit reports, or penetration test results. Each link supports an optional notes field for additional context.
Permissions
Managing the Technology Register requires the securityPortfolio:manage permission. Users with this permission can create, edit, import, and delete technologies. Users with securityPortfolio:read can view the register and technology detail pages but cannot make changes.