User Manual
A step-by-step guide to the most common tasks in Scoutmon — from adding your first asset to running onboarding workflows, managing compliance evidence, and reading your reports.
Dashboard overview
After signing in, you land on the Overview dashboard. If this is a new account with no assets yet, you'll see a Getting Started guide with quick-add shortcuts for the most common asset types.
Once you have assets, the overview shows four summary cards, charts by category and status, an expiry timeline, and a health score. If there are items requiring attention — such as expired assets, upcoming expirations, licences over capacity, or pending BYOD approvals — a dismissable banner appears at the top of the Overview. The banner auto-reappears after 24 hours if the issues remain. The screen is divided into three areas:
- Left sidebar — navigate between assets, vendors, compliance, people, workflows, reports, and settings.
- Main panel — the active view (asset table, report, compliance tool, etc.).
- Top bar — search, notifications bell, health score indicator, and your profile menu.
Admin accounts have access to the full sidebar including Users, Settings, Compliance, and Vendor Audits. Standard user accounts see only the sections their admin has granted them access to.
Adding an asset
In the sidebar, click the asset category you want — e.g. Hardware, SaaS Applications, or Contracts & Agreements. This filters the table to that category.
The button appears in the top-right of the asset table. A panel slides open on the right.
Choose a subcategory from the dropdown (e.g. Laptop under Hardware). The form fields update to match the selected type.
Enter the asset name and any other relevant fields. All fields except Name are optional. Common fields include serial number, location, assigned user, vendor, purchase date, and warranty/renewal date.
The asset is created and an auto-generated asset tag (e.g. HW-0042) is assigned. You can customise the tag format in Settings → Asset Tag Settings.
When filling in the Vendor field, you can type a new vendor name and click New to create it on the fly without leaving the asset form.
Editing & updating an asset
Click any row in the asset table to open the detail panel. From there you can:
- Edit any field by clicking the Edit button
- Change the Status (Active, In Storage, Under Repair, Disposed, etc.)
- Change the Condition (Good, Fair, Poor)
- View the full Audit History — every change is logged with the user and timestamp
- Generate a QR Code for physical labelling
- Delete the asset (admin only)
Asset statuses
| Status | Meaning |
|---|---|
| Active | In use and assigned |
| In Storage | Available but not currently deployed |
| Under Repair | Out for service |
| Pending | Awaiting approval or setup |
| Disposed | Decommissioned and removed from active inventory |
Searching & filtering
The search bar at the top of the asset table searches across asset name, asset tag, and serial number in real time — no need to press Enter.
To narrow by category or subcategory, click the relevant item in the left sidebar. The global search (magnifying glass icon in the top bar) searches across all categories at once.
Bulk actions
You can update multiple assets at once without opening each one individually.
Tick the checkbox at the left of each asset row you want to update. A bulk action bar appears at the bottom of the screen showing how many are selected.
In the bulk action bar, choose one or more of: Status, Location, or Owner. Leave fields blank to leave them unchanged.
All selected assets are updated in one go. The changes are recorded in the audit history of each asset.
Importing assets from CSV
The CSV importer is in Settings → Asset Import.
Choose the type of asset you're importing. The importer shows the correct column format for that type.
Click Download Template CSV. Open it in Excel or Google Sheets — it includes a header row and one example row showing the expected format.
Replace the example row with your real data. Leave optional columns blank — do not delete the columns themselves. Dates should be in YYYY-MM-DD format.
Drag the filled CSV onto the upload area, or click to browse. Then click Import. A summary shows how many rows were created and any rows that had errors.
Each CSV import is for one asset subcategory. If you have hardware and licences to import, run the importer twice — once for each type.
Exporting data
Scoutmon supports two export formats:
- JSON export — click the Export button in the top bar of the asset view to download a full JSON backup of all your assets.
- CSV reports — individual reports can be exported to CSV from the Reports section.
QR codes & asset tags
Every asset is automatically assigned an asset tag when created (e.g. HW-0001, SW-0042). You can customise the prefix and starting number in Settings → Asset Tag Settings.
Generating a QR code
Click any asset row to open its detail panel.
A modal opens showing the QR code for that asset. The code encodes the asset's tag ID.
Click Download PNG to save the image. Print and attach to the physical asset for easy scanning.
Vendor register
The vendor register lives under Vendors → Vendor List in the sidebar. It tracks all third-party suppliers, software vendors, and service providers your organisation uses.
Click Seed Common Vendors in the Vendor List to instantly add 20+ common IT vendors (AWS, Microsoft, Adobe, Slack, etc.) with pre-filled categories and risk ratings.
Adding a vendor
Key fields: Name, Category (e.g. Cloud, SaaS, Professional Services), Risk Rating (Low / Medium / High / Critical), Compliance Status, and optional links to their trust centre and privacy policy.
If the vendor requires periodic review, set the Next Audit Date. Scoutmon will alert you when it falls overdue.
Risk ratings
| Rating | Typical use |
|---|---|
| Low | No access to sensitive data; low dependency |
| Medium | Access to non-critical systems; moderate dependency |
| High | Access to customer or employee data |
| Critical | Core infrastructure, payment processing, or regulated data |
Vendor audits
Go to Vendors → Vendor Audits & Compliance to log audit results against your vendors.
Record the audit date, outcome, findings, and any remediation notes. You can also attach a document URL.
The vendor's Last Audit date is updated, and the next audit alert is reset based on the vendor's audit schedule.
Supplier agreements
Supplier agreement details are managed directly within each vendor record. Open any vendor and click Edit to access the Supplier Agreements section.
For each vendor you can record:
- DPA — whether a Data Processing Agreement is in place, its expiry date, and a link to the document
- Supplier contract / MSA — whether a signed contract is in place, its expiry date, and a link to the document
- Notes — reference numbers, signatory names, or document storage location
Once saved, the vendor detail panel shows DPA ✓ / DPA ✗ and Contract ✓ / Contract ✗ status badges with expiry dates and links to view the documents.
To see a summary across all vendors, go to Reports → Supplier Agreements. This report shows all vendors with DPA and contract status, expiry dates, and allows CSV export. Use the filter to focus on vendors with missing or expiring agreements.
Tracking licence seats
Assets under Licences & Software support seat tracking. When you add a licence asset, set the Number of Seats field.
To assign a seat to a user, open the licence asset and use the Licence Seats panel to add or remove assigned users. The dashboard summary card shows how many licences are Over capacity at a glance.
When a licence reaches or exceeds its seat limit, a notification is generated and the licence appears in the Licences over capacity counter on the dashboard.
Inviting team members
Go to Users & Permissions in the sidebar (admin only).
Choose Admin or User. Admins have full access; users see only what their permissions allow.
The invitee receives an email with a link to set their password and join the workspace. The link expires after 72 hours.
Roles & permissions
Each user account has a base role (Admin or User). For User accounts, you can further restrict which asset categories they can view and manage.
Enable or disable each asset category for that user. By default, new users have access to all categories.
Changes take effect on the user's next page load or login.
BYOD management
BYOD (Bring Your Own Device) lets you register and track employee-owned devices that access company resources. Go to People → BYOD Devices (admin only).
How BYOD works
- An admin sends an acknowledgement form to an employee — the form contains your acceptable use policy and BYOD terms.
- The employee receives an email with a link. They fill in their device details (type, OS, make/model) and digitally sign the form.
- The signed device appears in the BYOD register. Admins can approve or review it and see the full signed form for audit purposes.
Sending an acknowledgement form
Select the employee from your user list and set a due date.
The default template includes standard BYOD policy language. You can edit it before sending or configure your default template under Settings.
Pending and signed acknowledgements are shown in the register. Click the 👁 icon on any signed form to view the full signed content for audit purposes.
The signed acknowledgement form record (including form text, signatory name, and timestamp) is stored permanently and can be reviewed at any time to demonstrate compliance during an audit.
Training register
The Training Register helps you track security awareness and compliance training completions across your team. Go to People → Training Register.
Setting up training courses
Enter a course name (e.g. "Security Awareness Training 2026") and optional description.
For each course, click + Add Record to log a completion. Select the user, set the status (Pass, Fail, or Not Started), and enter the completion date and any notes.
The training register gives you a quick view of who has completed required training and when — useful for ISO 27001 Annex A controls and SOC2 security training requirements.
Creating workflow templates
Workflows automate the checklists you run when someone joins or leaves the organisation. Go to Onboarding & Offboarding in the sidebar, then click the Templates tab.
Give it a name (e.g. "Standard Onboarding — Engineer") and choose the type: Onboarding or Offboarding.
Click + Add Task to add each checklist item. For each task, set a Title, optional description, and Task Type (Manual or System Access).
The template is now available to use whenever you start a new onboarding or offboarding run.
Running a workflow
To start a new run, go to Onboarding & Offboarding → Runs tab.
Choose the workflow template and the user it applies to (the person joining or leaving).
The run appears under In Progress. Click it to open the task list and tick off tasks as you complete them. Each task records who marked it done and when.
When all tasks are ticked, the run moves to the History list with a completion timestamp.
Risk Register
Go to Compliance → Risk Register. The Risk Register helps you identify, score, and manage information security risks for ISO 27001 and SOC2 compliance.
Adding a risk
Click + Add Risk and fill in the risk details:
| Field | Notes |
|---|---|
| Title | Short name for the risk (required) |
| Description | Detailed description of the risk scenario and potential impact |
| Category | People, Technology, Process, Physical, Legal/Compliance, or Financial |
| Likelihood (1–5) | 1 = Rare, 5 = Almost Certain |
| Impact (1–5) | 1 = Negligible, 5 = Catastrophic |
| Treatment | Accept, Mitigate, Transfer, or Avoid |
| Treatment Notes | Controls in place or planned actions |
| Risk Owner | Team member responsible for this risk |
| Status | Open, In Progress, or Closed |
| Review Date | When this risk should next be reviewed |
The Risk Score (Likelihood × Impact) is calculated automatically. Scores are categorised as:
| Score | Level |
|---|---|
| 1–4 | Low |
| 5–9 | Medium |
| 10–14 | High |
| 15–25 | Critical |
Using risk templates
Click 📋 Templates to browse 31 pre-built risk templates covering common IT security, privacy, and operational risks. Filter by category (People, Technology, Process, Physical, Legal/Compliance, Financial), select the risks relevant to your organisation, and click Import to add them all at once.
Imported templates come with suggested likelihood, impact, and treatment values. Review and adjust them to reflect your organisation's actual risk appetite and controls.
Risk categories
The default categories are People, Technology, Process, Physical, Legal/Compliance, and Financial. You can customise these in Settings → Risk Categories — add your own categories or remove ones that don't apply.
Access Reviews
Go to Compliance → Access Reviews. Periodic access reviews demonstrate that user access to third-party systems is reviewed and appropriate — a key control for ISO 27001 (A.9.2.5) and SOC2.
Conducting an access review
Enter a title (e.g. "Q1 2026 Vendor Access Review"), review date, and optional notes about the scope or method.
Tick the vendors whose access you want to review. Click Load Users → to fetch all users who have access through those vendors (via assigned assets or licence seats).
For each user shown, select a decision: Confirmed (access appropriate), Modified (access needs changing), or Revoked (access should be removed). Add reviewer notes where needed.
The review is saved with a timestamp and all decisions. It appears in the review history and can be exported as evidence.
Access reviews pull users from assigned assets and licence seats linked to vendors. Make sure your assets have vendors and assigned users set — otherwise the user list will be empty for that vendor.
Configurable risk scoring labels
By default the Risk Register uses standard labels for likelihood (Rare, Unlikely, Possible, Likely, Almost Certain) and impact (Negligible, Minor, Moderate, Major, Catastrophic). If your organisation uses different terminology, you can customise these labels.
Admin accounts see a ⚙ Scoring button in the risk table header.
A modal opens with five text inputs for likelihood (1–5) and five for impact (1–5). Update them to match your organisation's risk framework.
The new labels are saved for your company and appear immediately in the add/edit risk form and the risk detail view. The numeric scores (1–5 × 1–5) remain unchanged.
Reports
Go to Reports in the sidebar. The following reports are available:
| Report | What it shows |
|---|---|
| Asset Inventory | Full list of all assets with status, category, value, and assigned user |
| Cost per Employee | Total asset value attributed to each team member |
| Licence Utilisation | Seat usage vs capacity for all licence assets |
| Warranty / Renewal Timeline | Assets with upcoming expiry dates over the next 90 days |
| Assets by Location | Breakdown of assets grouped by physical location |
| Assets by Status | Count of assets in each status across the organisation |
| Supplier Agreements | DPA and contract status across all vendors — highlights missing, expired, or expiring agreements (admin only) |
Each report has a Export CSV button that downloads the current data as a spreadsheet.
Notifications
The bell icon in the top bar shows unread notifications. Scoutmon generates notifications automatically for:
- Assets with warranty or renewal dates within 30 days
- Licence assets that are at or over seat capacity
- Vendor audits that are past their scheduled date
Admins also receive a Weekly Email Digest every Monday at 8 AM UTC, summarising expiring warranties, EOL dates, licence capacity issues, and overdue vendor audits.
Health score
The health score indicator in the top bar gives a quick read on the overall state of your asset register. It factors in the proportion of assets with complete records, upcoming expiries, overdue audits, and unresolved notifications.
A score of 80+ is green, 60–79 is amber, and below 60 is red. Click the indicator to see a breakdown of what's affecting your score.
Asset tag settings
Go to Settings → Asset Tag Settings (admin only). You can set a custom prefix per asset category. For example, Hardware might use HW- and SaaS might use SAAS-.
The next sequential number is tracked automatically. You can change the starting number at any time — it won't affect existing tags.
Data classification
Classifications let you label assets with a sensitivity level. Go to Settings → Classifications to view or edit your classification scheme.
Default classifications are: Public, Internal, Confidential, and Restricted. Each has handling requirements (labelling, disposal, access controls) that appear when the classification is assigned to an asset.
To assign a classification, open any asset and set the Classification field in the edit form.
Risk categories
Go to Settings → Risk Categories to customise the categories available in the Risk Register. The defaults are: People, Technology, Process, Physical, Legal/Compliance, and Financial.
You can add new categories specific to your organisation (e.g. "Operational", "Reputational") or delete categories you don't use. To delete a default category, Scoutmon will first save the defaults to your account so they can be individually removed.
Locations
Locations represent physical places where assets are kept — offices, server rooms, warehouses, etc. Manage them under Settings → Locations.
Once created, locations appear as options in the Location field on any asset form and in the Assets by Location report.
Your profile
Click your name or avatar in the top-right corner to open the profile menu. From here you can:
- Update your display name
- Change your password
- Toggle between light and dark mode
- Enable two-factor authentication (TOTP) using an authenticator app
- Sign out
Sending feedback
A feedback button is always visible in the bottom-right corner of the app. Click it to submit a message and optional star rating (1–5) directly to the Scoutmon team. Submissions are stored privately and reviewed by the platform administrators — you won't receive a reply in-app, but all feedback is read and used to improve the product.
If something isn't covered here, contact us and we'll get back to you within one business day.