Organization: JE Vectors LLC (product: Nquiry)
Last Updated: 2026-02-04
Owner: Security Officer
This document maintains an inventory of all information assets for compliance with HIPAA, FedRAMP, and SOC 2 requirements.
1. Infrastructure Assets
1.1 AWS Services
| Asset ID | Service | Purpose | Data Classification | Region | Owner |
|---|
| AWS-001 | AWS ECS Fargate | Application hosting | Confidential | us-east-1 | DevOps |
| AWS-002 | Amazon RDS PostgreSQL | Primary database | Confidential/PHI | us-east-1 | DevOps |
| AWS-003 | Amazon S3 | Evidence file storage | Confidential/PHI | us-east-1 | DevOps |
| AWS-004 | Amazon Cognito | User authentication | Confidential | us-east-1 | DevOps |
| AWS-005 | AWS Bedrock | AI analysis | Confidential/PHI | us-east-1 | DevOps |
| AWS-006 | Amazon ElastiCache | Rate limiting (Redis) | Internal | us-east-1 | DevOps |
| AWS-007 | AWS CloudWatch | Monitoring & logging | Internal | us-east-1 | DevOps |
| AWS-008 | AWS Secrets Manager | Credential storage | Confidential | us-east-1 | DevOps |
| AWS-009 | AWS KMS | Encryption key management | Confidential | us-east-1 | DevOps |
| AWS-010 | AWS VPC | Network isolation | Internal | us-east-1 | DevOps |
| AWS-011 | Amazon ECR | Container image registry | Internal | us-east-1 | DevOps |
| AWS-012 | Amazon ALB | Load balancing & TLS | Confidential | us-east-1 | DevOps |
| AWS-013 | Amazon CloudFront | CDN & TLS termination | Confidential | us-east-1 | DevOps |
| AWS-014 | Amazon Route53 | DNS management | Internal | us-east-1 | DevOps |
| AWS-015 | AWS ACM | TLS certificate mgmt | Confidential | us-east-1 | DevOps |
| AWS-016 | AWS IAM (OIDC) | GitHub Actions CI/CD auth | Internal | us-east-1 | DevOps |
1.2 Third-Party Services
| Asset ID | Service | Purpose | Data Classification | Owner |
|---|
| SVC-001 | Stripe | Payment processing | PCI (no PHI) | Finance |
| SVC-002 | Sentry | Error tracking | Internal | DevOps |
| SVC-003 | GitHub | Source code repository | Confidential | Dev |
2. Application Assets
2.1 Source Code Repositories
| Asset ID | Repository | Description | Classification | Access |
|---|
| REPO-001 | investigation-app | Main application | Confidential | Dev team |
2.2 Application Components
| Asset ID | Component | Description | Technology | Data Access |
|---|
| APP-001 | Web Application | User interface | Next.js 16 | All user data |
| APP-002 | API Routes | Backend endpoints | Next.js API | All user data |
| APP-003 | AI Analysis Engine | Claude integration | AWS Bedrock | Investigation data |
| APP-004 | Auth System | User authentication | Cognito + custom | User credentials |
| APP-005 | Audit System | Compliance logging | Custom | All actions |
3. Data Assets
3.1 Database Tables
| Asset ID | Table | Description | Classification | Retention |
|---|
| DB-001 | organization | Organization records | Internal | Indefinite |
| DB-002 | organization_member | Membership records | Internal | Indefinite |
| DB-003 | user_profile | User profiles | Confidential | Per GDPR |
| DB-004 | investigation | Investigation records | Confidential/PHI | 7 years |
| DB-005 | evidence | Evidence items | Confidential/PHI | 7 years |
| DB-006 | evidence_attachment | File metadata | Confidential/PHI | 7 years |
| DB-007 | topic | Investigation topics | Confidential/PHI | 7 years |
| DB-008 | question | Investigation questions | Confidential/PHI | 7 years |
| DB-009 | analysis | AI-generated analysis | Confidential/PHI | 7 years |
| DB-010 | report | Generated reports | Confidential/PHI | 7 years |
| DB-011 | audit_log | Audit trail | Confidential | 7 years |
| DB-012 | billing_subscription | Billing records | PCI/Confidential | 7 years |
3.2 File Storage (S3)
| Asset ID | Bucket | Content | Classification | Retention |
|---|
| S3-001 | evidence | User-uploaded evidence | Confidential/PHI | 7 years |
| S3-002 | framework-documents | Reference documents | Confidential | Indefinite |
3.3 Logs
| Asset ID | Log Type | Location | Classification | Retention |
|---|
| LOG-001 | Application logs | CloudWatch | Internal | 90 days |
| LOG-002 | Audit logs | RDS (audit_log) | Confidential | 7 years |
| LOG-003 | Access logs | S3 access logs | Internal | 90 days |
| LOG-004 | VPC flow logs | CloudWatch | Internal | 90 days |
4. Cryptographic Assets
4.1 Encryption Keys
| Asset ID | Key Type | Purpose | Management | Rotation |
|---|
| KEY-001 | RDS encryption key | Database encryption at rest | AWS KMS | Annual |
| KEY-002 | S3 encryption key | File encryption at rest | AWS KMS | Annual |
| KEY-003 | MFA encryption key | TOTP secret encryption | Secrets Manager | On compromise |
| KEY-004 | Session signing key | JWT/session tokens | Cognito managed | Automatic |
4.2 Certificates
| Asset ID | Certificate | Purpose | Issuer | Expiration |
|---|
| CERT-001 | *.amplifyapp.com | TLS for staging | AWS | Auto-renewed |
| CERT-002 | app.nquiry.ai | TLS for production | AWS ACM | Auto-renewed |
5. Access Credentials
5.1 Service Accounts
| Asset ID | Account | Purpose | Storage | Rotation |
|---|
| CRED-001 | RDS admin | Database administration | Secrets Manager | Quarterly |
| CRED-002 | S3 access | File operations | IAM role | N/A |
| CRED-003 | Bedrock access | AI API calls | IAM role | N/A |
| CRED-004 | Stripe API keys | Payment processing | Env vars | Annual |
| CRED-005 | Sentry DSN | Error reporting | Env vars | On compromise |
5.2 User Accounts (Administrative)
| Asset ID | Account Type | Purpose | MFA Required |
|---|
| ADMIN-001 | AWS root | Emergency access | Yes |
| ADMIN-002 | AWS IAM admin | Infrastructure management | Yes |
| ADMIN-003 | GitHub admin | Repository management | Yes |
| ADMIN-004 | Stripe admin | Billing management | Yes |
6. Network Assets
6.1 VPC Configuration
| Asset ID | Component | CIDR | Purpose |
|---|
| NET-001 | VPC | 10.0.0.0/16 | Isolated network |
| NET-002 | Public subnets | 10.0.1.0/24, 10.0.2.0/24 | Load balancers, NAT |
| NET-003 | Private subnets | 10.0.10.0/24, 10.0.20.0/24 | RDS, ElastiCache |
6.2 Security Groups
| Asset ID | Group | Inbound | Outbound | Associated Resources |
|---|
| SG-001 | rds-sg | 5432 from VPC | All | RDS instance |
| SG-002 | redis-sg | 6379 from VPC | All | ElastiCache |
| SG-003 | amplify-sg | 443 from internet | All | Amplify compute |
7. Documentation Assets
| Asset ID | Document | Purpose | Classification | Location |
|---|
| DOC-001 | HIPAA Risk Assessment | Compliance | Confidential | docs/admin/security/ |
| DOC-002 | Security Remediation Plan | Tracking | Confidential | docs/ |
| DOC-003 | Pre-Launch Checklist | Verification | Internal | docs/ |
| DOC-004 | Data Dictionary | Schema reference | Internal | docs/ |
| DOC-005 | Incident Response Plan | Security | Confidential | docs/admin/security/ |
8. Asset Classification Guide
| Classification | Description | Handling Requirements |
|---|
| Public | Information that can be freely shared | No restrictions |
| Internal | Business information for internal use | Access control required |
| Confidential | Sensitive business information | Encryption, access logging |
| Confidential/PHI | May contain protected health information | HIPAA safeguards required |
| PCI | Payment card information | PCI-DSS compliance required |
9. Change Log
| Date | Asset ID | Change | Author |
|---|
| 2026-02-04 | All | Initial inventory | Claude (AI) |
10. Review Schedule
- Monthly: Review access credentials, check for unused assets
- Quarterly: Full inventory review, update classifications
- Annually: Complete asset audit, verify retention compliance