I have a question about which assets to select in the risk register, for instance, in the IT and communication equipment category. We certify Company A, which is a subsidiary of Company B. The equipment Company A uses (server rooms, servers, desktop computers, notebooks, and small stuff) belongs to the Company B and Company A rents it. The alarm system and key cards are also provided by the Company B for the subsidiaries. Do we only select assets that are owned by Company A, or all assets that are used by Company A?