Dec 17, 2018 - 02:26 AM
Even if you do that they will still want you to provide an inventory of installed software along with hardware and configuration information for any servers you have deployed.
Of course, you can push back on such a request with a strong audit defence process - we have plenty of articles and training on how to do that.
Ultimately, this is a risk assessment question for your company. Do they completely trust that their environment is completely locked down? Even a single machine can lead to a substantial non-compliance bill if discovered in an audit.
If cost is a concern might I suggest you run a free inventory tool to get a picture of your environment? I covered those tools in this Market Guide