This document was mainly designed for the purposes of protecting and safeguarding organizational resources, maintaining accurate records of the organizations physical and logical assets as well as establishing the policies and procedures required for asset control. The policies set forth in this document will help in the preventing the loss of physical organizational assets, software or data.
This policy is designed to:
lay out all the necessary requirements that are needed to ensure that information systems are used within their contractual and defined limits.
Delegate your assignment to our experts and they will do the rest.
protect the organization from the risks associated with poor and improper management of IT systems.
establish the procurement and management processes of IT assets and systems.
ensure that all the IT assets and systems are registered within the IT departments management systems.
ensure that all organizational assets are maintainable, compatible, correctly licensed and supported within the organization structure.
Scope
The policies outlined in this document apply to all the computer information systems and assets that are purchased by or on behalf of the organization. This includes:
All computer information systems
Individual pieces of computerized systems and equipment
Software products used by the organization.
Any equipment owned by the organization or personal that is connected to or used with the infrastructure implemented by the organization
This policy applies to all individuals (employees, stakeholders, partners, contactors, suppliers and customers) who intend to procure or use IT assets and systems by or on behalf of the organization.
Delegation of the IT Asset Management Authority
The IT director shall be responsible for the administration and enforcement of this policy.
The IT director may devolve the authority for the function of asset management.
Heads of branches may delegate the asset management function to a member of their staff.
Each person delegated with the authority if asset management will have to partake the Asset Certification Course within 180 days of being assigned their responsibilities.
Guiding Statements
All IT systems and hardware will be purchased in harmony with organizational procurement protocols.
The IT department shall be responsible for providing support and maintenance either directly or through a third party.
In the event that a refresh budget has been allocated, the oldest equipment shall be prioritized. The hardware refresh process may also include equipment whose life cycle had not expired.
All hardware assets that are whose life cycle is considered to have expired should be withdrawn and not reallocated into service.
With regards to the issue or installation of new IT hardware, all relevant equipment details will be recorded in the organization’s IT asset register.
Guiding Principles
Safeguard the integrity and accuracy of all financial and administrative recording of the organization’s assets.
Safeguard all IT assets, software and information systems procured.
Promote due care in the management of all procures assets.
Safeguard organizational interests in the disposal of assets.
Assets Tracked
Computer Systems – Laptops and Desktops
Networking Equipment – Routers, Switches, Firewalls, Servers
Copiers, Fax Machines, Printers
Handheld Devices
VoIP desk phones
Miscellaneous hardware
IT Asset Management Policy
It is within the scope of the IT department to define the standards on how IT assets shall be managed and ensure that they conform with organizational, federal, and agency mandates and procedures. This policy establishes the guiding business principals and rules for managing IT resources throughout their lifecycles.
The organization shall:
Provide training and empower the employees to attend the relevant trainings in Software Asset Management (SAM) and Software License Management) to help strengthen the understanding of both legal and compliance requirements. This also includes the needed guidelines and expectation in the protection of intellectual property rights.
Regularly conduct assessments on IT asset inventories and their usage for the purposes of establishing controls to ensure the maximum use of installed software, IT equipment and services for the benefit of the organization.
Maintain and track IT asset data by tracking equipment from their point of purchase, to usage, disposal and requirements as well as the data collected at integration points with ITSM.
Analyze the usage and any other relevant data that the organization has for the purposes of making cost effective decisions and inform the IT department for resource planning, budgeting and future acquisitions.
Right-size the number of devices (desktops, laptops and mobile phones) issued out to the employees by IT that is consistent with the regulations as stipulated in the Telework Enhancement Act of 2010.
Strive to develop, maintain and promote knowledge sharing sessions to end users on this policy and the IT Asset Management (ITAM) processes and procedures, as well as how they integrate with other policies and process that are in harmony with the management of IT services and assets.
Be responsible for building centralized ITAM services and processes that around the following lifecycle stages: (I) Planning and budgeting; (II) Purchase; (III) Deployment; (IV)Management; (IV) Disposal.
Safeguard the planning and budgeting phase on the acquisition of IT asset and make sure that they are associated with the compromised system being disposed or replaced.
Purchase and implement an IT asset tracking and management tool for both internal and external workers that supports the core lifecycle processes as well as the integration of other solutions.
Monitor the performance and usage of all IT assets and systems by developing compliance reports and key performance indicators. Factors to be considered include:
the number of software licenses being used relative to the total number of licenses that were purchased and deployed.
the number of software assets that are maintained as per the contract.
References
Omar, S. (2019). Developing Cybersecurity Programs and Policies . Pearson Education
