Asset management is the process of receiving, tagging, documenting, and eventually disposing of equipment. It is critically important to maintain up to date inventory and asset controls to ensure computer equipment locations and dispositions are well known. Lost or stolen equipment often contains sensitive data. Proper asset management procedures and protocols provide documentation that aids in recovery, replacement, criminal, and insurance activities.
This policy provides procedures and protocols supporting effective organizational asset management specifically focused on tangible and intangible informational technology assets
This document is applied to the entire Information Security Management System (ISMS) scope and all personal data processing activities.
Users of this document are all Resolver’s employees
Resolver’s corporate IT department is the main Corporate IT assets Owners
Switches, routers, Wi-Fi access points, VoIP telephony devices, personnel identification, and authentication/access control devices (card-access systems, etc.) and other security devices (CCTV, etc.)
Computing and storage devices e.g. desktops, workstations, laptops, tablets, servers, communications devices (network nodes), printers/copiers/FAX machines and multifunction devices, and other IoT devices.
User authentication services and user administration processes, firewalls, proxy servers, network services, wireless services, anti-spam/virus/spyware, intrusion detection/prevention, teleworking, security, FTP, email/IM, etc., Web services, software maintenance, and support contracts.
Assets that cost less than $350 shall not be tracked, including computer components such as smaller peripheral devices, hard drives, and portable hard drives, and other IoT devices.
However, assets, which store data regardless of cost, shall be tracked either as part of a computing device or as a part of network-attached storage. These assets include:
The following procedures and protocols apply to asset management activities:
An asset-tracking database shall be created to track assets. It shall minimally include purchase and device information including:
Prior to deployment, IT Department staff shall enter the asset information in the asset tracking database. All assets maintained in the asset tracking database inventory shall have an assigned owner.
Personal, financial, legal, research and development, strategic and commercial, email, voicemail, databases, personal and shared drives, backups / digital archives, encryption keys.
Personal, financial, legal, research and development, strategic and commercial, FAXes, and other backup/archival materials, keys to safes/offices, fobs, and other media storage containers.
Knowledge, business relationships, trade secrets, licenses, patents, trademarks, accumulated experience and general know-how, corporate image/brand/commercial reputation/customer confidence, competitive advantage, ethics, productivity.
In-house/custom-written systems, client software (including shared or single-user ‘End User Computing’ desktop applications), ’commercial off-the-shelf’ (COTS), ERP, MIS, databases, software utilities/tools.
DevOps Department
All Virtual servers or deployed on dedicated bare-metal hardware servers are deployed in hosted Virtualization platforms in all Resolver’s production environments shall be tracked in DevOps database inventory.
Please refer to the “Resolver Corporate Applications Business Owners” document.
Please refer to “A.11.2_Resolver_Disposal_and_Destruction_Policy”
This document is valid as of July 2020.
The owner of this document is an Information Security Analyst who must check and, if necessary, update the document at least once a year.
When evaluating the effectiveness and adequacy of this document, the following criteria need to be considered:
EFFECTIVE ON: September 2020
REVIEW CYCLE: Annual at least and as needed
REVIEW, APPROVAL & CHANGE HISTORY: Last time reviewed and approved in August 2020 by Resolver’s Information Technology Security team.