Policy Template for IT Asset Management

Asset management is the process of receiving, tagging, documenting, and disposing of equipment. It is important to maintain up to date inventory and asset controls to ensure that equipment locations and dispositions are understood. Lost or stolen equipment can contain sensitive data. Proper asset management procedures and protocols provide documentation that aids in recovery, replacement, criminal, and insurance activities.

This policy provides procedures and protocols supporting effective organizational asset management specifically focused on electronic devices.

This policy applies to all organization members.

"IT Asset" - refers to anything (tangible or intangible) that has value to an organization, including, but not limited to, a computing device, IT system, IT network, IT circuit, software (both installed instance and physical instance), virtual computing platform (common in the cloud and virtualized computing), and related hardware (e.g., locks, cabinets, keyboards), as well as people and intellectual property (including software).

The following asset types are subject to tagging and tracking:

• Desktop & Laptop Computers

• Mobile Devices

• Servers

• Network appliances (e.g. firewalls, routers, switches, and storage)

• Internet Protocol (IP) enabled video and security devices

• Memory devices

Assets of value less than $250 shall not be tracked unless required by law, including computer components such as smaller peripheral devices, keyboards or mice. Assets, which store data, regardless of cost, shall be tracked as part of a computing device or as part of network attached storage. 

These assets include:

• Network Attached Storage (NAS), Storage Area Network (SAN) or other computer data storage

• Temporary storage drives

• Tape or optical media with data stored on them including system backup data

The following procedures apply to asset management activities:

• All IT assets purchased by the organization shall be stored in centralized asset management stores managed by Information Technology when they have not been issued or are not in use.

• All assets must have an a unique name.

• An asset tracking database shall be created to track assets. It shall minimally include purchase and device information including:

  • Date of purchase

  • Make, model, and descriptor

  • Serial number

  • Location

  • Type of asset

  • Owner

  • Department

  • Disposition

All assets must be assigned to individual users or to a department that will be responsible for their care and security at all times whether they are in use, storage or movement.

All assets purchased by the organization are the property of {{organization.name}} and will be deployed and utilized in a way that is deemed most effective for addressing the organization's need and objectively demonstrated value for money.  

The budget for IT assets will be centralized and managed by Information Technology. IT assets will be issued on a ‘fit for purpose' basis based on predefined user roles using standard IT equipment as detailed on the approved hardware and software list. Recommendations for altering the user roles and standard IT equipment will be assessed and approved by department management in consultation with IT.

Requests for new IT assets will be assessed by Information Technology and approved by the department manager.

End users are not allowed to install unapproved software on devices. Requests should be made to IT to have additional software that is not on the approved hardware and software list. Any software installed must be legitimately purchased and licensed for the use made of it.  

Individual users or departments will be held responsible for protecting the IT assets that have been assigned to them against physical or financial loss whether by theft, mishandling or accidental damage by using appropriate physical security measures.

Refer to the established AM1 - Equipment Disposal Policy for secure disposal or repurposing of equipment and resources prior to assignment, transfer, transport, or surplus.

Any actual or suspected violation of this policy must be reported to Information Technology via the most suitable channel. The person designated here will take appropriate action and inform the relevant internal and external authorities: {{NAME}}.

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

The person listed here is responsible for implementing this policy: {{NAME}}.

This person will be directly/indirectly responsible for:

• Coordinating IT assets audit activities and updating and maintaining the accuracy of the asset management system;

• Checking IT equipment is returned in the same configuration as expected;

• Administrating the control and security of IT equipment held in stock for issuing and awaiting reissue or disposal;

• Giving appropriate advice to users on the correct handling of IT assets; and

• Ensuring that all IT equipment is returned to Information Technology upon replacement or when the holder leaves the organization;

• Ensuring that any IT asset that is retired is disposed of according to an Equipment Disposal policy;

• Reporting any incorrect disposal or misuse of an IT asset to an appropriate manager within Information Technology as soon as possible.

End users issued with IT assets will be responsible for:

• Retaining responsibility for IT equipment issued to them until it has been returned to Information Technology for redeployment or disposal;

• Reporting the loss or theft of IT asset immediately to Information Technology;

• Ensuring that IT assets are not moved to another location or transferred to another person without the consent of Information Technology;

• Reporting any defects and returning IT assets immediately that are not operating normally to Information Technology;

• Returning all IT equipment to Information Technology upon replacement, when it is no longer required for business or when the holder leaves the organization.

Technology Equipment Handling and Disposal