IT Asset Management – Acquisition of Assets

Kyle Daun
May 14, 2020 1:15:00 PM

In part one of this IT asset management blog series, we discussed governance policies and procedures. In this second part to the blog series, we will discuss the process for acquisition of assets from reputable and vetted vendors. A lot has happened since part one was written, which allowed me the opportunity to see things from a different perspective. Businesses, schools, and entire towns have had to quickly identify the critical needs of their customers, employees, and citizens. Making business decisions that limit the impact to everyone involved is never an easy task, however, choices need to be made and lessons learned. Having an established IT asset management program eases this burden with already-vetted decisions from senior leadership and reputable vendors being identified.

Many businesses over the past month have been trying to implement solutions in an ad-hoc way. This can be seen with the video conferencing platform Zoom offering their services for free to help relieve the burden created by the stay-at-home orders that arose. There were several cases of school classes, work conference calls, and even town meetings being “Zoom-bombed”. This is a cyberattack involving malicious uninvited guests entering a video meeting to cause disruptions, often using racial slurs, profanity, pornography, and other offensive imagery. The offer of free services from Zoom was a great gesture for those that had not identified a solution. However, these Zoom-bombed organizations had to learn some hard lessons in real time about proper security settings and user training. The attacks might have been mitigated with an established IT asset management program.

Some things that should be taken into consideration when selecting vendors is to first establish a vendor management program. This program should clearly state the authorized departments and individuals that define and approve which vendors meet the requirements for the organization. The program should state the criteria that must be met to be an approved vendor for the organization, and who will be responsible to ensure vendors meet all service level agreements (SLA) and security requirements to remain an approved vendor for the organization.

Vendor selection often varies between organizations due to type of business that is conducted. However, this needs to be identified and included as a component of the overall IT asset management plan. Some areas that should be considered for all organizations when selecting a vendor are:

  • Business requirements – a defined (in writing) justification for this product, service, or material
  • Delivery – the ability of the organization to procure all required items within desired delivery dates
  • Quality – the ability of the vendor to provide products with an expected level of quality
  • Cost – a comparison of prices provided by several vendors
  • Past performance – past records on the vendor (vendor questionnaires and risk assessments)

When implementing the above-mentioned steps and criteria, the process of selecting the right vendor may be a lengthy decision. It may take months to identify and select the vendor that is right for the organization. All the time and effort put into this process will help mitigate unnecessary shortcomings or issues with the product, vendor, or materials. Once a vendor has been selected and the contracts have been finalized, the real work of monitoring and maintaining assets begins! Want to learn more about IT asset acquisition and discuss your unique situation? Contact us today to speak to an IT security and compliance expert!

Part 1: IT Asset Management – Governance Policies & Procedures

Part 2: IT Asset Management – Acquisition of Assets

Part 3: IT Asset Management – Monitoring and Maintaining Assets

Part 4: IT Asset Management – Disposal of Assets

You May Also Like

These Stories on Policies and Procedures

Subscribe by Email

No Comments Yet

Let us know what you think