- Contact Us
It has been a few months since my last blog post about IT asset management was published. Daily events are causing rapid changes that organizations are having to adapt to, leaving IT leaders asking, “how do I account for all of my equipment”? This can be accomplished in a variety of ways, but the overall goal is knowing what assets we have, where they are located, and who is responsible for them. In part two of this blog series I discussed establishing a process of how to acquire assets. This blog post will outline how to maintain and keep accountability of these assets.
Once the asset acquisition process has been established, the real work of monitoring and maintaining these assets begins. When an asset arrives at the organization it needs to be logged, tagged, and configured with the organization’s baseline security standards before being assigned to an employee or installed in the production environment. These newly acquired assets should be tested in a controlled environment (test) to ensure that they are operating and functioning as intended before being placed into production. While this may be a tedious time-consuming task, the extra effort that is taken will help ensure that the production environment maintains its availability and that employees are able to complete their assigned responsibilities.
Once the asset has been allowed access to the production environment, monitoring and compliance with organizational standards needs to be maintained. Periodic audits throughout the year, to include a complete annual audit should occur to ensure that all assets are in locations where they had been assigned and to ensure that assets that were given to employees are accounted for. During these audits, if discrepancies are discovered, the asset management list should be updated with the new information. Lost or missing items need to be annotated, and if needed, the incident response plan should be initiated to ensure that organizational/customer information is protected.
As the Information Security Officer for Compass IT Compliance, I use a cyclical quarterly audit and conduct a complete inventory audit annually to ensure that all assets are accounted for and accurately tracked. Like many organizations, during these audits we will find minor discrepancies which are logged and then remediated as needed. I have found that the quarterly audits help ensure that employees are following our established procedures while also reducing time spent on our full annual audit. Regardless of how frequently these audits occur, the overall goal is to ensure that all assets are tracked and that no unauthorized assets are operating within the organization.
The process of monitoring and conducting audit inventories on a regular, scheduled basis is a requirement for many regulatory compliance frameworks and can help organizations establish an asset life cycle. Being able to replace items before they meet their end of life will greatly reduce employee down time while replacements are configured, however that will be discussed in the next blog post about safely disposing of assets when they are no longer needed by the organization. Contact us today to learn more about asset management and discuss your unique situation!