Policy
Policy Name
Asset Management Policy

Overview
An Asset Management system or process is required to document organization's systems, devices, and applications so that the company can appropriately secure and support critical business services and to protect information as defined in the Information Classification Policy.  Examples of the types of assets may include systems that are used to host applications (e.g. servers, laptops, etc.), business applications and critical network infrastructure.

Statement
An Asset Management system must include the following characteristics and requirements:
  • Assets must be clearly identified and documented in an inventory system.
  • Assets must have a designated owner.
  • Assets must have a documented physical location.
  • Assets shall be appropriately classified and handled to meet the Information Classification policy.
  • Assets shall be appropriately tracked through the life cycle of the asset (e.g. introduction, add to production, retirement).

Justification

The following benefits will be achieved:

  • Availability of critical business services and systems
  • Data protection and prevention of unauthorized disclosure of sensitive information
  • Prioritization of data protection for the most sensitive and valuable information.

Scope
All employees, contractors, agents and third-parties

Consequeces for Noncompliance
Noncompliance to this policy can result in disciplinary action up to and including termination of employment or contract.

Topics
Asset Management
Information (Data) Classification, Labeling and Handling