IT Asset Management Policy
Applies to: | Original Policy Date: | Date of Last Review: | Approved by: |
---|---|---|---|
Florida Tech Campus | August 2024 | August 2024 | Dr. John Nicklow, President |
Policy Owner: Chief Information Officer (CIO)
Policy Purpose
The purpose of IT asset management at the Florida Institute of Technology (Florida Tech) is to optimize the value, utilization, and performance of technology assets while minimizing associated risks, costs, and operational disruptions. This policy outlines the guidelines for inventorying, tracking, monitoring, maintaining, and properly disposing of hardware, software, and related IT assets in a structured and cost-effective manner.
Policy Scope
This policy applies to all information technology (IT) assets owned, leased, operated, or managed by Florida Tech. IT assets include, but are not limited to:
- Computers (desktops, laptops)
- Mobile Devices (tablets, smartphones)
- Displays (monitors, televisions, projectors)
- Servers
- Storage Systems
- Network Devices and appliances.
- Software, interfaces, databases, and data
- Personally owned devices used in Florida Tech’s research or service missions.
Policy Statement
Effective asset management is essential for understanding and optimizing the use of technology assets across Florida Tech. The Office of Information Technology (IT) must maintain comprehensive inventories of all technology assets that support university missions.
Procedures/Guidelines
- Asset Tagging:
- Assets with a purchase price exceeding $10,000 must be affixed with a Florida Institute of Technology Capital Asset tag. This tag must not be removed and is considered permanently attached to the asset.
- Asset Identification:
- All physical assets must be assigned a unique and descriptive name or identifier that accompanies the asset throughout its lifecycle.
- Asset Deployment:
- Upon arrival, new technology assets must follow university procurement processes and be entered into the Asset Management tool, capturing necessary criteria outlined in the IT Asset Management Standard – Asset Attributes.
- Asset Transfers:
- Assets changing locations, owners, or receiving new parts must be promptly updated in the asset management system by the responsible technician.
- Asset Retirement/Disposition:
- Activities involving the disposal of physical assets must be documented in the system of record, including:
- Serial number
- University asset tag (if applicable)
- Description of asset
- Name of person or company responsible for data destruction
- Method of data destruction used.
- Verification of Inventory:
- Asset Administrators must conduct an annual verification of departmental asset inventories and attributes, with more frequent checks as necessary, submitting reports to IT.
- Asset Acquisition/Procurement:
- New technology acquisitions must adhere to existing processes such as the Computer Standardization Policy and the Information Security Program.
Definitions
- IT Assets: Refers to all hardware, software, and related technology resources owned, leased, operated, or managed by Florida Institute of Technology. This includes but is not limited to:
- Computers: Desktops, laptops, and other computing devices.
- Mobile Devices: Tablets, smartphones, and similar devices.
- Displays: Monitors, televisions, projectors, and other display equipment.
- Servers: Physical and virtual servers used for hosting applications and storing data.
- Storage Systems: Devices and infrastructure used for data storage, including SANs, NAS, and external drives.
- Network Devices: Routers, switches, firewalls, and other network infrastructure components.
- Software: Licensed software, applications, operating systems, and databases.
- Data: University-owned information stored in any format, including databases, files, and cloud storage.
- Personally Owned Devices: Personal devices used for university-related research or service missions.
Compliance Reference
This policy aligns with regulatory and best practice standards for asset management, including:
- ISO/IEC 19770: Standards for IT asset management.
- National Institute of Standards and Technology (NIST) Special Publication 800-53: Guidelines for security and privacy controls for federal information systems and organizations.
- General Data Protection Regulation (GDPR): Requirements for managing data protection and privacy.
Compliance with these standards ensures the university's IT assets are managed efficiently, securely, and in alignment with legal and regulatory obligations.
Responsibilities
- Chief Information Officer (CIO): Oversees and enforces this policy.
- Office of Information Technology (IT): Responsible for maintaining an Asset Management Program and a centralized system of record (computerized inventory) for all IT assets, excluding data assets.
Enforcement
Violations of this policy may result in disciplinary actions, including but not limited to restriction or revocation of access to university IT resources. Any deviations from the policies, procedures, or guidelines outlined in this document must be coordinated with the IT Asset Management team and approved by the Chief Information Officer.