IT Policy Development

Protecting Business Interests With Policies for IT Asset Management

IT-Toolkits_Asset

Where is that laptop?  Who has that printer?  Do we have sufficient software licenses for every user?  These are the types of questions IT asset management is meant to answer.  As an operational practice, IT asset management serves multiple purposes, as reflected in the list below:

  1. Asset management practices are used to minimize the risk that investments made in technology (hardware, software and training) will be lost due to theft, destruction or other damage.
  2. Asset management practices are used to ensure that technology assets are properly allocated to end-users to optimize usage and workplace productivity.
  3. Asset management practices are used to simplify technical support and maintenance requirements.
  4. Asset management practices are used to lower IT “cost of ownership” and maximize IT ROI.
  5. Asset management practices are used to ensure that software licensing is in full compliance, minimizing the risk of legal and regulatory problems.
  6. Asset management practices are used to support “sister” policies for disaster recovery, email usage, data security, and technology standards.

The Role of Asset Management Policy

Asset management practices define the actions to be taken to protect and preserve technology assets – from physical locks on equipment to inventory tags. In conjunction, policy provides the “asset management mindset“. This mindset acknowledges that”technology assets are important to us and we take them seriously enough to put up with protective controls“. To realize all of the intended benefits, this mindset must be integrated into daily operations and the corporate culture — and this is achieved through adopted policy.

Once approved, asset management policies provide the governing authority to implement all aspects of the asset management program.  While policy terms and specifics will vary according to organizational needs, the most effective policies are designed around (13) key components, as listed below:

  1. Asset Standards. To identify the specific hardware and software products (assets) to be used and supported.
  2. Configuration Standards. To identify how standardized hardware and software assets are to be configured.
  3. Variance Process. To establish the criteria and means by which product and configuration standards can (and should) be waived.
  4. Support of “Non- Standard” Assets. To establish the services that will IT provide for non-standard products and configurations.
  5. BOYD Guidelines. To establish the means for supporting “Bring Your Own” devices (tablets, phones, notebooks, laptops).
  6. Asset Procurement Guidelines. To identify the policies and procedures relating to the acquisition, procurement and/or rental of technology assets.
  7. Security Guidelines.  To identify how physical and logical security will be provided for hardware and software assets (locks, passwords, virus protection, etc.).
  8. Software Licensing Guidelines.  To keep track of asset licensing, ensuring compliance with all relevant agreements, laws and regulations.
  9. Technical Support and Maintenance Practices. To identify the processes to be followed for asset related technical support, repair, service dispatch, preventative maintenance, and problem escalation.
  10. Configuration Management Guidelines. To identify related practices for asset configuration management and change control to ensure consistent, updated configuration and timely updates as may be required.
  11. Asset Inventory Practices. To keep track of the location and assignment of all allocated technology assets (hardware and software), including related record keeping.
  12. Asset M.A.C. Practices. To govern requests and activities relating to physical moves, adds and changes (M.A.C.) with regard to allocated hardware and software assets.
  13. Asset Disposal Guidelines. To identify the processes to be followed when hardware and software assets are no longer in use and disposal is appropriate (which can include a donation program).

Your Top 10 Policy Planning Questions

As discussed, once they are documented, established (and approved), asset management policies provide the means to “institutionalize” underlying objectives. Policy is a tool by which related practices are implemented and executed, laying out the “what, how and why” of IT asset management.  Not only does policy provide the means for governance, it also provides the basis for related planning and decision making.  To realize all of these goals and benefits, policy planning must address the following “top 10” planning questions:

  1. What are your primary asset management goals?
  2. What are the likely benefits to be realized from the standardized management of IT assets?
  3. What are the negative aspects and/or risks associated with IT asset management?
  4. Is executive management support required to plan and implement these practices?
  5. If executive management support is required, are you likely to get it?
  6. How would any chosen policies and procedures be implemented and executed?
  7. Do you have the resources to plan, implement, and execute any chosen policies and procedures?
  8. What are the likely costs associated with managing information technology assets?
  9. What are the likely objections to adopted asset management practices and how can they be addressed?
  10. What are the consequences of inaction with regard to managing IT assets?