IT Asset Assessment Procedure | ITAM104

IT Asset Assessment Procedure

Are your company IT assets working for you? The IT Asset Assessment Procedure identifies assets on your IT network and determines if they are appropriate for your company’s needs. The IT Asset Assessment Procedure also determines if those assets are properly licensed, versioned and in compliance with your company’s standards. (10 Pages, 1405 words)

Information Technology asset assessments should be conducted at regular intervals. Assessments should be conducted annually, at a minimum. Information Technology asset assessments should also be conducted whenever a large turnover of assets (for example, a large number of PC leases expires in a short time frame) occurs.

If a nonconformance is discovered in the course of an asset assessment, the Information Technology Asset Manager should write a Corrective Action Request (CAR), in accordance with the IT Incident Handling Procedure. The CAR should be submitted to the manager of the department where the nonconformance occurred.

There are many types of scans that may be conducted on a computer network – hardware scans, software scans, wireless and wired network scans, security scans, etc. Additional asset management software providers and their products may be found by searching the Internet.

IT Asset Assessment Responsibilities:

The Information Technology Asset Manager is responsible for supervising the Information Technology asset assessment program.

The Tech Support Manager is responsible for conducting complete, detailed, and objective Information Technology asset assessments, writing nonconformance reports, and reporting findings of Information Technology asset assessments.

IT Asset Assessment Definitions:

Network scan (or scan) – Scanning an Information Technology network (with specialized software) to confirm the presence or absence of computer hardware or software, check asset configurations, verify software versions, manage software licenses, track lease and warranty information, detect network vulnerabilities, etc. Commercial and open source software for conducting Information Technology asset scans is readily available; see Additional Resource A for guidance.

Information Technology Asset – Any computer hardware, software, Information Technology-based company information, related documentation, licenses, contracts or other agreements, etc. In this context, Information Technology assets may be referred to as just “assets”.

Nonconformance – A significant, material failure to conform to one or more requirements; also referred to as a “nonconformity”. Moving a PC from one desk/user to another without the knowledge or permission of the Information Technology Asset Manager is one example of a nonconformance.

IT Asset Assessment Procedure Activities

• IT Asset Assessment Plan
• IT Asset Scan
• Documentation and Distribution
• Nonconformance Handling
• IT Asset Records Update

IT Asset Assessment Procedure References

• Iso 17799:2005-Code of Practice for Information Security Management, Clause 5 (Asset Classification and Control)Sarbanes-Oxley Act of 2002

IT Asset Assessment Procedure Forms

• IT Asset Assessment Checklist Form
• IT Asset Scan Summary Form