Skip to main content
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Ex Libris Asset Management Policy

    Version 1.3

    Purpose and Scope

    The purpose of this policy is to describe the activities related to managing devices and software assets. These assets are valued over $500 USD, that potentially maintain customer or personal data.


    • The Ex Libris Chief Information Security Officer (CISO)
      • Review and updating the process periodically.
      • Approve of the process changes.
      • Ensure that the asset management information system is implemented and working properly.
      • Ensure that the asset management activities are performed as defined.
    • IT/MIS Management and Cloud Management
      • Implement the process.
      • Register new assets.
      • Maintain and managing the information about the assets.
      • Arrange for the maintenance/repair of the assets as needed.
      • Inform Finance when assets are obsoleted .
      • IT/MIS and Cloud will regular audit the asset to ensure that the asset management process is followed.
    • Asset Owner
      • Confirm the receipt of assets assigned.
      • Inform the IT/MIS or Cloud if the asset is no longer needed or requires maintenance/repair work.


    • Least Privilege – principle of limiting access to the minimal level that will allow normal function.
    • Segregation of Duties (SoD) – internal control designed to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of any task. SoD involves breaking down tasks that might reasonably be completed by a single individual into multiple tasks so that no one person is solely in control.
    • Need to Know users or resources will be granted access to systems that are necessary to fulfill their roles and responsibility.
    • Privileged Access – a higher level of access that includes, but is not limited to, administrator accounts, administrator group access, and administrator rights.

    Policy Statement

    All assets will be appropriately managed to:

    o   Ensure asset ownership and responsibility

    o   Track assets through their lifecycle

    o   Ensure that asset information is accurate

    This policy applies to all assets that are valued $500 or more, that potentially maintain customer or personal data. 


    Asset Registration

    All new assets will be registered.

    The following details will be recorded:

    o   Description

    o   Type;

    o   Location;

    o   Serial number, if applicable;

    o   User/Owner;

    o   For software, the renewal date

    Assign asset to owner

    During the asset registration process, the asset will be assigned an owner.  Shared assets will be assigned to the manager of the unit using the asset.

    The asset is given to the responsible person.

    Maintenance /Repair Work

    Maintenance/repairs to the asset will be managed by IT/MIS and Cloud teams.

    Asset Disposal

    When the asset lifecycle is completed, the asset will be disposed in accordance with the Information Security Policy.  Care will be taken to ensure that all Company Confidential information has been erased from the asset.


    IT/MIS and Cloud will regular audit the asset to ensure that the asset management process is followed. 

    Policy Enforcement

    Failure to comply with this policy may result in disciplinary action, up to and including termination of employment.


    Record of Changes

    Type of Information Document Data

    Document Title:

    Ex Libris Asset Management Policy

    Document Owner:

    Eddie Lavian - Ex Libris Security Specialist

    Approved By:

    Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO)

    Release Date:

    Apr 28, 2019

    Reviewed & Revised:

    August 25, 2022

    Revision Control

    Version Number Nature of Change Date Approved


    Initial version

    Apr 28, 2019


    Review and update - Tomer S

    Apr 23, 2020


    Review and update - Tomer S

    Jun 17, 2021

    1.3 Review and update - Shai B August 25, 2022

    Document Distribution and Review

    The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated annually or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver.

    • Was this article helpful?