Ex Libris Asset Management Policy v1.0
Version 1.0
Purpose and Scope
The purpose of this policy is to describe the activities related to managing devices and software assets. These assets are used as part of Cloud Services and are valued over $500 USD.
Reference Documents
Responsibilities
- The EX Libris Chief Information Security Officer (CISO)
- Review and updating the process periodically.
- Approve of the process changes.
- Ensure that the asset management information system is implemented and working properly.
- Ensure that the asset management activities are performed as defined.
- IT/MIS Management and Cloud Management
- Implement the process.
- Register new assets.
- Maintain and managing the information about the assets.
- Arrange for the maintenance/repair of the assets as needed.
- Inform Finance when assets are obsoleted .
- IT/MIS and Cloud will regular audit the asset to ensure that the asset management process is followed.
- Asset Owner
- Confirm the receipt of assets assigned.
- Inform the IT/MIS or Cloud if the asset is no longer needed or requires maintenance/repair work.
Definitions
- Least Privilege – principle of limiting access to the minimal level that will allow normal function.
- Segregation of Duties (SoD) – internal control designed to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of any task. SoD involves breaking down tasks that might reasonably be completed by a single individual into multiple tasks so that no one person is solely in control.
- Need to Know – users or resources will be granted access to systems that are necessary to fulfill their roles and responsibility.
- Privileged Access – a higher level of access that includes, but is not limited to, administrator accounts, administrator group access, and administrator rights.
Policy Statement
All assets will be appropriately managed to:
o Ensure asset ownership and responsibility
o Track assets through their lifecycle
o Ensure that asset information is accurate
This policy applies to all assets valued $500 or more.
Process
Asset Registration
All new assets will be registered.
The following details will be recorded:
o description
o Type;
o Location;
o Serial number, if applicable;
o User/Owner;
o For software, the renewal date
Assign asset to owner
During the asset registration process, the asset will be assigned an owner. Shared assets will be assigned to the manager of the unit using the asset.
The asset is given to the responsible person.
Maintenance /Repair Work
Maintenance/repairs to the asset will be managed by IT/MIS and Cloud teams.
Asset Disposal
When the asset lifecycle is completed, the asset will be disposed of appropriately. Care will be taken to ensure that all Company Confidential information has been deleted from the asset.
Audit
IT/MIS and Cloud will regular audit the asset to ensure that the asset management process is followed.
Policy Enforcement
Failure to comply with this policy may result in disciplinary action, up to and including termination of employment.
Record of Changes
Type of Information | Document Data |
---|---|
Document Title: |
Ex Libris Asset Management Policy |
Document Owner: |
Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO) |
Approved By: |
Eyal Alkalay - Ex Libris Sr. Director of Cloud Engineering |
Release Date: |
Apr 28, 2019 |
Reviewed & Revised: |
Apr 28, 2019 |
Revision Control
Version Number | Nature of Change | Date Approved |
---|---|---|
1.0 |
Initial version |
Apr 28, 2019 |
Document Distribution and Review
The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated annually or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver.