Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Ex Libris Asset Management Policy v1.0

    Version 1.0

    Purpose and Scope

    The purpose of this policy is to describe the activities related to managing devices and software assets. These assets are used as part of Cloud Services and are valued over $500 USD.

    Responsibilities

    • The EX Libris Chief Information Security Officer (CISO)
      • Review and updating the process periodically.
      • Approve of the process changes.
      • Ensure that the asset management information system is implemented and working properly.
      • Ensure that the asset management activities are performed as defined.
    • IT/MIS Management and Cloud Management
      • Implement the process.
      • Register new assets.
      • Maintain and managing the information about the assets.
      • Arrange for the maintenance/repair of the assets as needed.
      • Inform Finance when assets are obsoleted .
      • IT/MIS and Cloud will regular audit the asset to ensure that the asset management process is followed.
    • Asset Owner
      • Confirm the receipt of assets assigned.
      • Inform the IT/MIS or Cloud if the asset is no longer needed or requires maintenance/repair work.

    Definitions

    • Least Privilege – principle of limiting access to the minimal level that will allow normal function.
    • Segregation of Duties (SoD) – internal control designed to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of any task. SoD involves breaking down tasks that might reasonably be completed by a single individual into multiple tasks so that no one person is solely in control.
    • Need to Know users or resources will be granted access to systems that are necessary to fulfill their roles and responsibility.
    • Privileged Access – a higher level of access that includes, but is not limited to, administrator accounts, administrator group access, and administrator rights.

    Policy Statement

    All assets will be appropriately managed to:

    o   Ensure asset ownership and responsibility

    o   Track assets through their lifecycle

    o   Ensure that asset information is accurate

    This policy applies to all assets valued $500 or more. 

    Process

    Asset Registration

    All new assets will be registered.

    The following details will be recorded:

    o   description

    o   Type;

    o   Location;

    o   Serial number, if applicable;

    o   User/Owner;

    o   For software, the renewal date

    Assign asset to owner

    During the asset registration process, the asset will be assigned an owner.  Shared assets will be assigned to the manager of the unit using the asset.

    The asset is given to the responsible person.

    Maintenance /Repair Work

    Maintenance/repairs to the asset will be managed by IT/MIS and Cloud teams.

    Asset Disposal

    When the asset lifecycle is completed, the asset will be disposed of appropriately.  Care will be taken to ensure that all Company Confidential information has been deleted from the asset.

    Audit

    IT/MIS and Cloud will regular audit the asset to ensure that the asset management process is followed. 

    Policy Enforcement

    Failure to comply with this policy may result in disciplinary action, up to and including termination of employment.

     

    Record of Changes

    Type of Information Document Data

    Document Title:

    Ex Libris Asset Management Policy

    Document Owner:

    Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO)

    Approved By:

    Eyal Alkalay - Ex Libris Sr. Director of Cloud Engineering

    Release Date:

    Apr 28, 2019

    Reviewed & Revised:

    Apr 28, 2019

    Revision Control

    Version Number Nature of Change Date Approved

    1.0

    Initial version

    Apr 28, 2019

    Document Distribution and Review

    The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated annually or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver.

    • Was this article helpful?