Policy
Original Issuance Date: August 18, 2020
Last Revision Date: April 11, 2023
1. Policy Purpose
This policy establishes the minimum requirements and responsibilities for the inventory and management of University of Wisconsin (UW) System Information Technology (IT) Assets.
2. Responsible UW System Officer
Associate Vice President for Information Security
3. Scope and Institutional Responsibilities
This policy is applicable to all UW System institutions, including UW System Administration, and identifies the requirements for maintaining and managing institution owned, licensed, or leased IT Assets, which may also be included in SYS 334, Accountability for Capital Equipment.
4. Background
The President of UW System is empowered to establish information security polices under the provisions of Regent Policy Document 25-5, Information Technology: Information Security. UW System is committed to a secure information technology environment in support of its mission. IT Asset Owners have a duty of care to protect IT Assets whether they are in use, stored, in transit, or in a state of disposal. This policy is designed to establish minimum requirements for IT Inventory and life cycle management of IT Assets, which are foundational functions necessary for effective and efficient IT operations, risk management, and information security throughout UW System.
5. Definitions
Please see SYS 1000, Information Security: General Terms and Definitions, for a list of general terms and definitions. Terms and definitions found within this policy include:
- IT Asset
- IT Asset Owner
- IT Inventory
6. Policy Statement
IT Assets must be protected against physical or financial loss, whether by theft, mishandling, or accidental damage, either through primary prevention (e.g. physical security) or remediation (e.g. marking). All UW institutions must have documented processes for IT Asset lifecycle management for hardware devices that include deployment, transfer and loan, and retirement and disposal. Documented processes must identify when hardware IT Asset disposal requests should be documented and accompanied by justification.
All UW institutions must maintain inventories of all IT Assets owned, licensed, or leased by their institution. The inventory must be available to the IT Asset Owners and the people and processes that use the information for operations, and must be kept up to date within a month of changes. IT Asset items and details to be recorded and tracked can be found in UW System Administrative Procedure 1035.A, Information Security: IT Asset Inventory Standard.
IT Inventory items must be reported to the requesting UW System Administration office upon request. Reportable IT Inventory items will be communicated in advance of each request.
7. Related Documents
Regent Policy Document 25-5, Information Technology: Information Security
UW System Information Security Program
UW System Administrative Policy 334, Accountability for Capital Equipment
UW System Administrative Procedure 1035.A, Information Security: IT Asset Inventory Standard
8. Policy History
Revision 3: April 11, 2023
Revision 2: July 7, 2021
Revision 1: November 13, 2020
First approved: August 18, 2020
9. Scheduled Review
September 2026