Information Security: IT Asset Management

Policy
Procedures

Original Issuance Date: August 19, 2020

Last Revision Date: July 7, 2021

Effective Date: September 1, 2021

1. Policy Purpose

This policy establishes the minimum requirements and responsibilities for the inventory and management of University of Wisconsin (UW) System Information Technology (IT) assets.

2. Responsible UW System Officer

Associate Vice President (AVP) for Information Security

3. Scope and Institutional Responsibilities

This policy is applicable to all UW System institutions, including UW System Administration, and identifies the parameters for maintaining and managing all institution owned or leased IT assets, which may also be included in SYS 334, Accountability for Capital Equipment.

4. Background

The President of UW System is empowered to establish information security polices under the provisions of Regent Policy Document 25-5, Information Technology: Information Security. UW System is committed to a secure information technology environment in support of its mission. This policy is designed to ensure accurate maintenance and security of IT assets and provides the necessary data to support life cycle management throughout UW System.

5. Definitions

Please see SYS 1000, Information Security: General Terms and Definitions, for a list of general terms and definitions. Terms and definitions found within this policy include:

IT Asset

6. Policy Statement

UW System is committed to managing the lifecycle of its IT assets. Owners have a duty of care to protect IT assets whether they are in use, stored, in transit, or in a state of disposal.

IT assets must be protected against physical or financial loss, whether by theft, mishandling, or accidental damage, either through primary prevention (e.g. physical security) or remediation (e.g. marking).

UW System Administration will identify a system-wide standard IT asset management tool to be used by all institutions to account for their UW owned or leased IT assets.

All UW institutions must inventory all UW-owned or leased IT assets. Institutions are not required to inventory IT assets that are not owned or leased by their institution. Examples of assets that do not need to be inventoried include but are not limited to IT assets related to Canvas, SFS, HRS, and PlanUW.

The results of these inventories must be provided to the UW System Office of Information Security at the beginning of each calendar year.

IT Asset details to be recorded and tracked can be found in UW System Administrative Procedure 1035.A, Information Security: IT Asset Management Standard.