Original Issuance Date: August 18, 2020

Last Revision Date: April 11, 2023

1. Policy Purpose

This policy establishes the minimum requirements and responsibilities for the inventory and management of University of Wisconsin (UW) System Information Technology (IT) Assets.

2. Responsible UW System Officer

Associate Vice President for Information Security

3. Scope and Institutional Responsibilities

This policy is applicable to all UW System institutions, including UW System Administration, and identifies the requirements for maintaining and managing institution owned, licensed, or leased IT Assets, which may also be included in SYS 334, Accountability for Capital Equipment.

4. Background

The President of UW System is empowered to establish information security polices under the provisions of Regent Policy Document 25-5, Information Technology: Information Security. UW System is committed to a secure information technology environment in support of its mission. IT Asset Owners have a duty of care to protect IT Assets whether they are in use, stored, in transit, or in a state of disposal. This policy is designed to establish minimum requirements for IT Inventory and life cycle management of IT Assets, which are foundational functions necessary for effective and efficient IT operations, risk management, and information security throughout UW System.

5. Definitions

Please see SYS 1000, Information Security: General Terms and Definitions, for a list of general terms and definitions. Terms and definitions found within this policy include:

  • IT Asset
  • IT Asset Owner
  • IT Inventory

6. Policy Statement

IT Assets must be protected against physical or financial loss, whether by theft, mishandling, or accidental damage, either through primary prevention (e.g. physical security) or remediation (e.g. marking). All UW institutions must have documented processes for IT Asset lifecycle management for hardware devices that include deployment, transfer and loan, and retirement and disposal. Documented processes must identify when hardware IT Asset disposal requests should be documented and accompanied by justification.

All UW institutions must maintain inventories of all IT Assets owned, licensed, or leased by their institution. The inventory must be available to the IT Asset Owners and the people and processes that use the information for operations, and must be kept up to date within a month of changes. IT Asset items and details to be recorded and tracked can be found in UW System Administrative Procedure 1035.A, Information Security: IT Asset Inventory Standard.

IT Inventory items must be reported to the requesting UW System Administration office upon request. Reportable IT Inventory items will be communicated in advance of each request.

7. Related Documents

Regent Policy Document 25-5, Information Technology: Information Security

UW System Information Security Program

UW System Administrative Policy 334, Accountability for Capital Equipment

UW System Administrative Procedure 1035.A, Information Security: IT Asset Inventory Standard

8. Policy History

Revision 3: April 11, 2023

Revision 2: July 7, 2021

Revision 1: November 13, 2020

First approved: August 18, 2020

9. Scheduled Review

September 2026