Original Issuance Date: August 19, 2020

Last Revision Date: November 13, 2020

Effective Date: September 1, 2021

1.     Purpose of Procedures

The purpose of this standard is to establish the required data elements to be recorded and tracked during inventory of information technology (IT) assets and when these data elements are to be updated. To establish annual reporting requirements of IT asset inventories.

2.     Responsible UW System Officer

Associate Vice President (AVP) for Information Security

3.     Definitions

Please see SYS 1000, Information Security: General Terms and Definitions, for a list of general terms and definitions. Terms and definitions found within this policy include:

  • Low Risk
  • High Risk
  • IT Asset
  • Moderate Risk

4.     Procedures

A. Standards

There are two main categories of IT assets that must be inventoried: hardware and software. Specific IT asset details to be recorded and tracked are identified for each category below.

I. Inventory of IT Hardware Assets

Hardware inventory records must include the following details:

  • IT Asset Type (desktop workstation; laptop; tablet; multi-function device; printer; scanner; server; network appliance; data center IT asset)
  • IP Address
  • MAC Address
  • Location
  • Capital IT Asset (Y/N; any single IT asset which has an acquisition cost of $5,000 or more and a useful life of at least two years)
  • Serial Number
  • Make, model, description
  • IT Asset Tag Number
  • Purchase/Acquisition Date
  • Assigned Owner
  • Operating System
  • Licensing Information (if applicable)
  • Date of Last Inventory

II. Inventory of Software Assets

Software inventory records must include the following details:

  • Software Product Name
  • Manufacture Name
  • Version Number
  • License Type (if applicable)
  • Date of Last Inventory

III. IT Hardware Asset Provisioning and Decommissioning

The IT asset inventory must be updated when:

  • Moving or transferring an IT asset
  • Borrowing or loaning an IT asset
  • An IT asset is lost, stolen, nonrepairable or obsolete
  • An IT asset is no longer needed and needs to be repurposed/disposed

All IT asset disposal requests must be documented and accompanied by justification.

Decommissioned IT assets must be stored in a secure space until repurposed or disposed.

B. Reporting

The report format for annual inventories will be made available by the UW System Office of Information Security (OIS). Annual inventories must be signed and dated by the institutional Chief Information Officer (CIO) or central administration CIO and submitted to OIS at the beginning of each calendar year.

5.     Related Documents

Regent Policy Document 25-5, Information Technology: Information Security 

UW System Information Security Program 

UW System Administrative Policy 334, Accountability for Capital Equipment 

UW System Administrative Policy 1031, Information Security: Data Classification and Protection

UW System Administrative Policy 1035, Information Security: IT Asset Management Policy 

6.     History

Revision 1:                                  November 13, 2020

Original Issuance Date:         August 19, 2020