Original Issuance Date: August 19, 2020
Last Revision Date: November 13, 2020
Effective Date: September 1, 2021
1. Purpose of Procedures
The purpose of this standard is to establish the required data elements to be recorded and tracked during inventory of information technology (IT) assets and when these data elements are to be updated. To establish annual reporting requirements of IT asset inventories.
2. Responsible UW System Officer
Associate Vice President (AVP) for Information Security
3. Definitions
Please see SYS 1000, Information Security: General Terms and Definitions, for a list of general terms and definitions. Terms and definitions found within this policy include:
- Low Risk
- High Risk
- IT Asset
- Moderate Risk
4. Procedures
A. Standards
There are two main categories of IT assets that must be inventoried: hardware and software. Specific IT asset details to be recorded and tracked are identified for each category below.
I. Inventory of IT Hardware Assets
Hardware inventory records must include the following details:
- IT Asset Type (desktop workstation; laptop; tablet; multi-function device; printer; scanner; server; network appliance; data center IT asset)
- IP Address
- MAC Address
- Location
- Capital IT Asset (Y/N; any single IT asset which has an acquisition cost of $5,000 or more and a useful life of at least two years)
- Serial Number
- Make, model, description
- IT Asset Tag Number
- Purchase/Acquisition Date
- Assigned Owner
- Operating System
- Licensing Information (if applicable)
- Date of Last Inventory
II. Inventory of Software Assets
Software inventory records must include the following details:
- Software Product Name
- Manufacture Name
- Version Number
- License Type (if applicable)
- Date of Last Inventory
III. IT Hardware Asset Provisioning and Decommissioning
The IT asset inventory must be updated when:
- Moving or transferring an IT asset
- Borrowing or loaning an IT asset
- An IT asset is lost, stolen, nonrepairable or obsolete
- An IT asset is no longer needed and needs to be repurposed/disposed
All IT asset disposal requests must be documented and accompanied by justification.
Decommissioned IT assets must be stored in a secure space until repurposed or disposed.
B. Reporting
The report format for annual inventories will be made available by the UW System Office of Information Security (OIS). Annual inventories must be signed and dated by the institutional Chief Information Officer (CIO) or central administration CIO and submitted to OIS at the beginning of each calendar year.
5. Related Documents
Regent Policy Document 25-5, Information Technology: Information Security
UW System Information Security Program
UW System Administrative Policy 334, Accountability for Capital Equipment
UW System Administrative Policy 1031, Information Security: Data Classification and Protection
UW System Administrative Policy 1035, Information Security: IT Asset Management Policy
6. History
Revision 1: November 13, 2020
Original Issuance Date: August 19, 2020