Scribd
Upload
81 views3 pages

IT Policies and Procedures

This document outlines the IT policy and procedures for the IT department. The purpose is to describe the IT function procedures to ensure compliance with the IT Policy of a company

Uploaded by

sgopfa02
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
81 views3 pages

IT Policies and Procedures

This document outlines the IT policy and procedures for the IT department. The purpose is to describe the IT function procedures to ensure compliance with the IT Policy of a company

Uploaded by

sgopfa02
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Sample Policy from Computer & IT Policies and Procedures Manual

IT Asset Management Section: IT Asset Assessment

Document ID Title Print Date


ITAM104 IT ASSET ASSESSMENT mm/dd/yyyy
Revision Prepared By Date Prepared
0.0 Preparer’s Name/Title mm/dd/yyyy
Effective Date Reviewed By Date Reviewed
mm/dd/yyyy Reviewer’s Name/Title mm/dd/yyyy
Approved By Date Approved
Final Approver’s Name/Title mm/dd/yyyy

Policy: The Company shall assess (evaluate) its Information Technology assets for conformance
to Company requirements.
Purpose: To identify hardware and software (Information Technology assets) on the Company
Information Technology network, determine if those assets are appropriate for the
Company’s needs, determine if these assets are properly licensed and versioned, and if
they conform to Company standards.
Scope: All Information Technology assets that make up the Company’s Information Technology
system/network are subject to this procedure.
Responsibilities:
The Information Technology Asset Manager is responsible for supervising the
Information Technology asset assessment program.
The Tech Support Manager is responsible for conducting complete, detailed, and
objective Information Technology asset assessments, writing nonconformance reports,
and reporting findings of Information Technology asset assessments.
Definitions: Network scan (or scan) – Scanning an Information Technology network (with specialized
software) to confirm the presence or absence of computer hardware or software, check
asset configurations, verify software versions, manage software licenses, track lease and
warranty information, detect network vulnerabilities, etc. Commercial and open source
software for conducting Information Technology asset scans is readily available; see
Additional Resource A for guidance.
Information Technology Asset – Any computer hardware, software, Information
Technology-based Company information, related documentation, licenses, contracts or
other agreements, etc. In this context, Information Technology assets may be referred
to as just “assets”.
Nonconformance – A significant, material failure to conform to one or more
requirements; also referred to as a “nonconformity”. Moving a PC from one desk/user
to another without the knowledge or permission of the Information Technology Asset
Manager is one example of a nonconformance.
Procedure:
1.0 IT asset assessment PLAN
1.1 Information Technology asset assessments shall be conducted at regular intervals. Assessments
should be conducted annually, at a minimum. (See Reference A.)
 Information Technology asset assessments should also be conducted whenever a large
turnover of assets (for example, a large number of PC leases expires in a short time frame)
occurs.
1.2 Prior to an assessment, the Information Technology Asset Manager shall review ITAM104-1 IT
ASSET ASSESSMENT CHECKLIST for possible modifications. This checklist shall be used by the
Tech Support Manager as a guide to conducting Information Technology asset assessments.
2.0 IT Asset SCAN
2.1 The Information Technology Asset Manager shall ensure that the Tech Support Manager has the
current version of the following on hand prior to conducting a network scan:
 ITAM102-5 IT ASSET INVENTORY DATABASE;
 ITAM102-6 IT NETWORK MAP; and
 ITAM104-1 IT ASSET ASSESSMENT CHECKLIST.
2.2 the Tech Support Manager shall run a scan on the Company’s Information Technology network to
determine the status of all Information Technology assets on the network and compare the
results with the documents listed in 2.1, looking for information such as:
 What Information Technology hardware is on the network and who are the registered
“owners”;
 Whether hardware is in use or not;
 What software is installed on each computer, whether it is the correct version, and whether
it is a licensed copy; and/or
 Whether unapproved/unauthorized software has been installed on any PC.
2.3 If a nonconformance is found, the Tech Support Manager shall report it in accordance with
procedure ITSD109 IT INCIDENT HANDLING.
3.0 DOCUMENTATION AND DISTRIBUTION
3.1 The Tech Support Manager shall consolidate and summarize asset scan results on ITAM104-2 IT
ASSET SCAN SUMMARY.
3.2 The Tech Support Manager shall prepare and submit their findings – including forms ITAM104-1
and ITAM104-2 – to the Information Technology Asset Manager.
4.0 NONCONFORMANCE HANDLING
4.1 If a nonconformance is discovered in the course of an asset assessment, the Information
Technology Asset Manager shall write a Corrective Action Request (CAR), in accordance with
procedure ITSD109 IT INCIDENT HANDLING.
4.2 The CAR shall be submitted to the Manager of the department where the nonconformance
occurred.
4.3 The Department Manager receiving the CAR shall submit a reply in accordance with procedure
ITSD109 IT INCIDENT HANDLING.
4.4 If a corrective action was taken, the Information Technology Asset Manager should review the
situation within three months to verify that the corrective action was effective.
5.0 IT ASSET Records update
After the Information Technology asset assessment and subsequent corrective actions, The
Information Technology Asset Manager shall ensure timely and accurate updates to ITAM102-5
IT ASSET INVENTORY DATABASE and ITAM102-6 IT NETWORK MAP. (See Reference B.)
Forms:
 ITAM104-1 IT ASSET ASSESSMENT CHECKLIST
 ITAM104-2 IT ASSET SCAN SUMMARY
References:
A. ISO STANDARD 27002:2013 – CODE OF PRACTICE FOR INFORMATION SECURITY
MANAGEMENT, CLAUSE 8 ASSET MANAGEMENT
Clause 8 of the Standard is the Asset Management standard, which deals with asset
accountability and information classification.
ISO Standard 27002:2011 and its companion standards, ISO 27001:2011 and ISO
27005:2008, provide a comprehensive set of controls comprising best practices in the
field of information security.
ISO 27002 was formerly known to ISO as “17799” and may continue to be known that
way in the business and Information Technology world for some time. See SARBANES-
OXLEY ACT OF 2002
Sarbanes-Oxley, passed by the U.S. Congress in 2002, is designed to prevent manipulation, loss, or
destruction of records within publicly-held companies doing
Revision History:
Revision Date Description of Changes Requested By

mm/dd/
0 Initial Release
yyyy

You might also like