This policy seeks to outline the guidelines and practices that govern decisions on asset management at Door to ensure Door accomplishes its mission of providing high-quality products in a sustainable and safe environment.
This asset management policy applies to all assets owned by Door and all aspects of each asset, including design, construction, operation, maintenance and disposal. This policy applies to all employees, contractors and consultants at Door. In addition, Door may rely on natural assets or other assets it does not own. Where operations are supported by these assets, we will work collaboratively with the asset owners and promote the principles outlined in this policy.
The intent of this policy is to ensure all employees and functions of Door are aligned with the goals of Door as they relate to asset management and to ensure assets are managed in a manner that maximizes benefits, reduces risk and provides satisfactory levels of service to customers in a safe and sustainable manner.
The following minimal asset classes are subject to tracking and asset tagging:
Assets which cost less than $NNN shall not be tracked, including computer components such as smaller peripheral devices, video cards, or keyboards, or mice. However, assets, which store data regardless of cost, shall be tracked either as part of a computing device or as a part of network attached storage. These assets include:
The following procedures and protocols apply to asset management activities:
Prior to deployment, [Insert Appropriate Department] staff shall assign an ID to the asset and enter its information in the asset tracking database. All assets maintained in the asset tracking database inventory shall have an assigned owner.
Procedures governing asset management shall be established for secure disposal or repurposing of equipment and resources prior to assignment, transfer, transport, or surplus.
When disposing of any asset, sensitive data must be removed prior to disposal. [Insert Appropriate Department] support staff shall determine what type of data destruction protocol should be used for erasure. Minimally, data shall be removed using low level formatting and degaussing techniques. For media storing confidential or student personally identifiable information (PII) that is not being repurposed, disks shall be physically destroyed prior to disposal.
On-demand documented procedures and evidence of practice should be in place for this operational policy as part of Door. Satisfactory examples of evidence and compliance include:
The roles and responsibilities for executing this policy include the following:
Door does not currently have a preferred supplier for asset procurement. As such, as procurement must be approved by the Business Manager using the company purchasing mechanisms. All technology procurement must also be approved by the Head of Infrastructure.
All assets must be registered within the Asset Management tool before being deployed.
All assets are registered within the Asset Management tooling. Physical maintenance dates are captured if applicable. All software license renewal dates are also captured.
The disposal of assets, due to its need for replacement or upgrade, or merely because it has become obsolete, surplus or redundant, is an issue because:
Door aims to ensure that all IT equipment is managed effectively, including its disposal. The organisation understands that responsible IT asset management and disposal is essential for GDPR compliance. The Head of Infrastructure is responsible for overseeing this process.
All IT equipment that is identified for disposal should be updated in the asset register to confirm Asset disposal. Any IT equipment that has the potential to store sensitive data and which is no longer needed or has reached its “end of life” must have its data securely deleted/wiped and sensitive data deemed unreadable and unrecoverable before:
All such equipment should be processed by a registered and approved contractor to securely remove any personal data. When agreeing a contract with a professional equipment disposal service, department should obtain clear evidence of sufficient data security arrangements, including a written statement regarding confidentiality, destruction methods, and indemnity should the contractor fail to adequately destroy information; companies should comply with the ISO 27001:2013 IT Asset Disposal Standard
Computer monitors, printers, scanners and fax machines are defined as hazardous waste due to the metals and chemicals used in their construction, and arrangements for their disposal must be handled in compliance with the organisation’s waste policies.
This organisation must comply with its requirements under the Waste Electronic and Electrical Equipment Directive (WEEE). Small amounts of obsolete or broken IT equipment that has been effectively wiped of any data or does not contain any data storage potential can be disposed of through the electrical waste stream at a municipal site, or disposed of via the manufacturer or an electrical supplier.
IT equipment must never be disposed of through general waste routes. It is illegal to mix computer waste with general waste or to send untreated computer waste to landfill.
This policy will be reviewed as it is deemed appropriate, but no less frequently than every 12 months.
Further information and advice on this policy can be obtained from the Door Team, policies@doorfunds.com.