Compleye Online Asset Management functionality supports the organization in maintaining and keeping track of Hardware Assets. The function helps to understand where the assets are located, how they are used and keeps a record of the changes. The data from the asset management functionality can ensure prompt asset recovery and provide valuable audit support.
The definition of Assets within the ISO27001 is:
- Hardware assets that can carry information/data (mobile telephones, laptops, desktops)
- Also your data servers belong to the Hardware Assets – if you own your own servers.
- Next to hardware, the ISO27001 considers Data also as an asset.
Compleye is managing data in the Data Classification section .
With respect to the HW Assets you will need to be in control of a number of topics:
- You will need to list all assets that are being used in your company by your team members, whether they are company owned or not. Meaning all laptops, telephones, I-pads etc.
This is eg: important when defining the security rules and need to know if your team is using Android or iPhones. It is also required to identify for insurance purposes.
- If you have your own servers on site (owned), you will need to list them as well.
- You will need to check this overview at least once a year or more often if there are many changes.
- You will need to register when team members take a company owned asset home and they will need to sign for that.
- You will need to define how your team members are expected to treat the HW Assets. – In section policies/procedures, there is a template HW Assets Rules that you can use for this purpose.
- You will need to define how you will treat HW assets once they are not being used anymore. – In section policies/procedures, there is a template that you can use for this purpose.
- Make sure to include the Test phones in your overview, if that is applicable for your organisation.
- You can upload in section People@ (under individual team member) the signed document for acceptance of Workplace & Equipment Policy.
- You can also add other HW Assets (eg: screens and printers) just to keep track of all the assets your company owns. – To have a complete overview of everything.
- For Servers, you can define yourself what information you want add to the overview. You can also add a link to another file, where you keep track of it.
- Some organizations make use of an application/tooling to keep track of all assets. (eg: TopDesk) In this case please add a summary and link to the application in Procedure/Info , to ensure that there is evidence in case someone else from your team or external auditor will have a look at this info. In this case, bare in mind that you still will need to document Server etc. in this section.
|Serial Number||Include assigned asset serial numbers in a free format text.||Every HW has a serial number – either graved, on a sticker, or in the settings of the asset. Companies can assign also their own serial number to the asset – if they own the asset.|
|Asset Type||Select asset type from a drop-down menu, options are Laptop. Phone. Server. Screen. Other.||Select what is applicable|
|Asset Description||Include asset description in a free text format.||You can add extra info (e.g. Phone and then iPhone 6S.. (type)|
|User||Select username from a drop-down menu.||Who is using the Asset? For assets – e.g. test phones – used by an entire team, add the person that is leading the team or the tester if applicable.|
|Company Owned||Radio buttons, Options are Yes or No.||Yes or No (there is nothing in between)|
|Still in Use||Radio buttons, options are Yes or No.||If the asset is not in use anymore – add no. Via Filters, you can set the overview standard only on the assets that are in Use.|
|Last Checked (Date asset was added or last time updated)||Select a date using an embedded calendar.||If you changing Assets and/or performing a security control – change the date (even if you did not make any changes, the rest of the team will know that you have checked it)|
|Out of Use Date||Select a date using an embedded calendar.||Add the date when the asset is not in use anymore – make sure you also tick the box No (for Still in Use)|
|Assess Offboarding||Free text format.||Check in the policy what the procedure is for offboarding and add remarks here to confirm the offboarding.|
|Info||Free text format.||Any info that you think is important|
|Add new field||custom field||If you want to add an extra field, to customize your organizational needs. Eg if you need a second owner.|