IT Standard - Asset Management

1. Introduction

• 1.1 Purpose: This standard establishes the framework for the effective management of all Information Technology (IT) assets throughout their lifecycle at the University of Central Oklahoma (UCO). It ensures proper governance, accountability, information security and financial planning for IT resources across the institution. The standard is developed in alignment with industry best practices, as emphasized by the NIST Cybersecurity Framework which highlights asset management as foundational to a strong asset lifecycle and security posture. It also adheres to state regulations for tangible assets, including those from the Oklahoma Office of Management and Enterprise Services (OMES).
• 1.2 Scope: This standard applies to all IT assets owned, leased, or otherwise controlled by UCO. This includes, but is not limited to:
  • Computer hardware (desktops, laptops, servers, tablets)
  • Networking equipment
  • Software licenses and subscriptions
  • Mobile devices
  • Audiovisual equipment
  • Specialized computing equipment
  • Peripherals valued above $500.
• This standard encompasses all university colleges, departments, academic units, and affiliated entities regardless of funding source or IT management structure. All UCO information technology assets are required to be entered into the Enterprise ITSM systems to properly support incident management and technology lifecycle planning.

2. Standard Principles and Objectives

• 2.1 Guiding Principles: UCO Office of Information Technology (OIT) will maintain a comprehensive IT asset management program to effectively track, manage, secure and optimize the use of all UCO technology resources throughout their lifecycle. All IT assets will be properly recorded, tracked, maintained, and disposed of in alignment with this standard, approved IT policies and standards.
• 2.2 Standard Objectives: The overarching objective is the effective management of all UCO Information Technology (IT) assets throughout their lifecycle at UCO, ensuring proper governance, accountability, information security and financial planning for UCO technology resources across the institution.

3. Roles and Responsibilities

• 3.1 General Responsibilities: All IT assets shall be managed through the following phases: Planning, Acquisition, Documentation for Tracking, Deployment, Maintenance, Refresh/Replacement, and Retirement and Disposal.
• 3.2 Specific Role Accountabilities: 
  • Chief Information Office (CIO):
    • Has ultimate responsibility for the IT Asset Management program for UCO.
    • Reports on IT asset status to university leadership and governing bodies.
    • Approves exceptions to this standard.
  • Information Technology Executive Committee (ITEC) and Change Advisory Committee (CAB):
    • Responsible for vetting all exceptions to this standard.
  • Executive Director of IT Client Experience:
    • Responsible for the day-to-day execution and management of these standards.
  • IT Asset Manager:
    • Over sees the implementation of this standard.
    • Maintains the IT asset management system.
    • Coordinates with distributed IT units and Finance.
    • Prepares reports for university business units, leadership and state authorities.

4. Definitions and Terminology

• 4.1 Key Terms:
  • IT Asset: Any hardware, software, or information system component that supports information technology capabilities.
  • Asset Lifecycle: The stages an asset passes through during its time of ownership, including planning, acquisition, deployment, maintenance, and retirement.
  • IT Asset Management System: The centralized system used to track and manage IT assets throughout their lifecycle.

5. Standard Measures and Reporting

• 5.1 Key Performance Indicators (KPIs): Physical verification of IT assets will be conducted annually to ensure accuracy of technology asset location, ownership, and status. The IT Asset Management program is subject to regular internal audits to ensure compliance with this standard. 
• 5.2 Reporting Requirements: Regular reports will be generated for:
  • Budget planning and forecasting
  • Compliance with state reporting requirements
  • Leadership decision-making
  • Audit purposes

6. Compliance and Deviations

• 6.1 Standard Adherence: All IT assets will be properly recorded, tracked, maintained, and disposed of in compliance with this standard. Compliance is also ensured through annual inventory verification and regular internal audits.
• 6.2 Deviation Management: Exceptions to this standard must be documented and approved by the CIO or designee i.e. CISO.

7. Standard Review and Continual Improvement

• 7.1 Standard Review Cycle: This standard will be reviewed annually and updated as needed to reflect changes in technology, organizational structure, or regulatory requirements.
• 7.2 Continual Service Improvement (CSI) Integration: The document implies continual improvement through its annual review cycle.
• 7.3 Related Standards: This standard operates in conjunction with:
  • Information Security Standard
  • Data Classification Standard
  • Procurement Standard
  • Acceptable Use Standard

8. Document Control