Many organizations have policies in place that describe equipment use. Some of these policies are short and are very specific about how equipment can be used and to avoid using supplied equipment for illegal purposes. With the need to add asset management processes, including acquisition and management, a review of these processes, emphasizing the employees’ obligations is necessary. This can be part of the communications plan to ensure employees understand the new requirements for asset management.
Risks addressed by the policy:
- Contracts signed departmentally for IT services and support that do not meeting regulatory requirements.
- Data loss due to solutions installed or purchased as hosted solutions that do not meet backup and data recovery requirements.
- Solutions purchased departmentally that require IT assistance, but cannot be installed due to existing project timelines.
- Equipment that no longer meets standards and cannot be replaced due to budgetary constraints.