Sample Asset Management Policy:
Sample Asset Management Standard
The Asset Management Standard defines Company objectives for establishing specific standards for the management of the networks, systems, and applications that store, process and transmit Company information assets. Company information assets are defined in the Sample Asset Identification and Classification Standard.
The Company systems, including hardware and software, must be managed in accordance with the information asset protection objectives established in the Asset Protection Standard throughout the life cycle from acquisition to disposal. Specific instructions and requirements for life cycle management of Company hardware and software are provided in the System Development Life Cycle Standard.
The Company will establish and maintain Asset Protection Standards in accordance with the information asset protection objectives established in the Asset Protection Standard for each system represented in the Company production environment. Specific instructions and requirements for configuration management are provided in the Configuration Management Standard.
All systems, networks, and applications used in the Company production environment and in virtual premises, such as hosting sites, must follow the documented change control process and procedures to ensure that only authorized updates or changes are made. Specific instructions and requirements for change control are provided in the Change Control Certification Process Manual Standard.
All production systems and applications developed by the Company or on behalf of the Company must adhere to the documented process of analyzing, designing, developing, testing, and enhancing systems to ensure the integration of appropriate security controls. Specific instructions and requirements for systems development are provided in the System Development Life Cycle Standard.
Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.