Asset Management:

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

Asset Management

What are assets? Asset Management from a corporate governance and information security perspective is not just about 'IT' Assets. It is about the management, control and protection of all aspects of Information / Data in whatever form for example paper records or X-Ray Film and fiche.

That is it is about ensuring the Confidentiality, Integrity, Availability (CIA) - Some might separate out Privacy and Accuracy - of information and data that is critical to the organization. Weather the information data is Held, Obtained, Recorded, Used, Shared (HORUS)*. The data may be personal data held by the organization about staff or customers, suppliers (stakeholders), it may be records of stock or it may be cost of processes within the organization, whatever the data if compromised there are likely to be consequences.

It therefore follows that Asset Management is the first place to start when conducting gap analysis and deciding what Risks are relevant to the assets.

  • HORUS is taken from and attributable to UK-National Health Services Information Security it I believe adequately covers what we can do/do with data.

--Skthornber 15:37, 13 February 2007 (EST)

IT Asset Management

IT Asset Management or (ITAM) is the set of business practices that join financial, contractual and inventory functions to support life cycle management and strategic decision making for the IT environment. Assets include all elements of software and hardware that are found in the business environment.

Software Asset Management

Software Asset Management or SAM is a term applied to the business practices specific to software management. These business practices include software license management, configuration management, standardization of images and compliance to regulatory and legal restrictions, such as copyright law, Sarbanes Oxley and software publisher contractual compliance. Use of software legally in an organization is enforced by the compliance industry by companies such as Business Software Alliance, SIIA and FAST.

Software is frequently referred to as entitlements so that SAM programs confirm the right to use, or entitlement to that software by the user. Automation is frequently used to facilitate this management. Microsoft maintains a list of SAM providers to help customers manage their software.

Hardware Asset Management

Hardware Asset Management is a term applied to the management of the physical components of computers and computer networks, from acquisition through disposal. Common business practices include request and approval process, procurement management, life cycle management, redeployment and disposal management.

Role of IT Asset Management in an Organization

The IT Asset Management function is the primary point of accountability for the life-cycle management of information technology assets throughout the organization.

Included in this responsibility are development and maintenance of policies, standards, processes, systems and measurements that enable the organization to manage the IT Asset Portfolio with respect to risk, cost, control, IT Governance, compliance and business performance objectives as established by the business.

IT Asset Management integrates the physical, technological, contractual and financial aspects of information technology assets to enable a holistic and proactive approach to achieving the objectives.

Goals of ITAM

ITAM business practices have a common set of goals:

  • Uncover savings through process improvement and support for strategic decision making
  • Gain control of the inventory
  • Increase accountability to insure compliance
  • Enhance performance of assets and the life cycle management
  • Risk reduction through standardization, proper documentation, loss detection


In order to fulfill these goals, the ITAM business practices must be process driven and matured through iterative and focused improvements. Most successful ITAM programs are invasive to the organization, involving everyone at some level, such as end users (educating on compliance), budget managers (redeployment as a choice), IT service departments (providing information on warranties) as well as finance (invoice reconciliation, updates for fixed asset inventories).

IT asset management generally uses automation to manage the discovery of assets so that inventory can be compared to ownership information. Full business management of IT assets requires a repository of multiple types of information about the asset as well as integration with other systems such as supply chain, help desk, procurement and HR systems.