Data Center Asset Management and Inventory Policy

• Table of Contents

  • EDC Inc Data Center Asset Management and Inventory Policy
  • 1.0 Purpose
  • 2.0 Scope
  • 3.0 Policy
  • 3.1 Asset Inventory
  • 3.2 Asset Management
  • 3.3 Asset Auditing
  • 3.4 Asset Disposal
  • 3.5 Change Management
  • 4.0 Enforcement
  • 5.0 Review and Revision
  • 6.0 Contacts
  • Summary

EDC Inc Data Center Asset Management and Inventory Policy

This policy outlines the procedures and responsibilities for managing and maintaining the inventory of EDC Inc’s data center assets. It is designed to ensure the integrity, availability, and confidentiality of EDC Inc’s data center assets.

1.0 Purpose

The purpose of this policy is to establish guidelines for the management and maintenance of EDC Inc’s data center assets. This includes the tracking, auditing, and disposal of assets in a manner that protects the company’s information and resources.

2.0 Scope

This policy applies to all EDC Inc employees, contractors, and third-party service providers who have access to EDC Inc’s data center assets. This includes, but is not limited to, servers, storage devices, network equipment, and software.

3.0 Policy

3.1 Asset Inventory

All data center assets must be recorded in the Configuration Management Database (CMDB). The IT Server Build Operations department is responsible for ensuring that all new assets are added to the CMDB upon acquisition.

• Each asset must have a unique identifier in the CMDB.
• The CMDB must include information about the asset’s location, owner, and status.
• The CMDB must be updated whenever an asset is moved, modified, or disposed of.

3.2 Asset Management

The IT Server Operations department is responsible for the regular maintenance and patching of server assets. All servers must be patched every 30 days, unless an “IT Exception” is approved by IT Security.

• IT Server Operations must coordinate with IT Monitoring Operations to ensure that patching does not disrupt service availability.
• Any exceptions to the patching schedule must be documented and approved by IT Security.

3.3 Asset Auditing

The IT Audit and Compliance department is responsible for conducting regular audits of the CMDB to ensure its accuracy and completeness. Any discrepancies found during an audit must be reported to the IT Server Build Operations department for resolution.

3.4 Asset Disposal

The IT Server Operations department is responsible for the secure disposal of data center assets. This includes ensuring that all data is securely wiped from storage devices before they are disposed of.

3.5 Change Management

All changes to data center assets must be approved by the Change Audit Board (CAB). The IT Server Operations department is responsible for submitting change requests to the CAB for approval.

4.0 Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. In addition, violations of this policy may be reported to law enforcement as appropriate.

5.0 Review and Revision

This policy will be reviewed and updated as necessary by the IT Security Operations department. Any changes to this policy must be approved by the CAB.

6.0 Contacts

For any questions or concerns regarding this policy, please contact the following departments:

• IT Server Operations
• IT Server Build Operations
• IT-SOC (Incident management)
• Corporate Physical Security
• IT Security Operations
• IT Monitoring Operations
• IT Database Operations
• IT Audit and Compliance

Summary

This policy provides a comprehensive framework for the management and maintenance of EDC Inc’s data center assets. By adhering to this policy, EDC Inc can ensure the integrity, availability, and confidentiality of its data center assets, while also complying with legal and regulatory requirements. It is the responsibility of all EDC Inc employees, contractors, and third-party service providers to understand and comply with this policy.