When a person is accused of a crime, evidence is required to back up the accusation. To protect the person being accused, physical evidence obtained must be protected from anyone who might want to tamper with it in order to change the outcome of a trial. In a court of law, government officials are required to show a Chain of Custody for any physical evidence that will be entered into the trial.
Chain of custody (CoC), in legal contexts, refers to the chronological documentation or paper trail, showing the paper trail, custody, control, transfer, analysis, and disposition of physical or electronic evidence.
To meet the standards required to prove “chain of custody,” documentation is required to show how the evidence was collected, stored, and transferred. Documentation needs to include a person who is accountable for the evidence, the location of the evidence, and dates to establish a timeline.
Asset Lifecycle Management
Asset lifecycle management is similar to a chain of custody. Assets need to be documented when they are acquired, and tracked until they are disposed. Documentation includes a person that is accountable, along with locations and dates that establish a timeline from acquisition to disposal.
The objective for tracking IT assets has traditionally been associated with controlling costs; however, many organizations are starting to realize that asset lifecycle management is critical to their security objectives. Lost or misplaced assets that contain proprietary data, such as employee or customer information, puts organizations at risk from a security perspective.
To meet the requirements demanded by IT asset lifecycle management, a business process has to be established to define how IT assets are acquired, transferred, and disposed. Creating a process for IT asset management (ITAM) can be challenging because ITAM processes are not just for those in the IT department, they are processes that touch every part of the organization.
Most successful ITAM programs are invasive to the organization, involving everyone at some level, such as end users (educating on compliance), budget managers (redeployment as a choice), IT service departments (providing information on warranties), and finance (invoice reconciliation, updates for fixed asset inventories).
ITAM processes will also differ depending on the type of asset. For example, the lifecycle of a laptop process would be much different than the lifecycle of a software asset process.
When an ITAM process is established, it is important to enforce the process. I remember working with a hospital that was building an IT asset lifecycle process. The challenge they encountered with their process was a political obstacle. Several departments within the hospital had their own IT budget which allowed them to purchase their own IT assets.
The process that had been established by the hospital did not have a way to account for assets acquired by internal departments outside of the IT department. To overcome this obstacle, a single portal was established for purchasing IT assets which allowed asset managers to document and process every asset that was purchased, regardless of the department making the purchase.
The Importance of Process Automation
Another challenge IT asset managers encounter is human error. When a process is not followed due to human error, assets can be misplaced or lost. Automating ITAM processes will reduce or eliminate human error. For organizations looking for an asset management solution, it is important to choose a solution that provides or integrates with automation tools.
Asset Lifecycle Status
An asset lifecycle process is much like a train track with several stops along the way. Each stop is given a name much like an actual train station stop. As assets pass through each stop, they are documented in the asset management database, giving administrators the ability to see historic information for each asset.
An asset lifecycle stop in an IT asset management process represents the “status” of the asset. For example, when an IT asset is purchased, it would immediately be entered into the organization’s asset lifecycle process. Once entered into the process, the asset will be assigned a “status” that shows it has been “ordered.” When the asset is received by the organization, the process would move it from “ordered” to “received.” This change can be done using a form, or a bar code scanner.
When lifecycle processes are followed, IT administrators are able to see the current status of each asset; showing where every asset is according to the lifecycle status defined within the process.
If an asset manager needs to know how many laptops are currently available, a report could be created showing how many laptops are currently available, or how many are on order. Also, a lifecycle status report will show administrators how many laptops are currently assigned to their employees.
Software asset lifecycle processes will be different to hardware, but the concept of tracking the “status” of a software IT asset is the same as it is for hardware.
For example, when using a software asset lifecycle processes, IT asset managers will be able to see when software was purchased and when software expires according to the software contract. Furthermore, asset managers will be able to facilitate on-boarding and off-boarding of their employees by automatically assigning and un-assigning license entitlements as employees come and go. Finally, asset managers will be able to determine if licenses are available when fulfilling software asset requests.
IT Asset Lifecycle Management gives asset managers the ability to see IT assets as well as their current status. Tracking the status of an asset is achieved through a process that tracks the asset from when it is purchased, placed into operation, placed into repair, until placed into disposal.
To ensure success when applying lifecycle processes to IT assets, it is important to use automation tools to avoid error that is often made during manual processes.
Be sure your IT asset management solution is able to work with devices, such as bar code scanners, which enable asset managers to easily move assets from one status to another in the asset lifecycle process.
Most important, be sure that proper discovery techniques are used to ensure every asset is discovered, followed by asset mapping to build asset intelligence. Without proper discovery and intelligence, an asset lifecycle process will not produce accurate and meaningful results.
Other posts in this series:
- Three Components Required for a Complete IT Asset Management Solution (Part 1 of 4): Six Common Objectives
- Three Components Required for a Complete IT Asset Management Solution (Part 2 of 4): Discovery
- Three Components Required for a Complete IT Asset Management Solution (Part 3 of 4): Asset Intelligence