Asset Management
- Symone Sheane
PURPOSE
The purpose of this SOP is to ensure that all HIC’s assets are identified, recorded and managed in accordance with the ISO27001 standard. Â
HIC categorises information assets as:  Â
Infrastructure Â
Data Â
Service Â
End User Computing Â
Accounts and Projects Â
SCOPE
The scope of this SOP extends to all HIC Teams, third parties, vendors and partner agencies who utilise or who are responsible for the development, management, and maintenance of HIC assets. Â
RESPONSIBILITIES
ROLE | RESPONSIBILITY |
Asset Owner | Accountable for the day-to-day management of assets |
Delegated Asset Owner | Responsible for the creation, review and updating of assets |
Business Support Team | Responsible for supporting asset management process and communicating to stakeholders |
PROCEDURE
Principles
Information Classification and Handling: All HIC information has a value to the organisation, however not all the information has an equal value or requires the same level of protection. Being able to identify the value of information assets is key to understanding the level of security that they require. HIC maintains an Information Classification and handling scheme which involves grouping information and categorising content to establish the most appropriate way of handling, storing, retrieving and to determine who is authorised to access Information. Â
Steps
Inventory of Assets : Any assets which are of value to HIC needs to be identified and managed over its lifecycle. HIC are required to show how assets are managed and controlled, based around their importance.   Â
Ownership of Assets : All assets must have owners. Each owner is responsible for protecting the confidentiality, integrity, and availability of the information. Assets will have delegated staff who are responsible for the effective management of the asset during the asset lifecycle.  Owners will ensure: Â
Assets are inventoried. 
Assets are correctly classified and protected.Â
Access restrictions to the asset and its classification are periodically reviewed. Â
Assets are handled correctly when being deleted or destroyed. Â
Acceptable Use of Assets :HIC will refer to the University of Dundee Policy on Acceptable use  Â
Return of Assets :Upon termination of business relations, all users in possession or have access to information assets need to return them to HIC or have access removed by HIC. Â
APPLICABLE REFERENCES
Information Classification Â
For Definitions see ISMS Glossary
Asset management policy - University of Dundee
Acceptable use policy - University of Dundee
Information Security Policy
DOCUMENT CONTROLS
Process Manager | Point of Contact |
|---|---|
Jill Hampton |
Revision Number | Revision Date | Revision Made | Revision By | Revision Category | Approved By | Effective Date |
|---|---|---|---|---|---|---|
1.0 | 01/01/24 |
| Bruce Miller and Symone Sheane | Superficial | Governance & Project Co-Ordinator: Symone Sheane | 10/01/24 |
1.1 | 04/04/24 |
| Bruce Miller | Superficial | Governance Co-Ordinator: Symone Sheane | 5/04/24 |
1.2 | 10/04/24 |
| Symone Sheane | Superficial | Governance Co-Ordinator: Symone Sheane | 10/04/24 |
1.3 | 19/04/24 |
| Symone Sheane | Superficial | Governance Co-Ordinator: Symone Sheane | 19/04/24 |
1.4 | 30/04/24 |
| Bruce Miller | Superficial | Governance Co-Ordinator: Symone | 30/04/24 |
1.5 | 02/05/24 |
| Bruce Miller | Superficial | Governance Co-Ordinator: Symone Sheane | 02/05/24 |
1.6 | 09/10/24 |
| Bruce Miller | Superficial | Governance & Project Co-Ordinator: Symone Sheane | 18/11/24 |
1.7 | 17/10/24 |
| Jill Hampton | Superficial | Governance & Project Co-Ordinator: Symone Sheane | 18/11/24 |
1.8 | 18/11/24 |
| Symone Sheane | Superficial | Governance & Project Co-Ordinator: Symone Sheane | 18/11/24 |
Copyright Health Informatics Centre. All rights reserved. May not be reproduced without permission.
All hard copies should be checked against the current electronic version within current versioning system prior to use and destroyed promptly thereafter. All hard copies are considered Uncontrolled documents.