Asset Tracker – fields to be captured (best practice)

Below are tips on the data to be captured to make an Asset Tracker within a Company to track Hardware, Application and Department details.

Hardware Details Tracking

Description – This field should explain the purpose of this equipment.  Even a non-IT person should be able to identify this equipment based on this description.

Provider Organization – Organization which provided the equipment (mainly to capture Provider Company details).

Provider Contact Point – To capture the provider’s contact point details – phone number, email address and office address.

Status – The current status of the equipment. Use this field to identify whether the equipment is in one of the following state:

  • Standby – Old/New equipment, ready and available for usage, but currently being used
  • Active – Currently in use
  • Retired – Old equipment, not getting used anymore

Type of Equipment – Type of equipment (Server, Workstation, Laptop, Phone, Printer, Router, Switch, Firewall, IPS, etc).

Company Asset Tag – Every organization may have their own way of tracking the system using bar code or custom asset tracking number. (This is in addition to the Serial Number, usually provided by the manufacturer.  This provides an additional way of identifying an asset and is recommended.)

Location} (Include the below fields to granularly identify the equipment’s location).

Physical Building: Building where the equipment is installed.

Level: The physical level within the building.

Room/Cage: Room/Cage number or name.

Rack: Rack number or name within the Room/Cage. (mainly for Servers, Routers, etc).

Rack Position:  Position of the equipment within the rack.

Desk: Desk number or name (mainly for workstations, phone, etc).

Location Comments: This is a free field for any further instruction on how to find the equipment.  May be necessary for equipment installed in locations that cannot be classified as per above fields.

Internal IP Address – Internal IP address of the equipment.

External IP Address – Public IP address of the equipment, open to the Internet.

URL – If this is a web-server, give the URL to access the web application running on the system. If this is a switch or router, specify the admin URL.

NIC – The NIC point within the equipment, where the network cable is connected. (Example: Cable 1 to GB1; Cable 2 to Slot1/Port1).  It is better to keep this field as free text.

Switch/Port – The Switch and the Port number to which the networking cables from the equipment is connected. (Example: Cable 1 to Switch1/Port5; Cable 2 to Switch2/Port3)

Which Security Clients Installed? – Which monitoring software is installed in the equipment?  (Example: Sophos Antivirus, Sophos End Encryption, Sophos Endpoint DLP, Palo Alto, etc).

Storage Connection – Equipment connected to SAN/NAS?

Connected Equipment – Company Asset Tags of all equipment connected to this equipment.

Total Drive Count – This indicates the total number of internal drives on the server. This can come very handy for capacity management. for e.g. Some of the dell servers comes only with 6 slots for internal hard-drives. In this example, just by looking at the document, we know that there are 4 disk drives in the servers and you have room to add 2 more disk drives.

Operating System Version – Version information, in addition to the OS type is essential.

Warranty Start Date

Warranty End Date

Date of Purchase

Purchase Price

Lease Begin Date

Lease Expiry Date

Lease Provider Company

Lease Payment Amount and Frequency

Link to Warranty/Contract/SLA/User Guide Documents

Information Classification – Classification of Information hosted in the equipment. (Example: Secret / Confidential / Internal / Public.)

Date of Last IT Risk Assessment – This field is to capture the last date of such as assessment on this equipment, if applicable.

IT Risk Assessment Reference/Link – Reference number / link to the IT Risk Assessment performed on this equipment.

Additional Notes – Enter additional notes about the equipment that doesn’t fit under any of the above fields.

Last Date of Update of Information – This is to capture the date on which the latest update was performed on this information entry.

Information Last Updated By – The person who performed the latest update.

Many of these inputs taken from this online source:

 

Application Details Tracking

Description of Service Provided – Brief description about the services provided by the application.

Status – The current status of the application. Use this field to identify whether the application is in one of the following state:

  • Not Active – Not active due to some reason (example: still being developed, taken down for retirement, etc)
  • Active – Currently in use.
  • Retired – Old application, not in use anymore.

Business Unit – The Department which uses the application.

Information Owner – Information Owner from the Business Unit, appointed by the Business Head of the Department.

Information Custodian – The person responsible for the technical implementation of the information security controls on this application. (Typically this person is from IT).

Information Classification – Classification of Information hosted in the application. (Example: Secret / Confidential / Internal / Public.)

Information Type Accessed/Processed by the Application – To capture all the category of information accessed/processed by the application.  (Example: Customer Personal Data, Employee Personal Data, Customer Transaction Data, Customer Policy Data, Financial Data, etc).

Upstream Data Sources – List all the upstream applications / sources from where data flows to this application.

Downstream Data Destinations – List all the downstream applications / destinations to which data flows from this application.

Link to Upstream and Downstream OLA – Link to Operational Level Agreements (OLAs) agreed with Upstream and Downstream applications.

Internet Facing? – Is the application Internet Facing?

URL/External IP address – If internet facing, please record the URL/External IP Address of the application.

Acquisition Type – What is the acquisition type of the application? (Example: Commercial-Of-The-Shelf (COTS), In-House-Built, Vendor-Built, Software-as-a-Service, etc)

Provider Organization – Organization which provided the equipment (mainly to capture Provider Company details).

Provider Contact Point – To capture the provider’s contact point details – phone number, email address and office address.

Application Criticality Rating – Criticality rating assigned to the application after completion of the Business Criticality Assessment.

Last Date of Business Criticality Review – This is to capture the date on which the latest Business Criticality Assessment.

Link to Warranty/Contract/SLA/User Guide Documents

IT Risk Assessment Reference/Link – Reference number / link to the IT Risk Assessment performed on this application.

Date of Last IT Risk Assessment –This field is to capture the last date of such as assessment on this application, if applicable.

Last Date of Update of Information – This is to capture the date on which the latest update was performed on this information entry.

Information Last Updated By – The person who performed the latest update.

 

Department Details Tracking

Member – List members in each team.

Position Ranking – Position Ranking of the member within the Company. (Example: Manager, Senior Manager, etc)

Job Description ­– Brief description of the job role handled by the member.

Line Manager – Manager to whom the person is reporting.

Desk Phone Number

Hand Phone Number

Location – Building

Location – Level

Location – Desk

Email Address

Last Date of Update of Information – This is to capture the date on which the latest update was performed on this information entry.

Information Last Updated By – The person who performed the latest update.

 

References:

http://www.thegeekstuff.com/2008/08/36-items-to-capture-for-practical-hardware-asset-tracking/

Asset Tracker – fields to be captured (best practice)