Skip to main content
Hafan

Asset management

Contents

Identify, classify and risk assess all your hardware and software assets.

Options to consider: 

  • Conduct periodic physical checks (floor to book exercises) to ensure the accuracy of the hardware asset inventory.
  • Use asset discovery tools to help you identify all assets within the network.
  • Put processes in place to capture new assets you acquire.
  • Assign ownership for each individual asset.
  • Apply appropriate security classifications based on the sensitivity of the information you are processing.
  • Keep records to show that you review both the inventories themselves and the risks associated with the assets on a periodic basis. 
  • Train owners on how to risk assess hardware and software assets.
  • Create a checklist for staff to follow when they review asset inventories. 
  • Identify your critical assets and suppliers and any interdependencies.

Keep records showing secure disposal of hardware assets (eg destruction logs and certificates). 

Options to consider: 

  • Wipe, degauss or securely destroy hardware that contains personal information.
  • Document the procedure for the secure disposal of assets. 
  • Maintain evidence of management approval and sign-off prior to disposing of assets.
  • Store hardware assets awaiting destruction in a locked area with limited access.
  • Keep a destruction log which details all hardware assets that are destroyed. 
  • Obtain certificates from third parties who securely destroy hardware assets on your behalf. 
  • Conduct internal audits to check you follow the correct process for disposal.
  • Carry out due diligence checks or audits on third parties to assess whether they maintain the security of hardware assets during the disposal process.