Information Technology Standard 02.4.0

IT Asset Control Standard


Date of Current Revision or Creation:泭December 1, 2021


The purpose of an Information Technology Standard is to specify requirements for compliance with 圖朸厙 Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.

Purpose

The purpose of this standard is to define the requirements of the information technology asset control used by 圖朸厙.

Definitions

COV ITRM Standard SEC 514-03 is the Commonwealth of Virginia's Information Technology Resource Management - Removal of Commonwealth Data from Surplus Computer Hard Disk and Electronic Media Standard.

Information Technology Assets are any University-owned information, system or hardware that is used in the course of business activities.

Property Control is a unit under the Department of Procurement Services responsible for equipment and computer disposal at the University.

Standards Statement

Before electronic media or information technology assets are surplused, transferred, reassigned, traded-in, disposed of, or replaced, released or no longer in use by 圖朸厙, all data must be completely erased or otherwise made unreadable in accordance with the Commonwealth of Virginia's

Failure to effectively remove the Commonwealth data could result in a violation of laws and regulations including but not limited to the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), The Family Educational Rights and Privacy Act (FERPA), IRS 1075.

General data removal steps and acceptable data removal methods are outlined in the COV Standard. University procedures are available through Information Technology Services. Property Control policy requires the Budget Unit Director to certify that data on hard drives has been removed or cleaned to meet State requirements.

Procedures, Guidelines & Other Related Information

History

Date Responsible Party Action
October 2008 ITAC/CIO Created
October 2009 ITAC/CIO Reaffirmed
October 2010 ITAC/CIO Reaffirmed
October 2011 ITAC/CIO Reaffirmed
October 2012 ITAC/CIO Reaffirmed
December 2012 IT Policy Office Minor rewording for clarity; Link updated; departmental name update; Numbering revision
August 2015 IT Policy Office/ISO Three year review; alignment with COV ITRM Standard SEC514-03 and 圖朸厙 procedure.
August 2018 IT Policy Office/ISO Definitions and links checked
December 2021 IT Policy Office Definitions and links checked