IT Asset Control Standard
Date of Current Revision or Creation:泭December 1, 2021
The purpose of an Information Technology Standard is to specify requirements for compliance with 圖朸厙 Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.
Purpose
The purpose of this standard is to define the requirements of the information technology asset control used by 圖朸厙.
Definitions
COV ITRM Standard SEC 514-03 is the Commonwealth of Virginia's Information Technology Resource Management - Removal of Commonwealth Data from Surplus Computer Hard Disk and Electronic Media Standard.
Information Technology Assets are any University-owned information, system or hardware that is used in the course of business activities.
Property Control is a unit under the Department of Procurement Services responsible for equipment and computer disposal at the University.
Standards Statement
Before electronic media or information technology assets are surplused, transferred, reassigned, traded-in, disposed of, or replaced, released or no longer in use by 圖朸厙, all data must be completely erased or otherwise made unreadable in accordance with the Commonwealth of Virginia's
Failure to effectively remove the Commonwealth data could result in a violation of laws and regulations including but not limited to the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), The Family Educational Rights and Privacy Act (FERPA), IRS 1075.
General data removal steps and acceptable data removal methods are outlined in the COV Standard. University procedures are available through Information Technology Services. Property Control policy requires the Budget Unit Director to certify that data on hard drives has been removed or cleaned to meet State requirements.
Procedures, Guidelines & Other Related Information
- Federal and State Law
- University Policy 3505 Security Policy
- Equipment Turn in Transfer Work Order Form
- Security Awareness Training
History
Date | Responsible Party | Action |
October 2008 | ITAC/CIO | Created |
October 2009 | ITAC/CIO | Reaffirmed |
October 2010 | ITAC/CIO | Reaffirmed |
October 2011 | ITAC/CIO | Reaffirmed |
October 2012 | ITAC/CIO | Reaffirmed |
December 2012 | IT Policy Office | Minor rewording for clarity; Link updated; departmental name update; Numbering revision |
August 2015 | IT Policy Office/ISO | Three year review; alignment with COV ITRM Standard SEC514-03 and 圖朸厙 procedure. |
August 2018 | IT Policy Office/ISO | Definitions and links checked |
December 2021 | IT Policy Office | Definitions and links checked |