Some Thoughts on Information Technology (IT) Asset Management

I have some experience of this, having been employed in what was the Information and Office Technology Department (IOTD) of a division of Imperial Chemical Industries (ICI) in the 1980's, 1990's and 2000's. Some of my responibilities were:

• Setting up and managing an early Help Desk.
• Designing and implementing the processes surrounding the purchase and Asset Management of IT kit for some 1000+ employees.
• Managing the project to decommission all the IT kit and services at the ICI division world-wide headquarters when, after several mergers, it finally merged with part of Novartis to become Syngenta with the world-wide headquarters moved to Basle in Switzerland.

Asset Managment can be a thorny problem, partly because some of the Senior Management Team see IT Asset Management as being a departmental problem rather than a business-wide opportunity, and they tend to think of IT Asset Management in terms of organisational structure. For example, see this IT Asset Management (ITAM) link (HTTP Direct, not Secure) which discusses IT Asset Management Naming Convention and the need for sensible Names for IT Assets and then links this to an arbitrary separation based on Physical (that is Company location like a City) and Logical (Organisational separation like Departments) differentiation.

In my experience, this isn't helpful. In any Company, you have one list of IT Assets, although if the Company exists in several locations there will be sub-lists, one for each location. Your Impossible Missions task, Jim (Phelps), is to set up an IT Asset Management system which will stand the test of time and be robust with respect to Organisation change. The one thing that senior managers seem to have difficulty understanding is that once a piece of IT Kit is purchased, it needs to have an IT Asset Tag which is applied once that piece of kit has been accepted and commissioned into the Company, and that the Tag will not change come what may (Organisational change and mergers). The Asset record is just that, a record with fields that over time might grow or shrink. One approach, which I have used, is as follows:

• Just use a number for each IT Asset. If your Company has several locations, assign a range of numbers to each location. Usually, the temptation is to have too small a range of numbers. If a location has about 1000 people, use 1,000,000 as the range from 0,000,001 to 0,999,999. The next location has the range 1,000,001 to 1,999,999 and so on.
• Each IT Asset requires a suitable Tag. The first impulse is to print off labels, but they degrade and can be defaced. My Division settled on metallic Tags that had an embossed number, could not be easily defaced, and a glue that was truly tenacious. Once the Tag was on, it stayed on. Today some Tags are designed to be tamper-resistant in that any attempt to remove them reveals a void lower part of the Tag. For examples of Tags, see this link (HTTPS Direct).
• Each IT Asset needs a Current Custodian. There is always a temptation to call this an owner, but the owner is the Company. Each Current Custodian will probably be a Company employment number (for example M241792). Note that the Custodian number is just a pointer into the Company employment database.
• When people move in a Company, the IT Asset either moves with them or is re-assigned to someone else. There is a tendency to replace the current IT Asset Tag with another related to the location. Resist this temptation. Remember, the Tag exists fot the lifetime of the IT Asset (that is until the IT Asset is written off the Company books. In UK Paliamentary terms, the IT Asset applies for the equivalent of the Stewardship of the Chiltern Hundreds).
• You need people to look after the IT Asset Register, or rather the part that applies to the local Organisational structure. This is usually a group or department. In my Division we had the concept of departmental IT Contacts to act as a link between the department and the IT Organisation. There were regular monthly meetings to discuss a broad range of IT issues, and the IT Asset register was a permanent fixture. Remember, it is people that update the IT Asset records. How these things are done will depend on one or more Standard Operating Procedures (SOPs) that will relate to a Policy which supports the Company goals and strategy.
• The structure of each IT Asset record. It doesn't have to be complicated. In addition to the Current Custodian, there might be a number of files, for example, which are related to the Custodian. So the PC with IT Asset number 0,000,100 has a file M241792_0000100.txt which contains the IT Inventory data for that IT Asset. A simple listing of all files matching M241792_*.txt will tell you how many IT Assets have this Current Custodian. All too often, people think first of using a database, rather than thinking through the problem. Sfter all, a file system is a database (of sorts).
• What about when the Current Custodian changes? Well, obviously the IT Asset record has a changed Current Custodian, but the files like M241792_*.txt can be retained if the Current Custodian is appended to the previous one. So if M267145 replaces M241792, we get the new Current Custodian string of M267145_M241792_0000100 for this IT Asset. This obviates the need of renaming existing files and provides a historical record of Custodians.
• What about audits? One approach is to take the current IT Asset list and write it to CD-ROM. This gives you a write-once copy with a timestamp which fixes it in time. You then select a number of IT Asset numbers pseudo-randomly, and check that those items on the CD-ROM match the physical Asset. You repeat this process at regular intevals. Will the IT Asset list be accurate? Well, it will depend on your auditing rules (since most audits are just snapshots in time).

Sometimes, having a purpose built structure for data limits both simplicity and flexibility. As a thought experiment, try mapping the ideas above onto your existing IT Asset Management system (if you have one) and see if any contradictions are exposed. Just a thought! However, sometimes the constraint is that your IT Asset Managment system is a given either because that system is already in place, or because of regulatory requirements, which might limit any flexibility for change, but it just might be the case that a small, allowed, change can be a benefit. In this case you might need to persuade others, so remember Benjamin Franklin's words (Google Secure Webcache): If you would persuade, you must appeal to interest rather than intellect.