IT Asset Management Policy

waxspadeManagement

Nov 18, 2013 (3 years and 9 months ago)

58 views

Date of issue: March 2009


Page
1

of
10



Hartlepool Primary Care Trust

Middlesbrough Primary Care Trust

Redcar and Cleveland Primary Care Trust

Stockton on Tees Teaching Primary Care Trust

Middlesbrough and Redcar & Cleveland Community Services


TRUST POLICY


HARTLEPOOL PRIMARY CARE TRUST

MI
DDLESBROUGH PRIMARY CARE TRUST

MIDDLESBROUGH AND REDCAR & CLEVELAND COMMUNITY
SERVICES

REDCAR & CLEVELAND PRIMARY CARE TRUST

STOCKTON ON TEES TEACHING PRIMARY CARE TRUST


POLICY REF:

G45 (
IG T14
)


TITLE:
IT ASSET MANAGEMENT POLICY


SUMMARY

This policy out
lines the process for
managing IT assets

AUTHOR(S)/FURTHER
INFORMATION

A. Todd, Technical Security Manager

NAME OF LEAD DIRECTOR

C. Weldon

VERSION

2

APPLIES TO

All staff in the PCTs,
MRCCS,
Community
Nurse settings, Prison Health and Primary
Care Hos
pitals/Community, Hospitals.
Headquarters

STATUS (Final/Draft)

Final

APPROVING COMMITTEE(S) AND
DATE

Tees Technical Security Group, Tees
Information Governance Sub
-
committee,
Integrated Governance Committee North

THIS DOCUMENT REPLACES

Version 1

REL
ATED DOCUMENTS

Information Security Policy (IGT18)


FINANCIAL IMPLICATIONS

None

DISTRIBUTION

All policy holders, Intranet

REVIEW DUE DATE

December 2009



Date of issue: March 2009


Page
2

of
10

C
ontents










Page No


1.


INTRODUCTION









3


2.

ROLES &
RESPONSIBILITIES







3



2.1 The Chief Executive



3


2.2 The Tees Informat
ion Governance Sub
-
Committee



4


2.3 The Assistant Director of Information Governance



4


2.4 Assistant Directors



4


2
.5 Heads of Service/Managers



4


2.6 Techn
ical Security Manager



5


2
.7 Head of ICT Services








6


2.8 Individual staff members









6



3.

IT ASSET MANAGER PROCESS






6




3.1 New Assets









6


3.2 Asset Movements








6


3.3 Asset Disposal









7


3.4 Asset Audits









7


4. STANDARDS/KEY PERFORMANCE INDICATORS




8


Appendix 1
-

Disposal of assets flow diagram






9

Date of issue: March 2009


Page
3

of
10

1.

INTRODUCTION


This document relates to the procedure for registering and disposing of IT
equipment belonging to Tee
s Primary Care Trusts
;
Hartlepool PCT
,

Middlesbrough PCT
,

Redcar and Cleveland PCT
,
Stockton
-
on
-
Tees
Teaching PCT

and Middlesbrough and Redcar Community Services
,
hereafter referred to as the T
rust.
The policy is to ensure that all staff are
aware of and a
bide by all of the appropriate actions required to ensure the
safe management includin
g the secure disposal of any T
rust electronic data
processing assets and all associated data.


The policy sets out the rules governing the protection of electronic data
and
the correct way to record new assets, monitor asset movements, dispose of
expired assets and to audit the electronic data processing equipment asset
base. These rules are intended to ensure that the best interests of the
T
rust
are served by e
nsuring t
he safety of both the T
rust’s data and the equipment
upon which it is processed.


This policy applies to any electronic data processing equipment deemed the
property of
the T
rust and the safe and secure management of such
equipment and any data held upon i
t. It also covers the responsibility of all
staff in respect of the safe and secure management of such electronic data
processing assets and any associated data.


With the increased use of computers in the workplace it is recognised that the
size of the a
sset base will continue to increase over time. This leads to the
delivery of new IT assets on a regular basis, the movement of IT assets
within the organisation and the need for secure disposal of assets when no
longer fit for
purpose
.


This policy app
lies to all s
taff of the T
rust

and to any contractors involved in
the disposal of the equipment and any data held upon such equipment.


This policy is
supported

by the
Information Governance Sub Committee and
the
Integrated Governance Committee and any in
fringement will be treated
as misconduct of the most serious nature. Any breach of this policy may
result in disciplinary action, which can result in dismissal.


2
.

ROLES AND RESPONSIBILITIES


2
.1

The Chief Executive


The Chief Executive will maintain
ultimate accountability for the
implementation of this policy, although specific responsibility will be
delegated to others within the Trust in particular the Managing Director of
Middlesbrough, Redcar and Cleveland Community service (MRCCS)
through the Sc
heme of Delegation. The Chief Executive and Managing
Director will seek assurance of its effective implementation through the
respective governance committees.


Date of issue: March 2009


Page
4

of
10


No deviation from any statutory and legal obligation of the Trust can be
sanctioned what so e
ver.


2.2
The Tees Information Governance Sub
-
Committee



The Tees Information Governance Sub
-
Committee has delegated authority
of the Boards for South of the River to ensure the development and
subsequent approval of all policies (except those relatin
g to employment
which will be approved by the partnership forum) and the Integrated
Governance Committee (North) have the authority to approve policies for
North of the River.



In the case of Committees being asked to approve policies across the four
trus
ts, such documents will be approve ‘in principle’ at the first Committee
until approved by the second Committee and vice versa.



If the first Committee approve and the second Committee don’t then the
Assistant Director


Assurance (South of the River) and

the Assistant
Director


Integrated Governance (North of the River) will mutually agree
any amendments. In cases which cannot be resolved through this method,
the policy will be re
-
submitted to the respective Committees.



No Tees
-
Wide policy will be imp
lemented until approval has been obtained
by both Governance Committees.


2
.3 The Assistant Director of Information Governance




The Assistant Director of Information Governance is responsible for Co
-
ordinating the core functions of Information Gove
rnance within the Trust,
provide strategic direction and ensure progress against annual programme
for activities is monitored.



2
.4 Assistant Directors



The Assistant Directors will support and enable the Heads of Service and
Managers to fulfil thei
r responsibilities and ensure the effective
implementation of Information Governance framework.


2
.5 Heads of Service/Managers




Heads of Service/Managers are responsible for ensuring that their service
works within the Information Governance framework
. They will ensure that:




There are effective methods for communicating Information Governance
related issues within their service




Information Governance responsibilities are reflective in staff objectives and
discussed during the appraisal process


Date of issue: March 2009


Page
5

of
10



Staf
f attend relevant training, induction and mandatory updates in relation to
Information Governance




Staff are aware of and adhere to Information Governance policies and
procedures




Necessary risk assessments are undertaken within their area of responsibilit
y




Incident reporting is integral to the operational activities within their areas and
all incidents are reported and investigated in accordance with policy




Information Governance issues are discussed at appropriate forums




Where necessary appropriate inv
estigations are conducted, reports produced
and action plans agreed and monitored




The Assistant Director is kept informed of Information Governance issues
relating to their service


2
.6
Technical Security Manager


Will be responsible:




For ensuring comp
liance with this policy




For issuing guidance for implementing and compliance with this policy




For supporting the Technical Security Group


Publicise and promote the local guidelines by (for example):




To ensure that training materials are kept up to date

and a formal
programme is in place to support this policy


And finally, maintain standards by:




Encouraging all staff to follow the procedures, guidance and best practice




Monitor performance through quality control and internal audits




Identifying areas
where improvements could be made




Reporting performance standards to the Chief Executive, senior managers
and Integrated Governance Committees




Date of issue: March 2009


Page
6

of
10


2
.7 Head of IT




The Head of IT Services and members of the IT service will be allocated
responsibility
for assisting the Technical Security Manager in the
safeguarding of all Trust data and the management arrangements in respect
of the trust’s electronic data processing assets.



2
.8 Individual
staff members will:




Be aware of and adhere to relevant In
formation Governance policies and
procedures



Attend Information Governance training and mandatory updates



Assist in identification of Information Governance issues/breaches and
bring them to the attention of the relevant manager



3.

IT ASSET MANAGEMENT
P
ROCESS


3.1

New assets


3.1.1

All new IT assets shall be procured by the Tees ICT service, in line with the
procurement policy.


3.1.2

A new asset will, in the first instance, be delivered to
the T
rust
, a
T
rust
asset tag will be provided and details of t
he equipment recorded.


3.1.3

Upon arrival in the
trust
the order paper work and delivery notes shall be
processed to ensure that the equipment delivered matches the original
order and that all items are in order.


3.1.4

Items will first be confirmed
as acceptable and then have the final
destination clearly marked upon the packing. Once the end destination is
established the asset will be stored within a secure location, normally in the
IT department or a secure storage area until the equipment can be

installed.


3.1.5

Prior

to installation an engineer will be assigned to the equipment and
he/she will complete the associated asset sheet and register maintained by
the IT Service.


3.2

Asset movement


3.2.1

Prior

to an IT asset being moved, the user and
/or line manager responsible
for the asset will contact the I
C
T

Service to advise of the move. Notice of at
least
four

weeks must be given to ICT services prior to the movement of
any asset. Only ICT staff are permitted to move IT assets, the asset move
w
i
ll be logged and held on file within the IT department. The IT Services
Support
Manager or IT Support staff will adjust the location within the asset
register once the asset has been sited.


Date of issue: March 2009


Page
7

of
10

3.3

Asset disposal



3.3.1

Any IT asset that is deemed to
be ready for disposal must first be checked
against the Trusts IT Asset Register. Managers must complete an
Equ
ipment Disposal Record and the t
rust asset register disposal forms,
provided by

the Tees

I
C
T Services.


3.3.2

Every known IT asset ha
s a referen
ce /s
in number identifier
and the

manager signing the disposal form must ensure that disposal form includes
the asset number.


3.3.3

All IT assets must have the unique identifiers (Asset numbers, Sin


numbers) recorded prior to collection from the third party.


3.3.4

Receipt of collection must be retained by ICT services


3.3.5

Comparisons between outward bound IT assets and disposed of IT asset
reports to be made


3.3.6

Any discrepancies mu
st be investigated by the Tees ICT Services and the
Tees Technical Security Manager


3.3.7

Prior to disposal the following actions must be taken:


3.3.10

Prior to disposal all printer consumables will be removed from the unit


3.3.11

The

Tees

I
C
T Service w
ill dispose of the equipment in an authorised and
environme
ntally sound manner adhering to the WEEE standard.


3
.4

Asset audits


3
.4.1

A random audit of IT assets will be undertaken on an annual basis. The
Tees
Technical Security Manager will select a sa
mple of IT assets and
ensure that such assets are still in operation, located in the assigned
location and carry the assigned asset tag number.


3.4.2

Any assets, which fail the audit, will be updated as appropriate.


3.4.3

Any asset, which cannot be located, w
ill be reported to the
Tees
Technical
Security Manager and the line manager responsible for the asset. If no
suitable explanation regarding the location of the asset can be provided
the
n

internal audit will be notified pending a further investigation.

3.4.4

All

PC’s and Laptops will be installed with ZCM a
sset management
softw
are
, enabling the tracking of IT assets on the PCTs networks.



Date of issue: March 2009


Page
8

of
10

4.

STANDARDS/KEY PERFORMANCE INDICATORS


Monitoring of this policy will be achieved through audits (internal/external),
ext
ernal assessments and feedback given to the Tees Information
Governance Sub
-
Committee and working groups.


Information Governance will undertake a six monthly review of adherence
to the arrangements specified in this Code of Practice.



Procedures will al
so be subject to internal and external audit.









































Date of issue: March 2009


Page
9

of
10


Appendix 1
-

Disposal of assets flow diagram



Date of issue: March 2009


Page
10

of
10