How To Manage A University Computer System

Transcription

1 PC asset management policy Name of policy, procedure or regulation Purpose of policy, procedure or regulation PC asset management policy To provide a policy framework in relation to PC asset management and inventory Who formally approved this policy, procedure or regulation? Information Technology Resources Steering Group (ITRSG) Who has responsibility for its update? Information Services To whom does this policy, procedure or regulation apply? All University staff, students and other members of the University a) Date of approval December 2014 b) Proposed date of review 2016 Introduction Information Services is charged with keeping the University s IT equipment inventory - PCs, laptops, netbooks, notebooks, tablets, ipads and Macs (generically referred to as PCs within this document for ease of reading) and has a delegated responsibility for purchasing, managing and reporting on the PC estate. The inventory includes PCs bought from University funds (from whatever source). All assets remain the property of the University. Purpose This policy provides the overall framework for the management of PCs from procurement to disposal. This policy draws from the Financial Regulations and a range of other policies and procedures which have now been incorporated into this one document. It defines responsibilities that relate to the implementation of this policy. Scope This policy applies to all staff, students and other entities of the University who hold PCs purchased by the University such as Business Villages and Students Union. Policy statement The University is committed to managing the life-cycle of its PCs so that it can: Protect the University against loss of IT assets State commitment to legal compliance Enable regular audits of IT assets Gather appropriate management information This policy shall be reviewed and updated on a regular basis to ensure that it remains appropriate in the light of any relevant changes to the law, organisational policies or contractual obligations. 1

2 Guidance This document draws together a number of procedures in relation to PCs: PC replacements Appendix A Cascading and disposing Appendix B Responsibilities The Director of IS has overall responsibility for the implementation of this policy in the University. Responsibility of the day-to-day operation is delegated to IS and departments as detailed below: Area IT Resources Steering Group (ITRSG) IS Resources Team Other departments purchasing PCs University departments Senior Managers / Business Managers Responsibility Approve and oversee the PC asset management policy and related procedures, taking appropriate action in the event of a breach Receive information half yearly on the standard PC replacements Receive non-standard PC replacement requests on an adhoc basis Receive reports about externally/project funded PCs and receive information about these assets when the project is ending as to how they will be managed disposal or cascade Receive reports on asset management and disposal from IS Resources Receive report on Third Party Providers performance against service levels Ensure appropriate and thorough cascading of information, policy and procedure back in own department This is an administrative role: focussing on the data required for the PC bid presented by DIS and administering, monitoring and reporting on the processes and outcomes from the system. Oversee the asset management process and report to the Director of IS regarding procedural issues and propose procedural developments Maintain the asset management system from which the standard PC replacements lists are determined and made available to the champions Progress standard replacement IAP via usual process and progress subsequent orders Provide support and guidance to Asset Champions including training on asset management system and review of policies and procedures Overview of any items in quarantine, taking appropriate action in liaison with the IS Service Desk team and Asset Champions to address and remove item from quarantine Monthly review and check of disposed items and cross reference to asset management system Provide reports on asset management to Director of IS and Managers Review results of annual IT audit and compare with records on Snow. Report any discrepancies with Asset Champions Provide regular communication to IT equipment holders via RSS about the importance of complying with this policy and reminding staff of their obligations Any other staff purchasing IT hardware will use preferred suppliers and where possible the chosen third party provider Senior management ownership and responsibility for asset management Promote this Policy within their respective departments and take responsibility for any asset issues or discrepancies Allocate resource within department to undertake the role of Asset Champion Take overall responsibility of assets within their department and allocate the resource to undertake a physical audit of the staff and student PCs (see below) 2

3 University departments - Co-ordinated by Asset Champions IT equipment holders (e.g. member of staff) Local ownership and responsibility for the physical safekeeping and management of the assets under their control. Monitor and maintain the IT asset management inventory with local information in the fixed fields such as owner and location particularly key after a move or cascade Check the list for PC replacements and confirm those items for like for like replacement If additional equipment, non-standard replacement or replacement before its due date is required, complete the bespoke IT hardware approval process form and submit to ITRSG. If approved, complete IAP and submit via usual process. Provide asset information to IT Resources If equipment is required from external funding, follow the same procedure as non-standard but note that these items are not automatically included in subsequent PC replacements. Provide ITRSG with information about when the project is ending and a recommendation as to how the asset is then managed (disposed/cascaded) Support the PC replacement process by reminding department colleagues that they must have their old PC ready for collection when the new one is installed. The third party provider will not install the new one if they cannot remove the current one apart from exceptional circumstances of having to load and check specialist software these cases will be overseen by the asset champion who will contact the third party provider to arrange collection of the old kit Ensure that colleagues complete the necessary paperwork for IT Resources Undertake a physical audit of the staff and student PCs this will be a spot check on quarterly basis, checking a different area each quarter to include all areas of responsibility during a 12 month period. The focus should be on staff machines as these are often more mobile. Compare the results with Snow and investigate discrepancies. Additional resources from the department may be required to assist this should be agreed with senior management. Update the asset management system to indicate which machines have been checked by adding the audit date in the appropriate field Attend communication and development events in relation to PC asset management and ensure appropriate cascading of policy and procedure throughout own department Ensure that all PCs are connected to the University network at least once per month to ensure the equipment receives the appropriate updates and is recognised on the asset management system Understand that all PCs purchased from University funds remain the property of Staffordshire University and should only be used for University business. Any inappropriate deviation from this could result in disciplinary action being taken Equipment holders will retain responsibility for equipment issued to them until it has been returned to the third party provider for redeployment or disposal. They will sign a receipt on delivery. Ensure that all data has been removed from an existing machine prior to the replacement being delivered and installed. The third party provider is instructed not to leave a replacement PC if they cannot remove the obsolete one Equipment holders are not permitted to transfer their responsibilities to another member of the University without the completion of the appropriate forms supplied by IT Resources and the asset champion must be made aware Equipment holders must present mobile assets such as laptops and tablets to their asset champion for auditing purposes within one week of request. Equipment may be audited at any time PC holders must make every effort to ensure that the equipment asset marking is not damaged or destroyed whilst in their care. Report in to the IT call centre (3800) any equipment which is damaged or not working properly 3

4 IS IT and Learning Technical Support Third party providers (Phoenix) Third party disposal company Report loss or theft of equipment to IT Resources providing the serial number of the equipment and any other information relating to the loss Return all PCs to IT via the third party provider upon replacement, equipment redundancy (i.e. no longer required for University business) or when the holder or University no longer have any affiliation (e.g. the member of staff leaves the University). This also applies to externally/project funded equipment. Equipment purchased as part of a fellowship grant is not included in this policy and should not have the University operating system or software installed Conduct annual IT spot check audit of all IS PCs (staff and student) Work with IS Resources and third party providers to ensure IT assets are managed appropriately (installs, moves, cascades and disposals) Work with Staffordshire University to ensure installs, moves, cascades and disposals are managed in accordance with agreed procedures and contractual obligations Complete all paperwork within the timeframe required Liaise with IT Resources and IS Technical support to address any operational issues immediately Report back on Service Levels to the Supplier Management Board, providing detailed explanation for any failure against SLA Liaise with the PC disposal company to ensure collection of redundant equipment and that correct procedures are used for disposal Attend quarterly operational group meetings to discuss operational issues relating to the management of the PC estate Ensure that all equipment is disposed of in accordance with current legislation Provide detailed monthly reports to IT Resources Reporting Any actual or suspected breach of the PC asset management policy must be reported to the IS Director, who will take appropriate action and inform the relevant internal and external authorities. Disciplinary action will result if deliberate breach is identified. 4

5 Appendix A PC replacements one person, one PC Introduction PCs are an asset of the University rather than an individual department; a central asset management database is maintained. This automatically identifies replacements to be included in a funding application and equipment available for cascading within the University. PCs purchased with external funding or via bids to the IAP made by individual departments are not be included in the PC replacement policy but are still an asset of the University and will be recorded on the asset management database and managed via the same governance structure and policy. Purpose The co-ordination of planned replacement of PCs (staff every 5 years, students every 4 years), centrally coordinated via Information Services. One Person, one PC. Manage and control the number of PCs across the institution whilst increasing the overall quality Rationalisation of the number of staff PCs with individuals entitled to one PC or laptop Consistent provision of PCs across the institution to meet the needs of users The replacement of students PCs based on current utilisation and planned developments The cascading of PCs throughout the University Replacement policy PCs will be replaced on a rolling programme. The recommended replacement period is 5 years for staff PCs and 4 years for student PCs. A PC includes the monitor. Funding applications are submitted on a 6 monthly (May and October) basis by Information Services on behalf of the University. PC replacements within student and staff areas are identified via a central asset management database and included in a funding application. The database will also identify equipment available for cascading within the University. The University will provide staff with a single device dependent upon job role. It is anticipated that staff will have one only device unless an appropriate case is made. The equipment specifications will be reviewed (led by Information Services) on a six monthly basis (more frequently if necessary) with formal approval via IT Resources Steering Group. The specifications also need to be aware of changes to software specifications and link to the software asset management policy. PC requirements for new starters should be satisfied from existing machines within the individual department and in exceptional circumstances will be provided from the University cascade pool. Investment approval On a twice-yearly basis a list will be sent to each asset champion detailing the items due for replacement in the next funding application. Each department will be required to check the list for their department and: 5

6 Confirm the items which are due to be replaced Note any items which are not required for replacement, explaining why Add in any items from the main asset database (not included on the original list) which are required for replacement before the standard 4/5 year cycle, explaining why All replacements will be satisfied from the cascade pool, where possible and appropriate. Information Services will co-ordinate the overall investment submission. PCs are delivered and installed with a standard image by a third party provider and are only installed on a one inone out basis. If the equipment holder is not willing to hand over their old machine, the new device will not be left in the department and will be reported back to IT Resources See flow chart 6

7 Appendix B Cascading and disposing of PCs Introduction This procedure: Complies with new obligations under European Environmental Legislation Fulfils its commitment to the Waste Electronic and Electrical Equipment (WEEE) Directive Meets software license obligations Prevents the risk of sensitive data being released to unauthorised persons Fulfils its obligation to ensure that such cascaded IT equipment is safe and fit or purpose Cascading of PC equipment The University will use the following procedure with regard to the cascading of equipment, including any surplus or unwanted equipment. This process will be managed via Information Services supported by the third party provider appointed by the University and co-operation from the departments. Precise details of machines to cascade and entitlement will be determined as the need arises. Equipment will be recorded on the University Asset Management system. PC equipment will be automatically replaced and cascaded after a pre-defined period (or disposed of as applicable depending on age), in accordance with the University policy in relation to the replacement cycles of PC equipment. If there is no further use for an item of equipment, the department will inform 3800 giving details of the equipment, its location and asset number. The approved third party provider will then make appropriate arrangements to remove the item, and to update the asset register. The equipment will be cascaded or disposed of as applicable. It is the equipment owner s responsibility to ensure that any local user data (e.g. on a PC hard disk drive) which needs to be retained is backed up and all sensitive data erased from equipment prior to collection for cascading. If the PCs is being cascaded, it will be thoroughly cleaned prior to being cascaded by the third party provider. Obtaining cascaded PC equipment Cascaded PC equipment will be allocated to existing staff and/or for use in student learning areas, in accordance with the University policy in relation to the replacement cycles of equipment. If a department is aware that a staff member who is leaving will be replaced, the asset can be retained and snow updated once the new starter arrives. If not, the equipment will be taken back into the central cascade pool. If the equipment is mobile, the asset champion should ensure that it is kept secure until the new starter takes ownership. In the event of an additional item of PC equipment being required, place a call to 3800 to request the item. If the request for an additional PC is approved and suitable item is held in store, the approved IT equipment supplier will arrange a suitable delivery/installation date/time. The asset register will be updated. 7

8 Disposal of PC equipment PC equipment will be disposed of in accordance with current WEEE legislation when it is no longer of any use within the University, as defined within the University strategy in relation to the replacement cycles of equipment. Where an additional item of equipment is identified for disposal, the department will contact 3800 and log the request for the equipment to be removed giving details of its location and include type, make, model and serial of each item and asking for the asset register to be updated. It is the Faculty/School/Service responsibility to ensure that any local user data (e.g. on a PC hard disk drive) which needs to be retained is backed up and all sensitive data erased from equipment prior to collection for disposal. All data and University owned software must be completely and systematically erased from the equipment s nonvolatile memory. The approved third party provider will be responsible for collecting the equipment, wiping all data (to agreed standards) and arranging for the disposal of it in accordance with current WEEE legislation, recording specific agreed details to be provided to the university. Monthly data is provided to IS about disposals, as required under current legislation. See flow chart 8

9 Standard PC Replacements Resources Asset Champion Third party provider Customer Twice yearly submit RSS reminder about PC replacements and disposal procedures 7 weeks before IAP submission, Asset Champions to review their reports Check reports on Snow and make appropriate amendments Run master report and prepare summary spreadsheet and IAP proposal Send to SMT for approval and on to Executive If approved, obtain cost centre from Finance Place order with Phoenix Receive delivery notes Receive order and spreadsheet. Place order with HP (6 week lead time) Receive machines and install image Send delivery notes to Resources Complete pre-installation form and return to Phoenix, If staff machine, send pre-installation form to customer include serial number and instructions of how to find it If student machine, send pre-installation form to Asset Champion Complete pre-installation form and return to Phoenix, copy to Resources 9

10 Check serial number lists against original spreadsheet. Run report of any mismatches and send queries back to Phoenix to investigate Update Snow with disposals and cascades copy to Resources Install new machines and remove old ones and inform Resources of the serial numbers installed and removed Assess which machines being replaced are suitable to retain for cascade and inform Resources Create disposal report for IS Director to sign and send on to Finance Each week scan machines for disposal and send list of serial numbers to Resources Scan machines for cascade and send list of serial numbers to Resources Confirm with Resources that all installs are complete after each specified bid 10

11 Mac replacements staff machines Resources Third party provider Asset champion IS IT Technician Receive delivery from Sheffield. Arrange (Image maintained on server delivery to faculty and notify Resources by IS technician) Receive approval via IAP. Place order with Apple, requesting delivery to Phoenix in Sheffield Create computer name. Load image with Snow agent. Install. Notify IS Technician Update snow with fixed field information and computer name for new Macs. Remove and store replaced Macs. Agrees date with staff. Transfers data. Notify Faculty Technician on completion. Discuss with Faculty re resale items and items to send to broker. Confirm resale price. Manage resale process. Complete Phoenix disposal/resale form. Notify Resources Raise sales invoice. Update Snow. Complete Finance Disposal Form for Director to sign. Cross reference on Snow, PC Replacement list and Phoenix list of purchases. Spot check, sign and send disposal form to Resources. Remove Macs. Agree quantity and price. Request invoice to be raised Agree date for collection. Spot check serial numbers and sign disposal form 11

12 Mac replacements student machines Resources Third party provider Asset champion Receive delivery from Sheffield. Arrange delivery to faculty Receive approval via IAP. Place order with Apple, requesting delivery to Phoenix in Sheffield Create computer name. Load image with snow agent. (Image maintained on server by IS technician) Install Update snow with fixed field information and computer name for new Macs. Remove and store replaced Macs. Discuss with Faculty re resale items and items to send to broker. Confirm resale price. Manage resale process. Complete Phoenix disposal/resale form. Agree quantity and price. Raise sales invoice. Update Snow. Complete Finance Disposal Form for Director to sign. Cross reference to Snow, PC Replacement list and Phoenix list of purchases. Spot check, sign and send disposal form to Resources. Remove Macs. Request invoice to be raised Agree date for collection. Spot check serial numbers and sign disposal form. 12

13 Disposals outside standard programme Asset Champion 3800 Third party provider Resources Log call with 3800 Assign to Phoenix Send form to Asset Champion to complete Complete and return form Arrange appropriate time with champion to collect the machine Collect the machine and store for disposal Send form to Resources Scan serial numbers of all machines for disposal prior to leaving the University send update to Resources File form. Remove serial number from Snow. Complete Finance Disposal form for Director to sign. Cross check with Snow Receive WEEE certificate. Pass to Estates 13

14 PC move Asset Champion 3800 Third party provider Resources Log call with 3800 to have PC moved Assign to Phoenix Send form to Asset Champion to complete Complete and return form Arrange appropriate time with champion to move the machine Move the machine Update Snow with fixed field information (and for labs, update the computer name) Send form to Resources File form. Snow will automatically update change 14