Asset management; data and devices

Purpose

If you don’t know what components (both material and immaterial) are within your digital environment, you can’t protect them. To keep your systems and data secure, it is important to track the various components of your projects so that you can be aware of the risk inherent in your work. 


Audience

researchers Admin staff IT staff


On this page


Initial considerations

Visibility is key to developing an asset management strategy.

  • Meet with all members of your team to determine what data, devices, software, backups, and services are in use. 

Determine your data's classification.


Research data inventory

  • Generic research data inventory template available. Please download the file for full functionality.


What can I do?

The examples provided below should not be considered exhaustive, nor should they be considered the minimum required for a strong asset management strategy. What is important is gaining visibility into what you have and keeping it up to date.

Devices

  • List all devices that are part of or connect to your research system, this can include servers, desktops, laptops, mobile devices, scientific instruments, peripheries (printers, scanners, etc.), other embedded systems, IoT (Internet of Things) devices (cameras, sensors, etc.), removeable media, etc. 

  • Assign an owner and secondary owner to each device. These individuals are responsible for the use, upgrading, and eventual decommissioning of the device. 

  • Note where in the device's lifecycle it currently is, flagging if replacement or upgrades are required. 

Data

  • List the types of information/data you are working with and their data classification.

  • Map these data types to the various devices that house them.

  • Assign an owner and secondary owner to each data type. These individuals are responsible for accessing, using, and eventual destroying or archiving of the data. 

Software

  • List the various operating systems, drivers, software tools, and suites your research team uses.

  • Map these data types to the various devices that house them.

  • Assign an owner and secondary owner to each piece of software. These individuals are responsible for use, upgrading, and eventual decommissioning of the software tool. 

Backups

  • List the types and locations of backup that you have.

  • Assign an owner and secondary owner to each backup type. Be sure they are adhering to a (ransomware) resilient backup strategy. 

Services

  • List what services your research team and system uses. 

  • Assign an owner and secondary owner to each service. These individuals are liaising with these services. 


Search

How do I...


Additional help

General

Data Asset Inventory - Guidance (sharepoint.com)

Contact us | Information Security (IS)

Researchers

https://onesearch.library.utoronto.ca/researchdata/research-data-management

https://security.utoronto.ca/services/research-information-security-program/


Related articles