Doc owner: TBD
Asset Management Policy
Lightly seeded from legacy Allied Information Security Policy (only the cadence below is carried over). Inventory format, ownership assignment, classification, acceptable use, return on termination, and disposal are not covered in the legacy doc and need drafting.
Purpose
To ensure Allied identifies, owns, classifies, and protects information assets throughout their lifecycle.
Scope
Applies to all information assets — hardware, software, data, services, and supporting infrastructure.
Roles and responsibilities
| Role | Responsibility |
|---|---|
| Security Officer | Maintains information and hardware asset registers (review quarterly) |
| Asset owners | Accountable for assets under their control |
Cadence
The information and hardware asset registers are reviewed quarterly by the security officer.
Policy statements
TBD — gap analysis to add: asset inventory format and source of truth, ownership assignment, classification linkage to POL-ENT-004, acceptable use linkage to POL-PPL-002, return on termination, secure disposal.
Related
- POL-ENT-004 Data Classification Policy
- ISO 27001:2022 Annex A.5.9–A.5.11