1. Policy Statement

Quincy College is dedicated to protecting its assets and ensuring efficient, secure, and compliant management of all accounts and resources. To this end, the College will establish and maintain a comprehensive Asset Management Policy to ensure all assets are inventoried, managed, and safeguarded in alignment with regulatory standards and internal security requirements.

2. Objectives

  • Ensure a formalized, defined, and circulated Asset Management Policy.
  • Maintain an accurate inventory of all accounts and assets managed by Quincy College.
  • Mitigate risks associated with asset management, including increased attack surface, compliance violations, data breaches, and ineffective incident response.

3. Scope

This policy applies to all physical and digital assets managed by Quincy College, including hardware, software, data, and accounts.

4. Roles and Responsibilities

  • Executive Vice President: Provides overall oversight and ensures that the policy aligns with the college's mission and strategic goals.
  • Vice President of Mission Support: Leads the policy implementation team, coordinates efforts, and ensures compliance with policy requirements.
  • Vice President of Finance: Ensures that financial aspects of asset management, including budget considerations and financial risks, are managed effectively.
  • IT Manager: Manages the technical aspects of asset management, including the assessment of asset security measures and integration with college systems.
  • IT Analyst: Supports the IT Manager in conducting security assessments, monitoring asset activities, and ensuring technical compliance.
  • Capital Resources & Building and Operations Manager: Ensures that physical and operational aspects of asset management are addressed, particularly in areas related to campus facilities and infrastructure.

5. Asset Inventory Management

  • Maintain an up-to-date inventory of all assets, including hardware, software, data, and accounts.
  • Regularly review and update the inventory to reflect any changes in asset status or ownership.
  • Implement a centralized system for tracking and managing assets to ensure accuracy and accountability.

6. Asset Classification and Prioritization

  • Classify assets based on their criticality, sensitivity, and value to the college.
  • Prioritize management and protection efforts based on asset classification.

7. Access Control

  • Implement strict access controls to ensure that only authorized personnel have access to critical assets.
  • Utilize multi-factor authentication and regular access reviews to maintain security.

8. Monitoring and Auditing

  • Conduct regular audits of assets to ensure compliance with the Asset Management Policy.
  • Monitor asset activities for any signs of unauthorized access, misuse, or security breaches.

9. Incident Response

  • Establish procedures for responding to security incidents involving assets. See Incident Response (IR) Policy for detailed procedures.
  • Ensure staff are aware of their responsibilities in the event of an incident, including timely reporting and cooperation with the incident response team.

10. Training and Awareness

  • Provide training for all stakeholders involved in asset management, including the IT Manager, IT Analyst, and department heads.
  • Regularly update training materials to reflect changes in the policy and regulatory requirements.

11. Review and Updates

  • Conduct an annual review of the Asset Management Policy to ensure it remains current and effective.
  • Update the policy as necessary to address emerging threats, changes in regulatory requirements, and lessons learned from incidents.

Original: July 2024