IT Asset Control Standard
Date of Current Revision or Creation:ÌýDecember 1, 2021
The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion 91¶ÌÊÓƵ Information Technology policies, other 91¶ÌÊÓƵ policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.
Purpose
The purpose of this standard is to define the requirements of the information technology asset control used by Old Dominion 91¶ÌÊÓƵ.
Definitions
COV ITRM Standard SEC 514-03 is the Commonwealth of Virginia's Information Technology Resource Management - Removal of Commonwealth Data from Surplus Computer Hard Disk and Electronic Media Standard.
Information Technology Assets are any 91¶ÌÊÓƵ-owned information, system or hardware that is used in the course of business activities.
Property Control is a unit under the Department of Procurement Services responsible for equipment and computer disposal at the 91¶ÌÊÓƵ.
Standards 91¶ÌÊÓƵment
Before electronic media or information technology assets are surplused, transferred, reassigned, traded-in, disposed of, or replaced, released or no longer in use by Old Dominion 91¶ÌÊÓƵ, all data must be completely erased or otherwise made unreadable in accordance with the Commonwealth of Virginia's
Failure to effectively remove the Commonwealth data could result in a violation of laws and regulations including but not limited to the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), The Family Educational Rights and Privacy Act (FERPA), IRS 1075.
General data removal steps and acceptable data removal methods are outlined in the COV Standard. 91¶ÌÊÓƵ procedures are available through Information Technology Services. Property Control policy requires the Budget Unit Director to certify that data on hard drives has been removed or cleaned to meet 91¶ÌÊÓƵ requirements.
Procedures, Guidelines & Other Related Information
- Federal and 91¶ÌÊÓƵ Law
- 91¶ÌÊÓƵ Policy 3505 Security Policy
- Equipment Turn in Transfer Work Order Form
- Security Awareness Training
History
| Date | Responsible Party | Action |
| October 2008 | ITAC/CIO | Created |
| October 2009 | ITAC/CIO | Reaffirmed |
| October 2010 | ITAC/CIO | Reaffirmed |
| October 2011 | ITAC/CIO | Reaffirmed |
| October 2012 | ITAC/CIO | Reaffirmed |
| December 2012 | IT Policy Office | Minor rewording for clarity; Link updated; departmental name update; Numbering revision |
| August 2015 | IT Policy Office/ISO | Three year review; alignment with COV ITRM Standard SEC514-03 and ODU procedure. |
| August 2018 | IT Policy Office/ISO | Definitions and links checked |
| December 2021 | IT Policy Office | Definitions and links checked |