Asset Management Policy
Version: 5.3.2 | Effective Date: April 1, 2021
- Document Created: March 8, 2021
- Last Reviewed: December 10, 2024
- Next Review Date: December 2025
- Approved By: Chief Technology Officer
- Policy Owner: Security Officer
2.1 Purpose
This Asset Management Policy establishes comprehensive requirements and procedures for identifying, classifying, tracking, protecting, and managing Blue Whale Apps’ information technology assets throughout their complete lifecycle from acquisition through secure disposal.
2.2 Scope
This policy applies to all information technology and information-bearing assets owned, leased, or managed by Blue Whale Apps, including:
- Hardware assets: servers, workstations, laptops, mobile devices, network equipment
- Software assets: operating systems, applications, licenses
- Data and information assets: databases, repositories, documents
- Supporting infrastructure
2.3 Policy Statements
2.3.1 Asset Inventory and Documentation
Blue Whale Apps maintains a comprehensive, accurate, and current inventory of all assets within policy scope through a configuration management database (CMDB) documenting:
- Unique asset identifier
- Type and specifications
- Assigned owner and custodian
- Location
- Classification level
- Acquisition information
- Operational status
2.3.2 Asset Classification
Assets are classified as:
- Critical: essential to operations
- Important: supporting operations
- Standard: general business use
Classification determines security controls, backup frequency, recovery priority, and handling requirements.
2.3.3 Asset Lifecycle Management
Assets are managed through procurement, deployment, operation and maintenance, and retirement phases with appropriate security controls at each stage.
2.4 Compliance
This policy supports compliance with:
- ISO/IEC 27001:2022 (A.5.9, A.5.10, A.8.1, A.8.2, A.8.3, A.8.10)
- ISO/IEC 20000-1 Service Asset and Configuration Management
- SOC 2 Type II Trust Services Criteria (CC6.5, CC7.2)