The way we do things - Procedures

IT Asset Management Policy

Document Status

The status of this document is shown below.

Title IT Asset Management Policy

Version 2.0

Effective Date 21st June 2024

Guideline Owner IT Operations Team

Guideline Sponsor Cyber Security Team

Procedure Approved by Head of Department - Administration

Document History

Version Date Created Author/Title Change Description

1.0 April 2023 IT Operations Team 1. Asset Management Policy

2.0 June 2024 IT Operations Team 1. Updated version of Merged Policies

(Asset Management Policy,
Asset Management System
Procedures, IT Asset Policy,
Media Disposal Policy, System
Maintenance Procedures)
2. IT Asset Allocation (Section 7)
3. Media Disposal (Section 8)
Table of Contents

1. Introduction…………………………………………………………………………………………………….4
2. Purpose…………………………………………………………………………………………………………4
3. Scope……………………………………………………………………………………………………………4
4. Responsibility…………………………………………………………………………………………………..4
5. Procedures……………………………………………………………………………………………………..4
5.1. Process Flow……………………………………………………………………………………………..4
5.2. Login……………………………………………………………………………………………………….5
5.3. Dashboard…………………………………………………………………………………………………5
5.4. Escalation Matrix………………………………………………………………………………………….9
6. Asset Management…………………………………………………………………………………………….10
7. IT Asset Allocation……………………………………………………………………………………………...12
8. Media Disposal…………………………………………………………………………………………………. 13
9. System Maintenance……………………………………………………………………………………………14
1. Introduction

Asset management system (AMS) tool is a system that enables REA India to record all asset related
information such as asset location, type, user, warranty, status, documents, repair history, gate pass,
etc. For all IT endpoints (Windows, MAC, Linux), AMS tool can discover hardware information such
as make, model, serial no., HDD, CPU, RAM etc., and installed software information automatically.

2. Purpose

Asset management system (AMS) tool enables REA India to identify, track, and manage all hardware
and software assets within REA India's network to ensure they are secure and properly maintained.
In addition to enhancing security, asset management also helps to optimize the IT infrastructure,
reduce costs associated with unnecessary software or hardware, and improve compliance with
regulatory requirements.

3. Scope

All people who are engaged with REA India and its subsidiaries & are provided system/application
access for their daily business operations.

4. Responsibility

The procedure owner is responsible for ensuring the procedures are laid down and followed by
the IT Operations team.

5. Procedures

5.1 Process Flow

1. Once the Asset is assigned to the user, then the respective entry is made in the AMS tool.

2. Following this, an auto mail for acknowledgment of assigned asset is sent to the user

3. Upon the User's acknowledgement, the asset will be assigned to the designated status

4. The asset is moved to stock once the IT team receives it back from the user ;

5. Non-working assets are moved in ‘ready to be disposed’ category.

5.2 Login

1. Login into your HRIS and click on My Assets tab under Tools section:

2. Click on Google Sign-in:

3. Login with your Official Google ID and password:

5.3 Dashboard

The AMS includes the following details:

● Name of the Software with version number

● Asset Group
● Asset Sub-group
● Security classification, if any
● Asset Owner
● Location
● Media (if information)
● Date of purchase/installation
● Details of user licenses/ validity/ renewal
● Storage capacity
● Other details, as required.

REA India User Portal - This will show all the assets, Accessories and Licenses allocated to you
1. Assets Dashboard

2. Endpoint Manager:
3. All Assets:

4. My Preventive - This shows the history or any planned health checkup of your allocated
assets.
 5. My Approvals - This is specific for some departments where they can see their pending or
approved approvals.

5.4 Escalation Matrix

For any assistance or support connect with Local IT team or raise the ticket under HRIS Helpdesk tool.

Escalation Name Email Id Mobile No.

Escalation I Nitesh Arora nitesh.arora@housing.com +91 9711493401

Escalation II Nitin Narula nitin.narula@proptiger.com +91 9717704176

 6.Asset Management
The process of compiling an inventory of assets is an important aspect of risk management. IT Operations team
shall create an inventory of all information assets including personal identifiable information needed to conduct good
business operations.

1. Any additions, modifications, transfer of locations, removal, disposal, etc. shall be accounted for in the Asset
Register by the IT Operations team

2. The Asset Register for Hardware shall include the following details:
▪ The asset, uniquely identifiable by serial number
▪ Make & model
▪ Asset Group
▪ Asset Sub-Group
▪ Security classification if any
▪ Asset Owner
▪ Location
▪ Date of installation
▪ Storage capacity
▪ Details of Warranty/ AMC/ Validity/ Renewal
▪ Other details, as required

3. The Asset Register for Software shall include the following details:
▪ Name of the Software with version number
▪ Asset Group
▪ Asset Sub-Group
▪ Security classification if any
▪ Asset Owner
▪ Location
▪ Media (if information)
▪ Date of purchase / installation
▪ Details of user licenses/ Validity/ Renewal
▪ Other details, as required

4. Similarly, the attributes specific to each asset group or sub-group shall be identified and maintained for each
group of assets.

5. For each asset sub-group, details specific to the assets shall be updated in the Asset Register. For example, the
details of a PC should include the make, identification serial number, processor, RAM, drives, etc.

6. All hardware assets purchased except client provided assets and used on client network, shall be labeled with a
unique identification number, and updated in the Asset Register along with its location.
7. The AMS shall be regularly updated for any new installations, movements between locations, additions and
changes made to the hardware.

8. Guidelines for Asset classification (type of asset, purchase date, Capitalize in FAR) and Guidelines for Information
Classification ( Model , make , all the Classification attributes related to assets) shall be considered for
maintenance of Asset Register.

9. Wherever required, the owners (owner stands for IT & Non-IT stands for facility team) of the assets shall
determine the requirement, value and adequately insure the assets. The details of insurance shall be maintained in
the Insurance Register. The insurance shall be updated for any additions to the asset and regularly renewed.

10. All information, data and documents must be processed and stored strictly in accordance with the classification
levels assigned to that information.

11. All information, data or documents based on the classification must be stored using appropriate secure storage
methods

12. Wherever appropriate, confidential information or data shall always be transmitted in encrypted form.

Media Handling and Security

1. The user shall make a request for the media required for business purposes. This shall be authorized by the
Head of the respective Business functions. On receipt of the requisition form on freshservice, the requested media
shall be issued.

2. Where possible media used shall be numbered and labelled using an appropriate numbering convention.

3. The requester of the media is responsible for the data contained in the media and should ensure that unauthorized
data is not stored at all times.

4. All electronic media (both blank and used) shall be stored by appropriate protection that match with the
manufacturers’ specifications.

5. Where the media contains data, the same shall be stored in secured place / cabinets depending on the nature of
information contained therein.

Mobile Computing Devices

4.4.1. Issue and Hand over of Mobile Computing Devices

1. The user shall make a request for a required device for business purposes using a request to the procurement
team for procuring new devices.

2. Equipment shall be numbered and labelled using an appropriate numbering convention.

3. Users will be responsible for maintaining the asset in proper working condition. In case of any issues the same
shall be escalated to IT Operation team.

Transit of Media

1. Creating a gate pass through the asset management tool for any media taken off-premises to ensure
accountability and track the movement of company assets. This process typically involves approvals from both
the IT and Admin teams, ensuring that proper authorization is obtained before the media is removed from the
premises. By implementing this gate pass system, we can maintain control over our assets and reduce the risk
of unauthorized access or loss. Additionally, it helps in maintaining accurate records of asset movements, which
can be invaluable for auditing purposes and maintaining compliance with security protocols.
2. The dispatch of media shall be made through approved couriers or authorized persons only.

7. IT Asset Allocation
The Asset allocation is based on the nature of work. Below is the grid for asset allocation guidelines.

Asset Department(s) Grade

Chromebook Grade 1 - 3
Primary Sales, Broker Upsell, Broker
Acquisition

MacBook
Product, Design, Technology, All Grades
Growth & Marketing

Windows Laptop All Grades

Developer Sales, Key Developer
Sales,

Primary Sales, Broker Upsell, Grade 4 – 15

Broker Acquisition

Rest of all departments All Grades

All L-Team can use any Laptop which will be in stock with the IT Team.

Note: Any exception to the above goes to the HOD (at grade 10 and above) to approve based on business
requirement(s).
Some useful tips on how to take care of your assets and what to do in different situations:

1. Use the asset(s) which is/are assigned to you only for official work and business operations only.

2. Though the asset would be assigned to you while your engagement with the company lasts, it would remain
asset of the organization and must be returned when you exit from the organization or in case of reassignment
of job duties, where some other assets may be assigned to you, or immediately when any official requests for
the same are made.

3. The assets given to you may include software image and any such additional software installed for specific
administrative tasks or specific supported instructional programs. Installation of any other software images or
applications on your laptop is restricted. In case you wish to do so, you must seek authorization for installation
in advance from the IT Operations team by raising the service request on Freshservice Desk and this shall
remain your legal and financial responsibility.

4. Timely reporting of lost or stolen devices is critical for maintaining the security of our organization's information.
Notifying the IT Operations team promptly through the FreshService Desk or sending email ensures that
appropriate actions can be taken swiftly to mitigate any potential risks. Uploading or providing a copy of the FIR
(First Information Report) further aids in documenting the incident and initiating necessary measures. The IT
Operations team will work closely with you to assess the situation, determine the potential security threats, and
implement any necessary security measures to safeguard our organization's data and assets.

5. If the asset is lost due to negligence, then you will be financially responsible to the organization for this loss and
there shall be a deduction of the same from your payroll on a depreciated asset cost basis.

6. In case you do not return the asset assigned to you at the time of exiting the organization, the depreciated value
of the asset will be adjusted from the full and final settlement.

8. Media Disposal

The purpose of media disposal is to safeguard the information systems and prevent unauthorized access to
sensitive information. By restricting access to authorized users only and sanitizing or destroying the information
system media before disposing off or releasing it for reuse, REA India ensures that sensitive information is protected
and not accessible by unauthorized persons. This step is crucial to maintain the confidentiality, integrity, and
availability of the REA's information systems and prevent data breaches or leaks that could result in any
organizational damage.

The disposal of the software should only take place when it is formally agreed that the system is no longer required
and that its associated data files which may be archived will not require restoration at a future point in time.

Erase all data

At the time of hardware disposal, erase all the data on the hardware device. This can be done by using specialized
software(s) designed to wipe the media clean. A signoff shall be taken from Head of Department - Administration
on the IT asset disposal report and on the corresponding mail for removal of data from such media.

Dispose off the media:

Once the media has been destroyed, dispose of it in an eco-friendly way from specialized dealers and recycling
centers.
9. System Maintenance

The purpose of implementing system maintenance process which are both periodic and timely, as adopted by REA
India, is to ensure optimal performance and security of its information systems. By performing regular system checks
and updates at appropriate intervals, the company can prevent issues that could affect the system's functionality
and maintain its integrity. This step is crucial to avoid system downtime, improve system reliability, and protect the
company's information systems from security threats that could result in significant financial and reputational
damage.