Skip to content

Asset Inventory Management

Last Reviewed: 2025-02-17:19:44:43-UTC

You can’t protect what you can’t see. Therefore, it is imperative for APS to maintain an accurate and up-to-date inventory of both its physical and digital assets.

More details on data inventory and data lifecycle management is documented separately in Data Management.

Policy Statements

APS policy requires that:

(a) IT and/or Security must maintain an inventory of all critical company assets, both physical and logical.

(b) All assets should have identified owners and be tagged with a risk/data classification.

Controls and Procedures

Physical Asset Inventory

APS IT leverages a SaaS-based IT asset management system, NetSuite, to maintain inventory of all company owned physical computing equipment, including but not limited to:

  • servers
  • workstations
  • laptops
  • printers
  • networking equipment

Each record includes details of the physical device such as manufacturer, model serial number as well as ownership details and location.

The movement of computing hardware and electronic media is maintained as part of the records, including media re-use and ownership reassignment.

APS IT manager is responsible for ensuring each physical asset is entered into and an up-to-date record is maintained in the IT asset management system.

All company-owned devices are subject to a complete data wipe if deemed necessary, such as in the case of device infection or re-purpose. This data wipe will be carried out by the IT manager. Such a wipe would occur without access to or backup of the system.

Plausible deniability is maintained through the following procedure:

  • When equipment is shipped the full disk encryption (Bitlocker, or other) key is disabled
  • When equipment is unpacked a full disk wipe is performed without backup
  • Upon completion full disk encryption master key is destroyed
  • Latest version of approved operating system is reloaded and updates are performed
  • Unit is entered back into corporate inventory

Digital Asset Inventory

APS Security team uses an automated system to query across our cloud-based infrastructure, including but is not limited to AWS, to obtain detailed records of all digital assets, including but not limited to:

  • Virtual machines
  • AWS EC2 instances
  • AWS S3 repositories
  • AWS Lambda functions
  • Security agents
  • Source code repositories
  • User accounts

The records are stored in a database system maintained by APS security team. Records are tagged with owner/project and classification when applicable. All records are kept up to date via automation.

Paper Records

APS does not use paper records for any sensitive information. Use of paper for recording and storing sensitive data is against APS policies.