DHHS Home Page NC DHHS On-Line Manuals  
     DHHS Manual Home Manual Admin Letters Change Notices Archive Search Index Help Feedback

Previous PageTable of Contents

DHHS POLICIES AND PROCEDURES

_____________________________________________________________________________________________________________

Section X:

Information Technology

Title:

DHHS Information Technology Asset Management and Inventory Control

Current Effective Date:

11/1/09

Revision History:

 

Original Effective Date:

11/1/09

_____________________________________________________________________________________________________________

Purpose

To ensure that the Department of Health and Human Services (DHHS) establishes an enterprise-wide asset management and inventory control system to track and compile statistics of all information technology (IT) hardware and software assets.

Policy

The development and utilization of an enterprise-wide IT asset management and inventory control system will assist DHHS in strategic planning, budget projections and investment management, management of technical infrastructure, continuity planning, disaster recovery and risk management.

Implementation

Roles and Responsibilities

On behalf of DHHS, the Division of Information Resource Management (DIRM) shall research, review and select an IT asset management and inventory control system. The system shall be used to provide a basis for enterprise-wide decision making by senior DHHS leaders, and assist each DHHS division and office in accomplishing its assigned mission, protect its assets and fulfill its legal responsibilities while maintaining day-to-day functions.

The DIRM shall:

DHHS divisions and offices shall1:

The DHHS PSO shall have access to the IT asset management and inventory control system expressly for the purposes of audit, validation and incident response.

The DHHS PSO shall be segregated from the DIRM managed DHHS Information Technology Asset Management and Inventory Control system to provide integrity of audit, validation and incident response processes and to ensure segregation of duties. To assist DIRM in the maintenance of an enterprise-wide inventory record the PSO’s instance of the DHHS Information Technology Asset Management and Inventory Control system shall report inventory to the enterprise system.

Nothing in this policy shall preclude divisions or offices from using the IT asset management and inventory control system for their own purposes.

Guidelines

In order to meet the requirements of DHHS security policies and procedures, each division and officeshall maintain databases and data files, system documentation, user manuals, training material, operational or support procedures, disaster recovery and business continuity plans, and archived information. Critical files must be backed up and stored in a safe location.

The IT asset inventory shall be updated no less frequently than annually and/or as needed to ensure accurate reporting to requesting authorities. Due to requests from other state agencies, more frequent updates may be required.

The IT asset management and inventory shall be implemented in a manner that reduces the duplication of reporting and focuses on capturing the reporting requirements of legislative, state and federal mandates.

All IT inventory discrepancies shall be reported to the Division of Information Resource Management and appropriate division or office for resolution.

Exceptions

Any exceptions to this policy will require written authorization. Exceptions granted will be issued a policy waiver for a defined period of time. Requests for exceptions to this policy should be addressed to the DHHS Privacy and Security Office. The waiver request will be processed in accordance with the DHHS ITS Waiver and Appeals Policy.

Enforcement

The DHHS Privacy and Security Officer shall be the point of contact for issues or questions regarding the ongoing implementation of this policy. However, it is the responsibility of division/office/facility/school management to ensure compliance with the provisions of this policy. Violations may subject a division/office/facility/school to corrective action as identified through audit processes conducted by the DHHS Privacy and Security Office on behalf of the DHHS Office of the Internal Auditor (OIA).

Reference:


For questions or clarification on any of the information contained in this policy, please contact the DHHS Privacy and Security Officer. For general questions about department-wide policies and procedures, contact the DHHS Policy Coordinator.


Previous PageTop Of Page



 


     DHHS Manual Home Manual Admin Letters Change Notices Archive Search Index Help Feedback

1 . In cases where DIRM provides IT support to a Division or Office it shall be the responsibility of DIRM to provide the functions listed below.