Asset Inventory Management Standard
How we track, manage, and secure our IT assets, including hardware, cloud resources, and software licenses.
Asset Inventory Management
| Field | Value |
|---|---|
| Document ID | STD-002 |
| Classification | Internal |
| Owner | CTO (interim CISO) |
| Effective Date | April 2026 |
| Review Cycle | Annual |
This doc explains how we track and manage all IT assets across the organization, including hardware, cloud resources, software licenses, and data assets.
What We Track
| Category | Examples | Tracking Tool |
|---|---|---|
| Hardware | Laptops, monitors, mobile devices, networking equipment. | Freshdesk |
| Cloud Resources | GCP projects, compute instances, databases, storage buckets. | GCP & AWS Consoles |
| Software Assets | SaaS subscriptions (Google Workspace, Slack), licensed tools. | License tracker / Freshdesk |
| Data Assets | Production databases, S3 buckets with customer data. | Cloud Console + internal register |
Asset Classification and Criticality
The organization identifies critical assets based on their sensitivity and importance to business operations:
Criticality Assessment Criteria
- Business Impact: Assets essential for core business functions (trading systems, customer databases)
- Data Sensitivity: Assets containing sensitive customer data, financial information, or regulatory data
- Regulatory Requirements: Assets subject to SEBI, IRDAI, or other regulatory compliance
- Operational Dependencies: Assets whose failure would significantly disrupt business operations
Asset Categories
| Category | Examples | Classification Rationale |
|---|---|---|
| Critical | Production databases, trading platforms, customer data | Essential for business operations, high sensitivity |
| Important | Development systems, internal tools, backup infrastructure | Supporting business functions, moderate sensitivity |
| Standard | Employee laptops, office equipment, non-sensitive applications | General business use, low sensitivity |
This classification helps prioritize security controls, monitoring, and resource allocation based on asset importance and sensitivity.
Asset Lifecycle
Procurement & Assignment
- A request for a new asset is raised via a Freshdesk ticket and approved.
- The asset is purchased, tagged with a unique ID, and registered in our inventory.
- It is then assigned to an employee, who acknowledges receipt. The asset register is updated.
Hardware Asset Tracking
Each hardware asset in our inventory includes:
- Unique Asset ID: Every device receives a unique identifier for tracking ownership and lifecycle management.
- Employee Assignment: Clear mapping of which device belongs to which employee.
This enables the admin team to know exactly whom each device belongs to through the unique asset ID system.
Offboarding & Disposal
- When an employee leaves, HR notifies the IT Admin.
- All hardware is collected, and all cloud and software access is revoked.
- The data on returned devices is securely wiped before the device is reassigned.
- Assets at the end of their life are disposed of according to our Technology Equipment Disposal Policy (POL-021).
Cloud Resource Inventory
GCP (Primary Cloud)
- Organization: Projects are organized by environment (production, staging, development).
- Labeling: All resources are tagged with
team,environment,service, anddata-classification. - Access Review: IAM permissions are reviewed quarterly.
- Cleanup: We regularly identify and decommission unused resources.
AWS
- Services Used: We primarily use AWS for SES (email), CloudFront (CDN/WAF), and S3 (storage).
- Access Control: IAM roles are configured with the principle of least privilege.
Software License Management
We maintain a central inventory of all our SaaS and software subscriptions. We track the vendor, license count, cost, and renewal date. The IT admin team conducts a quarterly review to reclaim unused licenses and optimize costs.
Periodic Review & Audit
| Review | Frequency | Owner |
|---|---|---|
| Hardware Inventory Verification | Semi-annually | IT Admin |
| Cloud Resource Audit | Quarterly | SRE Team |
| Software License Review | Quarterly | IT Admin |
| Data Asset Classification Review | Annually | Security Team |