Asset management; data and devices
Purpose
If you don’t know what components (both material and immaterial) are within your digital environment, you can’t protect them. To keep your systems and data secure, it is important to track the various components of your projects so that you can be aware of the risk inherent in your work.Â
Audience
researchers Admin staff IT staff
On this page
Initial considerations
Visibility is key to developing an asset management strategy.
Meet with all members of your team to determine what data, devices, software, backups, and services are in use.Â
Determine your data's classification.
Classifying your data is an important step in understanding the risks associated with your data.
Research data inventory
Generic research data inventory template available. Please download the file for full functionality.
What can I do?
The examples provided below should not be considered exhaustive, nor should they be considered the minimum required for a strong asset management strategy. What is important is gaining visibility into what you have and keeping it up to date.
Devices
List all devices that are part of or connect to your research system, this can include servers, desktops, laptops, mobile devices, scientific instruments, peripheries (printers, scanners, etc.), other embedded systems, IoT (Internet of Things) devices (cameras, sensors, etc.), removeable media, etc.Â
Assign an owner and secondary owner to each device. These individuals are responsible for the use, upgrading, and eventual decommissioning of the device.Â
Note where in the device's lifecycle it currently is, flagging if replacement or upgrades are required.Â
Data
List the types of information/data you are working with and their data classification.
Map these data types to the various devices that house them.
Assign an owner and secondary owner to each data type. These individuals are responsible for accessing, using, and eventual destroying or archiving of the data.Â
Software
List the various operating systems, drivers, software tools, and suites your research team uses.
Map these data types to the various devices that house them.
Assign an owner and secondary owner to each piece of software. These individuals are responsible for use, upgrading, and eventual decommissioning of the software tool.Â
Backups
List the types and locations of backup that you have.
Assign an owner and secondary owner to each backup type. Be sure they are adhering to a (ransomware) resilient backup strategy.Â
Services
List what services your research team and system uses.Â
Assign an owner and secondary owner to each service. These individuals are liaising with these services.Â
Search
Additional help
General
Data Asset Inventory - Guidance (sharepoint.com)
Contact us | Information Security (IS)
Researchers
Research Data Management | University of Toronto Libraries
Research Information Security - Information Security at University of Toronto