5.4 USG Information Asset Management and Protection Standards
Information assets can be defined as:
- All categories of automated information, including, but not limited to, records, files, and data bases; and,
- Information technology facilities, equipment (including endpoints, personal computer systems), and software owned or leased by a USG institution, the USO, the GPLS, or the Georgia Archives.
5.4.1 USG Information Asset Management Standard
Asset inventory is required by State asset management procedures, and is the method by which the USG maintains accountability of the physical computing devices and software purchased with state funds.
18.104.22.168 Scope, Authorization, Enforcement, and Exceptions
Each USG participant organization shall maintain perpetual and up-to-date accountability of all hardware and software (including licenses) acquired with federal or state funds. In the case of shared resource situations among two or more USG participant organizations, the hosting organization shall be responsible for this accountability. All assets shall be recorded in compliance with all applicable state or USG asset management policies and the Official Code of Georgia Annotated section 50-16-160 et. seq. Asset management shall include procedures for accountability throughout the asset’s life cycle from acquisition to decommission, transfer of ownership, surplus, and/or equipment refresh/upgrades.
- USG IT Handbook, Section 5.8, USG Endpoint Security Standard
5.4.2 USG Information Asset Protection Standard
USG institutions, the USO, the GPLS, and the Georgia Archives must provide for the integrity and security of its information assets by identifying all information systems, automated files and databases for which the USG participant organization has ownership responsibility, and ensuring that responsibility for each information system, automated file or database is defined with respect to:
- Owners of the information system;
- Owners of the information within the USG institution, the USO, the GPLS, and the Georgia Archives;
- Trustees and stewards of the information;
- Users of the information; and,
- Classification of information to ensure that each automated file or database is identified as to its information class in accordance with policies and standards.
Note: The definitions of Owners, Stewards, Trustees, and Users are covered in Section 9, Data Governance and Management Structure, of this Handbook.
Return to Top