“Do You Feel Lucky, Punk?”
I admit, having a clean safety record when I was in the business, involved lots of awareness and a little bit of luck. Unfortunately, not everyone is blessed with luck.
To run safe jobs, our crews have to be constantly aware of their surroundings (above, below, and around). Things can change in an instant, and it only takes a moment of inattention for bad things to happen. OSHA (Occupational Safety and Health Admin.), www.osha.gov, Washington, D.C., refers to the “fatal four” (falls, electrocutions, “struck by object,” and “caught in-between”) that account for approximately 60% of construction worker injuries/deaths. Being aware of risks and managing risk factors is key to our staying in business.
I would like to introduce a class of assets you may have overlooked—that we depend upon and supports our business. I invite you to look beyond the “obvious” equipment and systems you see every day and take a wider view of “IT asset.” Does your view incorporate your current and anticipated plans for cloud computing, outsourcing, and mobility?
Besides documenting what IT assets you own/lease, have you documented how these assets support your business’ strategic data and decisions, the type of data they support, and the extent to which this infrastructure supports or detracts from your ability to enable business change?
Could you be “tempting fate” by underestimating the potential for business interruption attributable to a technology failure (yours or a third-party provider)? Do you currently have an up-to-date written and integrated view of all of your company’s technology assets, enabling you to quickly identify a critical asset’s location, importance to the operation, and support the need to assess the data risk if an asset becomes compromised or lost?
Creating an IT asset plan: Is it a big task? Certainly! Necessary? Absolutely! Or if you feel you don’t need one, as Clint Eastwood might say, “Do you feel lucky, punk?”
It’s really too important to leave to chance. Our network today connects our current infrastructure to the expanding the community of stakeholders (owners, architects, engineers, financiers, etc.), and the complexity of our systems is growing by the day. Precious time can be lost researching a data breach, quirk, or failure in the system. Do you know what/where everything is?
Where do you start? I’d recommend create a database for each “class” of technology you use (LAN, WAN, desktops, servers, printers, mobile devices, network appliances, Wireless.) Next, for each class, describe each of the asset types in detail. For example, for the mobile device “class” you’d want to include each of your USB devices, cellphones, laptops, PDAs.
Then, for each device you’ve listed describe the manufacturer, model, serial number, owner, contact info, location, asset tag, date put into service, warranty details, so you get the idea when the device was checked out, and checked in.
Finally, describe whether this device processes sensitive data. You should document the critical business functions that this asset supports. It can take several months of dedicated effort to pull this together, and once assembled, needs to be maintained, but given the potential business and legal exposures of not having this area under control, ask yourself “Is this a risk that I’m willing to take?”
Jim Kissane is a retired construction industry veteran, having served the design/construction industry for more than three decades. He can be reached at email@example.com