Day 32 — Bringing in the New Year

OK, so I’m pretty boring these days — blame COVID :). Today I continued my work toward HIPAA Compliance with building out our Asset Inventory.

Asset management is the collection of processes that relates to how you track and protect the data you care about. “Asset” is a broad concept–it is often used to describe any thing of value to an organization that requires some level of protection (including people). But when we talk about “asset management,” we are usually referring to protecting our data and the systems they are stored on, processed by, or transmitted through.

Similar to our vendor assessment from the last couple days, the asset inventory is critical to our information security, as we use a lot of 3rd party tools to store, process, and transmit our data.

Today’s Problem to Solve

Our software asset inventory includes the following:

  • Applications
  • SAAS
  • Databases
  • Code Repositories

For each of these, I needed to identify the following information (based on our policy for asset management):

  • the name of the asset;
  • the owner of the asset;
  • a description of the asset;
  • the purpose of the asset;
  • the asset’s status (including whether Active or Inactive);
  • the highest classification level of the data that the asset will store, process, or transmit;
  • the impact on our organization if we were to lose the use of the asset;
  • the impact that we would suffer if we were to lose the confidentiality, integrity, or availability of the asset (or its data);
  • the asset’s business-continuity properties (Maximum Tolerable Downtime, Recovery Point Objective, and Recovery Time Objective), if applicable; and
  • the workforce members and teams that are authorized to access the asset.

None of this is hard work, it’s just really, really tedious.

The Results

It turns out we use a lot of software! Here’s how it breaks down:

Asset Management for our Software

I build this out in a spreadsheet formatted to answer the questions identified above. Here’s a sample:

Asset Inventory Spreadsheet

Repeat this 60 times and the software asset inventory is (basically) complete.

What’s Next?

We need to make some changes to some of the systems in our asset inventory, specifically what type of data we’re storing in them. We also need to make sure we have appropriate access controls to them so that only authorized users have access.

Happy New Year!

--

--

--

Startup founder surviving in his parent’s basement.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Gauntlet Update: March 25th, 2022

MemoryLess the new ServerLess

Watson Assistant just got connected!

Data Binding in Blazor

Performance Tuning Tips

ANSIBLE ROLES TO

Software Testing Life Cycle (STLC) | Testbytes

Must Read DevOps & SRE Books for all Engineers

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Bob Weishar

Bob Weishar

Startup founder surviving in his parent’s basement.

More from Medium

Understanding Mergers and Acquisitions — How good are they for a company?

5 Easy Ways to Activate Disengaged Customers for the F&B Industry

How to become an Evangelist?

5 Reasons Why You Should Delegate Business Tasks to Magic