Laserfiche WebLink
3. Redeployment of Assets (Status: In Process) <br /> Recommendation: Was recommended that once the IT asset manager position has been <br /> established, DIT should implement a process to identify redeployable assets and to establish <br /> County-wide formal written redeployment procedures to retrieve computers and software <br /> licenses that were installed on computers that were replaced or idle for an extended period of <br /> time. The redeployment of computers and software licenses is often cost effective, minimizes <br /> unnecessary purchases, reduces over purchasing of assets and reduces data security risks. <br /> Response: DIT continues efforts to utilize assets capable of supporting user requirements and <br /> aligning with established security requirements. The Coronavirus pandemic required DIT to <br /> quickly adjust to work reassignments and this caused some assets to fall out of compliance for <br /> redeployment. <br /> 4. Leasing <br /> Recommendation: Recommended that DIT continue to evaluate leasing as an option to procure <br /> computers and software licenses for the County. <br /> Response: Agree with recommendation and implementation of leasing. <br /> 5. Centralized Management System (Status: In Process) <br /> Recommendation: Recommended that DIT track users in a centralized database. Not tracking <br /> users in a centralized database may increase the County's security exposure since DIT may not <br /> be able to determine if computers are in use or locate assets. In addition, DIT may have difficulty <br /> holding employees accountable for the protection of assets and inappropriate activities. Unused <br /> computers are candidates for redeployment and may unnecessarily consume software licenses. <br /> From a software compliance perspective, software end-user licensing agreements can be tied to <br /> users instead of computers, and DIT may not be able to determine the appropriate license counts <br /> without knowing the assigned users. The fixed assets inventory system is not accessible to DIT <br /> and the automated network and software inventory system is not used to track the user. <br /> Therefore, we recommend that once the IT asset manager position is established, DIT should <br /> implement a plan to identify a centralized database that has the ability to track users whether it is <br /> the fixed assets inventory system, the automated network and software inventory system, or <br /> another IT asset management inventory system. After a product has been identified, the IT asset <br /> manager should implement County-wide written procedures to centrally track users for all IT <br /> assets. <br /> Response: The majority of software licenses have been migrated from device assignments to <br /> being assigned to users. User tracking will need to account for all device and license types as <br /> some employees have stationary assets in their office environment, and also have mobile assets <br /> which will require additional tracking of the asset and software associated. <br /> To aide DIT in tracking users, we need assistance from all County departments to timely notify <br /> DIT of employee changes. <br /> County of Hawaii is an Equal Opportunity Provider and Employer. <br /> IT Asset Management Follow-up Audit Department Response 06 <br />