It can happen to the best of us. Asset management is not easy. There are so many important features to track? How can you tell you are tracking them all. It would be easy if you could start today, knowing what you know now. Every asset that came in would be entered into your asset-tracking system when the requester, the project manager or systems engineer, put together the request for the hardware or software. All the details of the approved hardware or software would be logged in the asset-tracking database, for instance OTRS, an open-source ticketing system with asset-management built in. Any support agreements and the scope of the agreements would be entered, and the system would automatically alert the proper person in your organization when the support contract came up for renewal, so you never discovered that the service contract had expired three days before your hardware crashed. You would have answers for the PCI DSS auditors about those support contracts at any time, because you had those details at your fingertips all the time. Finally, you would be able to set up an alert when the software or hardware was going to go end of life or when it had reached end of standard support. You might even set the alert to give you time to replace the obsolete software or hardware before it had reached EOL. What a great world that would be.
Possibly, you don’t live in that world, but there is no time like the present to move there. With two weeks left in December, you have time to install OTRS and have key staff members learn the software, so you can start inputting all invoices and purchase orders in OTRS and as old hardware finaly falls over, and you replace it, that new hardware goes into the new OTRS database. Over the course of about three years, (the average refresh rate for hardware), you have all or most of your hardware and software entered into OTRS. If there are a few pieces left out after that time, you can just enter them in as you have time.
For help with implementation of OTRS, Atlanta Cloud Services can give you OTRS-trained workers to go through your inventory, enter the details into the system and train your staff to use OTRS.
Some neat features of OTRS, related to security audits, are the organization of OTRS by asset as well as by the people who touched tickets related to the assets and also the business units that own or use the asset. If you use this system to synchronize patch cycles and updates, each time a vulnerability is found, it will be associated with the asset. When you fix the vulnerability, the asset is also updated. You can search the OTRS database by any field in the ticket, including the unstructured description and notes fields.
If you have been having difficulty finding details about the EOL dates of various vendors’ products, check out the information collected at http://sourcefreedom.com/eol-operating-systems-etc/
If you want to try out OTRS, click here to go to their downloads page.