A critical role in meeting federal regulations.
While asset management might not seem to have an obvious role in meeting federal regulations like HIPAA and SOX, there are serious risks associated with unprotected and unmanaged dataespecially data that entails sensitive employee or customer information. "Data security is becoming a very big problem in the U.S. and worldwide," says Gartner's Heine. Companies that do not protect personal medical records under HIPAA face fines of $250,000 and executives face up to ten years of prison time. Under Sarbanes-Oxley, firms that do not rapidly report events such as security breaches face harsh financial penalties and their executives face possible imprisonment. And if passed by Congress this year, the Notification of Risk to Personal Data Act (which was based on a similar California law) would fine companies $25,000 per day for failing to notify customers of a data security breach.
All of this can be avoided with some quality IT asset management, Heine says, because IT managers need to know the types of data that are stored on each piece of hardware. "Let's say you have a server with some confidential client information, and you disconnect it, but don't dispose of it properly," he says. "That puts you out of compliance with protecting data. You can't just throw old equipment into a Dumpster. So knowing what you have, and having the paper trail to show that you have disposed of it properly, is a very important part of asset management."
Navigant's Klingensmith says the disposal of old equipment is extremely important in his business, and something that his asset management software helps manage. "In our line of work, there's a lot of credit card numbers, so it's extremely important that those things get scrubbed out properly," he says. And with more than 5,100 employees and 1,000 locations across the globe, Klingensmith says his asset management software is "one of the most missioncritical products we have in IT."
This article was originally published on 06-05-2005