University of Saskatchewan

Financial Services (FS)

Guidelines & Procedures

Asset Control Guideline

(The board of governors approved policy can be found at http://www.usask.ca/university_secretary/policies/index.php)

Asset Control Procedures - Tracking and Repurpose

Purpose

The Asset Management Policy establishes principles that enable the university to effectively manage its assets. This procedure document provides guidance for inventory control processes related to tracking capital assets (excluding furniture and Library  acquisitions for additions to the Library collections) that have a useful life expectancy greater than one year and an original cost of $1,000 or more.

Responsibilities

Deans, Department Heads, and other heads of University colleges/departments/units are responsible for effective and efficient stewardship of assets in accordance with these tracking and repurposing procedures.

Members of the university, as part of ensuring appropriate use of, and safeguarding of, university assets under their control, are responsible for tracking and repurposing assets in accordance with these procedures.

Procedures

  1. Purchases
    Purchases must be coded to appropriate account codes as established in the university financial system.
    All assets required to be inventoried must display a University of Saskatchewan capital asset inventory tag.
    • The Equipment Inventory Clerk sends capital asset inventory tag and Asset Record Form to units.
    • Units must place the tags on assets, complete the Asset Record Form and return the form to the Controller’s Office.
  2. Repurposing
    Efforts to maximize the effective life of a surplus asset across the university must be explored as follows:
    • Internal transfer of assets is only permitted between university units; assets may not be transferred externally to students, faculty, staff, or members of the public.
    • Any changes in location or ownership of capital assets must be reported to the Controller’s Office.
      • Units must notify the Equipment Inventory Clerk in Controller’s Office (fs.capitalassets@usask.ca) that an asset has transferred between units.
      • The Equipment Inventory Clerk will update the Capital Asset Management System.
      • If there is also a transfer of funding associated with the transfer of the asset, a journal voucher must be prepared to debit and credit the same expenditure account code (within the 77xxx) range.
      • The equipment inventory clerk will record the asset, and use the journal voucher transactions to update the funding source of the asset
      • The unit acquiring the asset assumes all costs related to the equipment asset after it has been transferred.

Definitions

Any definitions listed in the following apply to this document only with no implied or intended institution-wide use.

Surplus Assets

Assets that are no longer of use to a unit, college, division or the University in general, due to obsolescence but which still are in working condition and which may be utilized elsewhere on campus.

Related Procedures

Contact Information

Contact Person: Equipment Inventory, Controller's Office, Financial Services
Phone: 306-966-4610
Website: http://www.usask.ca/fsd/

Asset Control Procedures - Disposal and Write-Off

Purpose

The “Asset Management Policy” establishes principles that enable the university to effectively manage its assets. This procedure document provides guidance for disposal and write-off processes related to asset management.

Responsibilities

Departments cannot dispose of any asset independently except by written approval of the Vice-President (Finance and Resources).

The Controller, Financial Services, is authorized to write off the value of university assets, excluding cash shortages, provided that the book value of each asset does not exceed $10,000, and cash shortages provided that the amount does not exceed $1,000. The Associate Vice President (Financial Services) is authorized to write off the value of university assets in excess of the authorized limits of the Controller, Financial Services.

Information and Communication Technology (ICT) is responsible for ensuring all data, confidential information and site-licensed software have been removed from computer hard drives and other data storage devices before disposal – see Data Scrubbing Procedure (insert link)

Procedures

  1. Disposal of Capital Assets
    1. Request Disposal of Capital Assets
      1. The unit must complete a Declaration and Disposal of Capital Assets form.  The department information section must be complete with descriptions, serial number, equipment inventory number and appropriate authorization. 
      2. The completed Declaration and Disposal of Capital Assets Form must be approved by the Dean, Chair or Director of the unit.
      3. Forward a copy of the disposal form to Facilities Management – Logistics Management and retain a copy for unit files
      4. If disposing of computers, smartphones, tablets, hard drives or other data-containing assets, the unit must adhere to the Secure Data Removal Procedure, published and maintained by ICT.  It is recommended that assistance be sought from ICT or local IT support personnel in carrying out this procedure.  Note: All computer equipment must be accompanied with a completed Capital Asset Data Removal Assurance Form.
    2. Disposal of Capital Assets
      1. Facilities Management – Logistics Management  disposes of capital assets, including the write-off of valueless capital assets, as follows:
        1. Coordinates removal of asset (removal costs may apply)
        2. Determines method of disposal (i.e. tender, auction, scrap recycling, Sarcan/epra etc.)
        3. Disposes of asset
        4. Forwards the capital assets disposal forms to Financial Services for processing
      2. Generally, proceeds (if any) from the sale of capital assets are negligible and are retained by the institution to offset the cost of disposal.
        If the unit expects that proceeds from the sale of capital assets (such as specialized equipment) or scrap will be significant, the unit may contact Facilities Management - Logistics Management  to request that sale proceeds, net of FMD disposal costs, be credited to the unit (account code 59005 must be used for the proceeds).
        If the equipment was purchased from restricted funds, any sale proceeds will be allocated as specified by donor/sponsor terms and conditions (account code 59005 must be used for the proceeds).
  2. Write Off of Valueless Assets, excluding Capital Assets (see above)
    1. A Request to Write Off Valueless Assets form must be completed and forwarded to the Controller, Financial Services
    2. All requests must be accompanied by sufficient detail to support the request and to identify the specific asset involved
    3. All requests must be accompanied by an appropriately completed journal voucher to charge the book value of each item back to the department or unit making the request.
    4. All journal vouchers must be coded to the appropriate account code in the UofS financial system.
    5. Units are responsible for any costs associated with physical disposal of non-capital assets. For identifying appropriate disposal methods for non-hazardous assets, contact the Office of Sustainability.  For disposal of hazardous assets, contact Safety Resources.

Definitions

Any definitions listed in the following table apply to this document only with no implied or intended institution-wide use.

Capital Assets

Purchased and constructed assets with a useful life longer than one year and with a value greater than $1,000 (if individually capitalized; if capitalized as a pool the individual item value may be less than $1,000). Examples include land, buildings, equipment, vehicles etc.

Valueless Assets

Assets that no longer have a value. Examples include obsolete inventory, uncollectable accounts receivable and cash shortages.

Related Procedures

 

Asset Control Procedures – Secure Removal of Data

Purpose

The “Asset Management Policy” establishes principles that enable the university to effectively manage its assets. This procedure document provides guidance for the secure removal of data from assets being disposed of.

Secure removal of data from university assets is a necessary step before repurposing or disposing of these assets.  Disposing of assets without following this procedure can lead to the unauthorized disclosure of personal, financial, academic, employment and/or medical data.  Disclosures of this sort can lead to serious reputational or financial damage for the university.

Software installed on university assets is often licensed solely for use within the university, by university employees or students.  Some license agreements restrict software use to a particular college, administrative unit, or individual.  Repurposing or disposing of assets without removing this software often violates these agreements and may expose both the university and asset recipient to liability.

Responsibilities

As outlined in the Asset Management Policy:

Information & Communication Technology – Access, Compliance & Security is responsible for the maintenance of standards for securely removing data from assets being disposed of or repurposed.

Information & Communication Technology – Unit IT Services is responsible for applying these standards to assets being disposed of, or providing assistance to college and unit-level IT support personnel in applying these standards.

PROCEDURES

Important Considerations:

Prior to disposing of any asset containing data, it is important to consider whether any or all of the data needs to be backed up or retained for future use.  Consult with ICT Unit IT Support or your local IT support if you are unsure.

ICT strongly recommends that end-users do not undertake securely removing data themselves.  The process can be lengthy, may require specialized software, and is often highly complicated.  Any mistakes made can leave sensitive data intact, while giving the appearance of successful removal.

The ICT Service Desk is not trained and does not offer support for people attempting to securely remove data from a university asset.  It is recommended that you contact ICT Unit IT Services or your local IT support for assistance with secure removal of data.  Beyond the basic guidance below, ICT does not publish detailed instructions for performing this task, due to its complexity and variability, given the diversity of assets used within the university.

Assets awaiting processing under these guidelines should be securely stored, in a locked office, closet or drawer and should not be left unattended in a public space.  Processing for surplus assets containing data should be arranged for promptly, following their removal from service.

Computer Hard Drives:

Reformatting most types of computer storage (e.g. the "format" command in Windows) does not actually overwrite all stored data.  Basic formatting is analogous to removing labels from the folders in a file cabinet, without empting the folders themselves.  To securely remove data, the entire storage medium must be overwritten with new data – ideally randomized.

For traditional magnetic/spinning hard drives, secure removal of data is possible using software tools such as DBAN (Darik’s Boot and Nuke).  These tools overwrite the entire contents of a hard drive with random patterns, rendering all data securely removed.  This process is non-destructive to the physical hard drive, and allows the asset to be repurposed or used following disposal.

In cases where software is unable to securely erase a hard drive, physical destruction is the other acceptable way to securely remove data.  This includes degaussing, incinerating, crushing or shredding.  Physical destruction of hard drives requires specialized equipment and is best left to qualified professionals.

Increasingly, computers are equipped with Solid State Drives (SSDs), which use non-moving, non-magnetic technology to store data.  Securely removing data from these drives is a more complex process, as general-purpose tools such as DBAN are unable to overwrite all areas of the drive.  Manufacturer-specific tools are often available for this purpose, but will likely require IT support personnel to operate.  In some cases, physical destruction is the only way to securely remove data from these types of drive.

Some computer systems support “whole-disk encryption”, where all data written to a hard drive is first encrypted with a unique key.  For systems where whole-disk encryption has been used, securely erasing this unique key may be sufficient to render all data on the hard drive permanently unreadable.  In this case, the data may be considered securely removed.   If you are uncertain whether or not your computer has whole-disk encryption enabled, contact ICT Unit IT Services, or your local IT support personnel.  IT support personnel are encouraged to enable whole-disk encryption when deploying new systems, to facilitate the secure removal of data when systems reach their end-of-life.

Mobile Devices (Smartphones, Tablets):

Mobile devices, such as smartphones and tablets, also contain data that must be securely removed prior to repurposing or disposal.

All Apple iOS devices (iPhone, iPad, iPod Touch) make use of whole-disk encryption by default.  Performing a factory reset on an iOS device will securely erase the unique key and generate a new one, effectively removing all prior data.  If you wish to securely repurpose or dispose of an iOS device, perform this reset by opening Settings / General / Reset and selecting Erase All Content and Settings.  Be sure to have backed up any important data (e.g. photos and videos) prior to this reset.

Android and other mobile devices can be more complex to securely remove data from.  Performing a factory reset may not securely remove all data from the device.  Please contact ICT Unit IT Services or your local IT support personnel for assistance, if you wish to repurpose or dispose of a non-Apple mobile device.

Other Media (tapes, diskettes, CDs, DVDs, USB devices):

Other physical media, such as tapes, diskettes, CDs, DVDs or USB drives must be physically destroyed when being disposed of.  Please contact ICT Unit IT Services or your local IT support personnel for assistance.

Exceptions:

All requests for exceptions to this procedure must be approved by ICT Access, Compliance & Security.  Please make exception requests to ict_security@usask.ca

Related Procedures

Related Links