Home Compliance & Certification Hardware Asset Onboarding Authorization Form Guide

Hardware Asset Onboarding Authorization Form Guide

Last updated on Sep 25, 2025

1. Purpose of this Guide

This artefact demonstrates that your company has a formal process for introducing and retiring IT assets. Cyber Essentials requires this because assets (like laptops, servers, or phones) need to be approved, tracked, and securely removed — not left floating around where they could pose a risk.

2. What You Will Submit

You will need:

  • Your documented Asset Onboarding and Removal Process (policy or procedure).

  • It should cover:

    • How new assets (e.g. laptops, phones, software licences) are requested and approved.

    • How asset details are recorded (e.g. make, model, serial number, assigned owner).

    • The authorisation workflow (who signs off).

    • How decommissioned assets are securely removed (data wiped, hardware recycled, accounts closed).

  • (Optional but strong): Example forms (like your Hardware Asset Onboarding Authorisation Form) showing real approvals.

3. How to Collect / Obtain / Generate This Evidence

  • If you already maintain this process:

    • Export the policy/procedure to PDF or Word.

    • Include references to the forms/templates you use (e.g. onboarding authorisation forms, removal checklists).

  • If you don’t have one yet:

    1. Start with the Asset Onboarding and Removal Process Template provided in StrongKeep.

    2. Document the steps for:

      • Onboarding: request → approval → record entry in asset inventory.

      • During lifecycle: periodic review of ownership and use.

      • Removal: manager request → approval → data sanitisation/disposal → update inventory.

    3. Attach or reference forms (like the Hardware Asset Onboarding Authorisation Form) to show the workflow in action.

    4. Save the document in PDF/DOCX format.

4. Evidence Format

  • Accepted file types: DOCX, PDF.

  • Suggested naming format:
    YourCompanyName_AssetOnboardingRemovalProcess_YYYY-MM-DD.pdf
    Example: AcmeCorp_AssetOnboardingRemovalProcess_2025-07-01.pdf

5. What “Good” Looks Like

  • Clearly written steps for both onboarding and removal.

  • Defined approval roles (e.g. Product Manager, CEO, IT Manager).

  • Integration with your Asset Inventory List (so assets aren’t tracked in isolation).

  • Secure removal procedures (data wiping, hardware disposal, account deactivation).

Why this matters: auditors want confidence that assets don’t just appear or disappear without oversight, creating gaps in security.

6. Tips

  • Include a form or checklist for both onboarding and removal — auditors love seeing evidence of real approvals.

  • If you outsource disposal (e.g. to an e-waste vendor), keep the disposal certificates.

  • Review the process yearly to make sure it reflects your current IT setup.