October is Cyber Security Awareness Month, and while we don't think that cyber awareness is something to cover just once in the year, we think it's a good opportunity to publish some information that can be used all year round.
Awareness Day Twenty One: Hardware: Asset Control
Awareness Day Twenty One: Hardware: Asset Control

Understanding what IT devices you have, where they are and who has access to them is key in preventing a cyber attack.  Consider the use of an IT Asset Register which records:

- the device type, make and model
- the serial number
- the purchase details if less than three years old 
- any warranty details
- backup codes for the encryption keys if used
- who currently has the device and whether they have signed an acceptable use agreement

Ensure there are procedures in place to wipe the contents/reset in between loans and the asset register updated.
Ensure there is a method to track devices if lost/mislaid. Consider the use of remote wiping technologies.
Check the disposal company for IT assets has the required certifications.
Consider marking or tagging the devices (especially mobile ones).
Consider the use of mobile device management software for iPads.

Review the DfE Meeting Digital and Technology Standards in Schools and Colleges : which advises that devices should be known and recorded with their security features enabled, correctly configured and kept up to date.
Review: NCSC Asset Management

More questions like these are in our Information and Cyber Security Checklist (only viewable with a valid Data Protection Education subscription):