Skip to main content

Asset Management Policy

Purpose

This policy outlines the controls for identifying, managing and tracking assets for the Skpr hosting platform cloud environment.

Scope

This policy applies to:

All cloud infrastructure components (e.g., EC2, S3, RDS, Lambda, IAM roles)
Infrastructure as Code (IaC) artifacts (Terraform modules, state files)
Virtual machines, containers, APIs, and networking components

Asset Definition

An “asset” includes:

Compute resources - EC2 instances, container workloads and Lambda functions
Storage - S3 buckets, EBS volumes and backups
Networking - VPCs, subnets, security groups and load balancers
IAM & Identity - Users, roles and policies
IaC Artifacts - Terraform code, modules, and state files

Asset Lifecycle Management

All infrastructure management must be done through Terraform.
Terraform changes must be reviewed (PRs) and approved before merge/deploy.
Decommissioned assets must be destroyed via Terraform with proper approvals.

Monitoring & Reporting

Dashboards must be in place (e.g., AWS Cost Explorer, CloudWatch Dashboards)
Monthly reviews to review unused resources and drift from IaC manifests

Roles & Responsibilities

Skpr platform team - Oversees implementation and compliance with this policy.
PreviousNext Operations Lead - Responsible for the enforcement and auditing of this policy.

Review & Updates

This policy will be reviewed annually or upon significant changes to infrastructure or regulatory requirements.

Purpose
Scope
Asset Definition
Asset Lifecycle Management
Monitoring & Reporting
Roles & Responsibilities
Review & Updates