Information Technology Endpoint Device Lifecycle
Administering Office: Office of CIO
Revised: September, 2007
Revised: September 22, 2008
Revised and Renamed: July 29, 2019
The acquisition, management, and disposition of university-owned information technology
resources must be actively managed to maximize sustainability of funding and human
resources, as well as meet state, audit, and UNC policies. This policy and related
procedures establish the necessary controls for the lifecycle of this equipment from
purchase to disposition.
This policy applies to individual users of endpoint devices, and any university-owned
information technology endpoint device, regardless of funding source, as defined below.
“Endpoint device” shall mean a university-owned information technology asset that includes, but is
not limited to, a desktop, laptop, notebook, or tablet computer.
“Management” shall mean any work required to deploy, update, maintain, and protect endpoint devices.
“Tablet” shall mean a portable computer, with the exception of a smartphone, that accepts
input directly to its screen rather than via keyboard or mouse.
Endpoint Device Lifecycle Policy
- The Division of Information Technology (IT) has the overall responsibility for the
standards and processes that relate to the acquisition, inventory control, management,
and disposition of endpoint devices.
- The acquisition and disposition of endpoint devices must follow and comply with all
University policies and procedures, including purchasing and procurement procedures.
and Facilities Management procedures. This includes, but is not limited to, ordering,
disposal, surplus, and removal processes.
- Individual users may not take steps that prevent the management of endpoint devices,
such as removal from the campus network for an extended period of time. Any WCU-owned
device is intended to be used for university business, and must be manageable by IT.
- IT shall maintain the list of standard hardware configurations.
- All devices have a definite end-of-life, which may be based upon, but is not limited to, in-service date of 5 years, end of
vendor support, security vulnerabilities, or any other factor that may require that
the device be decommissioned. Any device that exceeds end-of-life may be subject to
one or more of the following: increased annual asset fee; limited or no IT support;
limited network access; and/or other appropriate considerations.
- The University maintains a one-in, one-out model. At the time of purchase of a new
endpoint device, an existing endpoint device will be designated for surplus. This
designated device will be picked up for surplus at the time of the new installation
is made. To minimize unintentional data loss, IT will hold systems that are picked
up for surplus for 45 days before proceeding with the surplus process. If the endpoint
device being replaced does not fit into any of the end-of-life indicators mentioned
in item 5, the device may be requested to be repurposed and reallocated to another
faculty or staff member within the unit, following the Division of IT’s procedure
for doing so. However, this redeployment may only occur one time for each new endpoint
All exception requests must be approved by the University Computer Exception Committee
or approved by the CIO, depending on exception type. Exceptions must be submitted
via the Endpoint Device Exception Form.
This policy shall be reviewed and revised as necessary every two (2) years.
- International Standards Organization (ISO/IEC 27002, 11.2 Equipment)
- WCU Software Adoption Policy 119
- Endpoint Device Lifecycle Procedures
- WCU Purchasing Polices and Procedures Manual
- Endpoint Device Exception Form