Supply Chain: Asset Lifecycle
Tracking the lifecycle of physical Assets
Tracking and tracing the lifecycle of physical Assets - from IoT Devices (embedded sensors, handheld equipment) to a whole distribution depot - is a key strength of DataTrails. The ability to collect and examine the entire life history of critical Assets - their provenance - is crucial to building secure and trustworthy systems.
This also applies to digital assets such as software applications, equipment firmware, images and documents. Every item involved in the supply chain has a lifecycle.
Asset lifecycle tracing
Knowing what state an asset is in, whether or not it is compliant with organizational policy, and whether it needs any attention right now can help a connected system run smoothly. This eliminates the mundane in lifecycle management and allows expert resources to focus only on those parts of the estate that need attention.
Considerations
Build the Asset over time: The Asset lifecycle covers its entire life, from design and build to procurement and use, and finally disposal. During this time the Asset evolves and develops new properties and characteristics which are not necessarily foreseeable at creation time. DataTrails supports the addition of new properties at any time in the lifecycle so there is no need to design and fill in everything up-front. Start with a simple - even empty - Asset and let DataTrails track and trace the new properties as they naturally occur.
Verify and confirm security data: For digital Assets, a lot of the effort spent on lifecycle management will be spent on software and firmware management. DataTrails’s ‘Witness Statement’ approach to creating Asset histories enables statements of intent to be recorded alongside ground truths. For example, a claimed software update next to a digitally signed platform attestation proving that it was done.
Access Policies: Always try to avoid proliferating Access Policies and make as few as possible with clear user populations and access rights. Generally, all parties will need read access to all the Events in the Asset history but it may be convenient to restrict Event write access to mirror real-world approvers and actors.
Compliance Policies: If a device has a mandatory maintenance schedule (security updates, sensor calibration) then this can be monitored and recorded using a compliance policy.