# Higher-Education IT Asset Management Glossary

> Source: https://www.usehabeo.com/glossary
> Plain-language definitions of the asset, compliance, and identity terms used across higher-education IT.

## IT Asset Management (ITAM)

IT asset management (ITAM) is the practice of tracking and governing an organization's hardware, software, and cloud assets across their full lifecycle — procurement, deployment, maintenance, and disposal — as a single system of record. In higher education, ITAM spans laptops, lab instruments, software licenses, and grant-funded equipment, and underpins financial reporting, security, and audit.

In Habeo: Habeo is a higher-education-native ITAM platform: the institutional system of record for everything a university tags.

## CMDB (Configuration Management Database)

A configuration management database (CMDB) is a repository that stores an organization's IT assets (configuration items) and the relationships between them — which device runs which software, who it is assigned to, and what it depends on. A modern CMDB is a live relationship graph rather than a periodic spreadsheet import.

In Habeo: Habeo's CMDB is built from live MDM and HRIS data, with hosts, software, people, departments, and grants as first-class, typed relationships.

## GASB 34 / GASB 35 (Governmental Accounting Standards Board Statements No. 34 and 35)

GASB 34 and GASB 35 are accounting standards from the Governmental Accounting Standards Board that govern financial reporting for U.S. state and local governments and public colleges and universities. They require institutions to capitalize and depreciate long-lived assets (equipment, infrastructure) and report them in government-wide financial statements. GASB 35 specifically extends the GASB 34 reporting model to public higher-education institutions.

In Habeo: Habeo models GASB 34/35 straight-line depreciation per capital class and produces the roll-forward auditors expect.

## HECVAT (Higher Education Community Vendor Assessment Toolkit)

The Higher Education Community Vendor Assessment Toolkit (HECVAT) is a standardized security and privacy questionnaire that colleges and universities use to assess third-party vendors handling institutional data. Maintained by the EDUCAUSE Higher Education Information Security Council, it comes in Full, Lite, and On-Premise editions; HECVAT 4.x is the current generation. A published HECVAT response lets a vendor clear institutional security review faster.

In Habeo: Habeo publishes a HECVAT 2024 response — a Lite narrative plus the full 331-question HECVAT 4.1.5 workbook (XLSX) — at /compliance/hecvat.

## InCommon Federation (U.S. research & education identity federation (Internet2))

InCommon is the identity federation for U.S. research and education, operated by Internet2. It lets students, faculty, and staff use their home-institution credentials to access federated services through SAML-based single sign-on (commonly via Shibboleth), without each service managing its own accounts. Membership signals that a service integrates with the standard higher-ed identity fabric.

In Habeo: Habeo supports InCommon-compatible SAML SSO; InCommon Federation membership is on the roadmap for Q4 FY26.

## Uniform Guidance §200.313 (2 CFR §200.313 — Equipment)

2 CFR §200.313 is the section of the federal Uniform Guidance that governs equipment acquired under federal awards. It requires recipients (including universities) to maintain detailed property records, conduct a physical inventory at least every two years, keep a control system to prevent loss or theft, maintain the equipment, and follow defined disposition procedures — including requesting disposition instructions from the awarding agency for equipment over $5,000 fair market value.

In Habeo: Habeo tags federally funded assets at acquisition, schedules the biennial inventory, and gates disposition behind grant-manager approval.

## MDM (Mobile Device Management)

Mobile device management (MDM) is software that enrolls, configures, and monitors an organization's endpoints — Macs, Windows PCs, iPhones, iPads, Chromebooks — from a central console. MDM platforms hold an authoritative, continuously updated inventory of managed devices, which makes them the ideal discovery source for IT asset management.

In Habeo: Habeo ingests Jamf Pro, Microsoft Intune, and Google Admin continuously — no agents to deploy — so the asset record stays live.

## SCIM 2.0 (System for Cross-domain Identity Management)

SCIM (System for Cross-domain Identity Management) is an open standard, defined in RFCs 7643 and 7644, for automating the exchange of user identity information between systems. It lets an identity provider automatically create, update, and deactivate accounts in downstream applications as people join, move, or leave — eliminating manual provisioning.

In Habeo: Habeo supports SCIM 2.0 provisioning alongside SAML SSO.

## SAML (Security Assertion Markup Language)

SAML (Security Assertion Markup Language) is an XML-based open standard for single sign-on. It lets an identity provider pass authenticated identity assertions to a service provider, so a user signs in once with their institutional account and gains access to connected applications without separate passwords.

In Habeo: Habeo authenticates via SAML SSO and is InCommon-compatible.

## Carnegie Classification (Carnegie Classification of Institutions of Higher Education)

The Carnegie Classification is the standard framework for categorizing U.S. colleges and universities — for example R1 and R2 doctoral universities by research activity, plus baccalaureate, master's, and associate's categories. Stewarded by the American Council on Education and the Carnegie Foundation, it is widely used to benchmark and segment institutions.

In Habeo: Habeo prices by Carnegie classification and endpoint band rather than per device or per seat.

## Department Chargeback & Showback

Chargeback and showback are methods for attributing IT costs to the departments, colleges, or grants that consume them. Chargeback bills those costs back to the unit's budget; showback reports the costs for visibility without an internal transfer. Both depend on an accurate asset and usage record tied to cost centers.

In Habeo: Habeo allocates hardware, software, and shared-service spend by usage, headcount, or cost-center rule and exports monthly summaries to the finance ledger.

## Surplus & Disposition

Disposition is the controlled retirement of an asset at end of life — sale, transfer, recycling, or scrap — with the financial and compliance record updated accordingly. Surplus management is the process of redistributing or reselling still-usable equipment a department no longer needs. For federally funded equipment, disposition is governed by Uniform Guidance §200.313.

In Habeo: Habeo tracks the full disposal lifecycle — retired, disposed, lost, stolen — with surplus redistribution and resale built in.

## Depreciation

Depreciation is the accounting allocation of a capital asset's cost over its useful life. Public universities most commonly use straight-line depreciation, recognizing equal expense each year, to satisfy GASB 34/35 reporting. Accurate depreciation depends on an asset record with acquisition cost, in-service date, and capital class.

In Habeo: Habeo derives depreciation directly from the asset ledger, separating federally funded basis from institutional basis.

## PunchOut (cXML / OCI) (Procurement catalog integration)

PunchOut is a procurement integration that lets a buyer browse a supplier's catalog from inside their own purchasing system and return a populated cart for approval. It is implemented over the cXML or OCI (Open Catalog Interface) protocols and is the standard way universities buy against negotiated consortium and direct-vendor catalogs.

In Habeo: Habeo supports consortium punchout catalogs (OCI / cXML) to E&I Cooperative Services, OMNIA Partners, and direct vendors, capturing the award and funding source at acquisition.

## System of Record

A system of record is the authoritative data source for a given entity — the single place the organization trusts for the truth about it. For physical and digital assets, the asset system of record is where every other system (finance, security, ITSM, audit) reconciles against, so the data must be complete, current, and governed.

In Habeo: Habeo is the asset system of record: the one place hardware, software, IoT, and grant-funded equipment reconcile.

## Endpoint

An endpoint is any device that connects to an organization's network — laptop, desktop, phone, tablet, server, or IoT device. In higher-education IT asset management, the endpoint count is the standard unit for sizing the managed fleet and is commonly used to scope licensing and pricing.

In Habeo: Habeo's institutional pricing is fixed by endpoint band, not per device.

## FERPA (Family Educational Rights and Privacy Act)

The Family Educational Rights and Privacy Act (FERPA) is a U.S. federal law that protects the privacy of student education records. It governs how institutions and their vendors may collect, store, and disclose personally identifiable information from those records, and is a baseline requirement in higher-education vendor security review.

In Habeo: Habeo is FERPA-aware in its data handling and documents that posture in its published HECVAT response.

## SOC 2 Type II (System and Organization Controls 2, Type II)

SOC 2 Type II is an independent audit report, based on the AICPA Trust Services Criteria (security, availability, processing integrity, confidentiality, and privacy), that evaluates whether a service organization's controls operated effectively over a period of time — typically 3 to 12 months. Unlike Type I, which is a point-in-time snapshot, Type II tests controls across the period.

In Habeo: Habeo is SOC 2 Type II ready, with the audit period closing Q3 FY26.