Overview

Asset management is the process of receiving, tagging, documenting, and eventually disposing of equipment. It is critically important to maintain up to date inventory and asset controls to ensure computer equipment locations and dispositions are well known. Lost or stolen equipment often contains sensitive data. Proper asset management procedures and protocols are a key part of any information security program.

This policy provides procedures and protocols supporting effective organizational asset management specifically focused on electronic devices that may be used to store customer data (e.g. key assets that impact information security).

Scope

Applies to all staff.

General Policy

Procedures governing asset management shall be established for secure disposal or re-purposing of equipment and resources prior to assignment, transfer, transport, or surplus. When disposing of any asset, sensitive data must be removed prior to disposal. IT support staff shall determine what type of data destruction protocol should be used for erasure. Minimally, data shall be removed using low level formatting.

Return of Company Assets

Within 2 days of termination of employment, or business relationship with OfficeWork Software or for any reason (or at any time prior to OfficeWork Software's request), the employee shall return all assets belonging to the Company or its affiliates (including, but not limited to, any company-provided laptops, computers, cellphones, or any other equipment, and property belonging to OfficeWork Software).

Asset tracking includes:

  • Date of purchase
  • Make and model
  • Serial Number
  • Location
  • Type of asset
  • Owner
  • Disposition

Audit

IT staff shall perform a semi-annual audit on key assets.

Enforcement

Staff members found in policy violation may be subject to disciplinary action, up to and including termination.

Related Policies