Asset management policy - codemagic-ci-cd/company-handbook GitHub Wiki

Purpose

To identify organizational assets and define appropriate protection responsibilities. To ensure that information receives an appropriate level of protection in accordance with its importance to the organization. To prevent unauthorized disclosure, modification, removal, or destruction of information stored on media.

Scope

This policy applies to all Nevercode owned or managed information systems.

Inventory of Assets

Assets associated with information and information processing facilities that store, process, or transmit classified information shall be identified and an inventory of these assets shall be created and maintained.

Ownership of Assets

Assets maintained in the inventory shall be owned by a specific individual or group within Nevercode LTD.

Acceptable Use of Assets

Rules for the acceptable use of information, assets, and information processing facilities shall be identified and documented in the *Acceptable Use Policy.

Loss or Theft of Assets

All Nevercode LTD personnel must immediately report the loss of any information systems, including portable or laptop computers, smartphones, PDAs, authentication tokens (keyfobs, one-time-password generators, or personally owned smartphones or devices with a Nevercode LTD software authentication token installed) or other devices that can store and process or help grant access to Nevercode LTD data.

Return of Assets

All personnel and third-party users of Nevercode LTD equipment shall return all organization assets in their possession upon termination of their employment, contract, or agreement.

Handling of Assets

Handling of Assets is governed by the Acceptable Use policy

Asset Disposal & Reuse

Company devices and media that stored or processed confidential data shall be securely disposed of when no longer needed.

Customer Asset Return

Any physical assets owned by customers shall be promptly returned to the customer following service termination in accordance with the terms of contract or service agreement.

Exceptions

Requests for an exception to this policy must be submitted to the CTO for approval.

Violations & Enforcement

Any known violations of this policy should be reported to the CTO. Violations of this policy may result in immediate withdrawal or suspension of system and network privileges and/or disciplinary action, in accordance with company procedures, up to and including termination of employment.