- handbook
- Company
- Company
- Board
- Communications
- Decision making
- Guides
- KPIs and OKRs
- principles
- Remote Work
- Security
- Asset Management Policy
- Business Continuity & Disaster Recovery Policy
- Data Management Policy
- Information Security Roles and Responsibilities
- Operations Security Policy
- Risk Management Policy
- Third-Party Risk Management Policy
- Human Resources Security Policy
- Access Control Policy
- Incident Response Plan
- Cryptography Policy
- Information Security Policy and Acceptable Use Policy
- Secure Development Policy
- strategy
- values
- Operations
- Product
- Feedback
- Metrics
- Node-RED Dashboard
- personas
- Pricing Principles
- Principles
- Product Categories
- Responsibilities
- Strategy
- Versioning
- Customer department
- Customer
- Hubspot
- Marketing
- How we work
- Marketing
- Video
- Boiler Plate Descriptions
- Marketing - Website
- Customer Stories
- Webinars
- Social Media
- blog
- Sales
- Engineering & Design Practices
- Design
- Engineering
- contributing
- Front End
- Packaging Guidelines
- Platform Ops
- Project Management
- Releases
- Security Policy
- tools
- Internal Operations
- People Ops
# Asset Management Policy
| Policy owner | Effective date |
|---|---|
| @knolleary | 2023-06-01 |
# Purpose
To identify organizational assets and define appropriate protection responsibilities. To ensure that information receives an appropriate level of protection in accordance with its importance to the organization. To prevent unauthorized disclosure, modification, removal, or destruction of information stored on media.
# Scope
This policy applies to all FlowFuse owned or managed information systems.
## Policy
# Inventory of Assets
Assets associated with information and information processing facilities that store, process, or transmit classified information shall be identified and an inventory of these assets shall be created and maintained.
# Ownership of Assets
Assets maintained in the inventory shall be owned by a specific individual or group within the company.
# Acceptable Use of Assets
Rules for the acceptable use of information, assets, and information processing facilities shall be identified and documented in the Information Security Policy.
# Loss or Theft of Assets
All personnel must immediately report the loss of any information systems, including portable or laptop computers, smartphones, PDAs, authentication tokens (keyfobs, one-time-password generators, or personally owned smartphones or devices with access to FlowFuse systems) or other devices that can store and process or help grant access to FlowFuse data.
# Return of Assets
All employees and third-party users of FlowFuse equipment shall return all of the organizational assets within their possession upon termination of their employment, contract, or agreement in accordance with the off-boarding process.
# Handling of Assets
Employees and users who are issued or handle FlowFuse equipment are expected to use reasonable judgment and exercise due care in protecting and maintaining the equipment.
Employees are responsible for ensuring that company equipment is secured and properly attended to whenever it is transported or stored. Equipment must be secured in accordance with the Access Control policy and must not be left unattended in public locations.
All mobile devices shall be handled in accordance with the Information Security Policy.
# Exceptions
Requests for an exception to this policy must be submitted via email to the CEO or CTO for approval.
# Violations & Enforcement
Any known violations of this policy should be reported to the CEO or CTO. Violations of this policy can result in immediate withdrawal or suspension of system access and/or disciplinary action in accordance with company procedures up to and including termination of employment.
Policy derived from JupiterOne/security-policy-templates (CC BY-SA 4 license) and Vanta