ASSET INVENTORY AND MANAGEMENT POLICY

INTRODUCTION

Asset management is the process of receiving, tagging, documenting, and eventually disposing of equipment. It is critically important to maintain up to date inventory and asset controls to ensure computer equipment locations and dispositions are well known. Lost or stolen equipment often contains sensitive data.

PURPOSE

The purpose of this Policy is to establish guidelines and procedures for maintaining an accurate and up-to-date inventory of all hardware and software assets owned or used by the organization. Additionally, this policy aims to ensure that devices are managed securely throughout their lifecycle, promoting data security, compliance, and optimal resource utilization.

SCOPE

This policy applies to all employees, contractors, and any other individuals who have access to a desktop workstation or laptop (collectively referred to as “assets”) issued by Kredit Financial Inc. (Kredit).

ROLES AND RESPONSIBILITIES

Kredit’s Chief Technology Officer (CTO) is responsible for tagging and tracking all Kredit assets.

Kredit’s Chief Compliance Officer (CCO) is responsible for this Policy is communicated to all employees and made available to all employees in the organization. The CCO is also responsible for reviewing this Policy on an annual basis.

POLICY

ASSET MANAGEMENT AND IDENTIFICATION

All assets are uniquely identified by a serial number. The CTO is responsible for maintaining asset inventory database, which includes the following information for each asset:

• Date of purchase

• Make and model

• Serial number

• Type of asset

• Owner (employee to whom the asset is assigned)

When assets are reassigned or decommissioned, these changes are updated in the inventory database.

ASSET ACQUISITON AND DEPLOYMENT

All asset acquisitions are performed by the CTO. Devices are procured from reputable vendors and adhere to the organization's hardware standards. Before deployment, all devices are configured with necessary security measures, and appropriate software applications for productivity and security.

SOFTWARE UPDATES AND PATCHES

All assets have automatic software updates enabled for the operating system and applications. Critical security patches are applied promptly to protect against vulnerabilities.

ASSET REPURPOSING AND DECOMMISIONING

Before repurposing an asset, all sensitive data and information stored on the asset are properly removed or destroyed before it is reassigned.

When an asset reaches the end of its lifecycle or is no longer in use, it must be decommissioned securely. Minimally, data shall be removed using low level formatting and degaussing techniques.

LOST OR STOLEN DEVICES

In the event of a lost or stolen device, the user must report it immediately to the CTO. The CTO will initiate appropriate measures to locate or remotely wipe the data from the device to prevent unauthorized access.

COMMUNICATION

This Policy shall be communicated to all affected employees via email and maintained in the Internal Policy Repository folder on Google Drive for reference purposes.

VIOLATIONS

Failure to comply with this policy and procedure may result in the Kredit network being infected by a virus or malware.

CHANGE SUMMARY

Purpose: Internal Policy

Category: Information Security Policy

Policy Name: Asset Inventory and Management Policy