Policies and Procedures
  • Kredit Policies and Procedures
  • Human Resources Policies
    • Background Screening Policy
    • Hiring Policy
    • Training Policy
  • Information Security Policies
    • Acceptable Use Policy
    • Access Control Policy
    • Anti-Virus & Malware Guidelines
    • Asset Inventory and Management Policy
    • Business Continuity and Disaster Recovery Plan
    • Data Governance & Classification Guidelines
    • End User Encryption Key & Storage Guidelines
    • Firewall Guidelines and Policy
    • Internal Use of Email Policy
    • Incident Response Plan
    • Information Security Policy
    • Password Construction & Security Policy
    • Password Protection Policy
    • System & Network Monitoring and Filtering Policy
    • Vulnerability and Threat Management Policy Policy
    • Large Language Model Policy
  • Operations Policies
    • Inquiry Handling Policy and Procedure
    • Operations Security Policy
  • Regulatory Policies
    • Anti-Money Laundering & Know Your Customer Screening Policy & Procedure
    • Electronic Fund Transfer Act, Regulation E, Nacha Operating Rules, & E-Sign Act Policy & Procedure
    • Electronic Communications Policy
    • Equal Credit Opportunity Act and UDAAP Policy & Procedure
    • Fair Credit Reporting Act Permissible Purpose Policy
    • Fraud Monitoring Policy
    • Gramm-Leach Bliley Act – Safeguards Rule Policy
    • Web Content Accessibility Guidelines Policy
  • Vendor Management Policies
    • Service Provider Oversight Policy
Powered by GitBook
On this page
  • ASSET INVENTORY AND MANAGEMENT POLICY
  • INTRODUCTION
  • PURPOSE
  • SCOPE
  • ROLES AND RESPONSIBILITIES
  • POLICY
  • COMMUNICATION
  • VIOLATIONS
  • CHANGE SUMMARY

Was this helpful?

Export as PDF
  1. Information Security Policies

Asset Inventory and Management Policy

ASSET INVENTORY AND MANAGEMENT POLICY

INTRODUCTION

Asset management is the process of receiving, tagging, documenting, and eventually disposing of equipment. It is critically important to maintain up to date inventory and asset controls to ensure computer equipment locations and dispositions are well known. Lost or stolen equipment often contains sensitive data.

PURPOSE

The purpose of this Policy is to establish guidelines and procedures for maintaining an accurate and up-to-date inventory of all hardware and software assets owned or used by the organization. Additionally, this policy aims to ensure that devices are managed securely throughout their lifecycle, promoting data security, compliance, and optimal resource utilization.

SCOPE

This policy applies to all employees, contractors, and any other individuals who have access to a desktop workstation or laptop (collectively referred to as “assets”) issued by Kredit Financial Inc. (Kredit).

ROLES AND RESPONSIBILITIES

Kredit’s Chief Technology Officer (CTO) is responsible for tagging and tracking all Kredit assets.

Kredit’s Chief Compliance Officer (CCO) is responsible for this Policy is communicated to all employees and made available to all employees in the organization. The CCO is also responsible for reviewing this Policy on an annual basis.

POLICY

ASSET MANAGEMENT AND IDENTIFICATION

All assets are uniquely identified by a serial number. The CTO is responsible for maintaining asset inventory database, which includes the following information for each asset:

  • Date of purchase

  • Make and model

  • Serial number

  • Type of asset

  • Owner (employee to whom the asset is assigned)

When assets are reassigned or decommissioned, these changes are updated in the inventory database.

ASSET ACQUISITON AND DEPLOYMENT

All asset acquisitions are performed by the CTO. Devices are procured from reputable vendors and adhere to the organization's hardware standards. Before deployment, all devices are configured with necessary security measures, and appropriate software applications for productivity and security.

SOFTWARE UPDATES AND PATCHES

All assets have automatic software updates enabled for the operating system and applications. Critical security patches are applied promptly to protect against vulnerabilities.

ASSET REPURPOSING AND DECOMMISIONING

Before repurposing an asset, all sensitive data and information stored on the asset are properly removed or destroyed before it is reassigned.

When an asset reaches the end of its lifecycle or is no longer in use, it must be decommissioned securely. Minimally, data shall be removed using low level formatting and degaussing techniques.

LOST OR STOLEN DEVICES

In the event of a lost or stolen device, the user must report it immediately to the CTO. The CTO will initiate appropriate measures to locate or remotely wipe the data from the device to prevent unauthorized access.

COMMUNICATION

This Policy shall be communicated to all affected employees via email and maintained in the Internal Policy Repository folder on Google Drive for reference purposes.

VIOLATIONS

Failure to comply with this policy and procedure may result in the Kredit network being infected by a virus or malware.

CHANGE SUMMARY

Purpose: Internal Policy

Category: Information Security Policy

Policy Name: Asset Inventory and Management Policy

Event
Event Date
Event By
Date Reviewed
Reviewed By
Version

Creation

01/10/2022

Kenny Lai, CTO

1.0

Revision – converted to new format

08/03/2023

Colene McNinch, CCO

Kenny Lai, CTO

08/10/2023

1.1

PreviousAnti-Virus & Malware GuidelinesNextBusiness Continuity and Disaster Recovery Plan

Last updated 1 year ago

Was this helpful?