Skip to content
Business Continuity & Data

Asset Management Policy

Version: 1.0
Effective Date: January 22, 2025
Status: Approved

1.0 Purpose

This Asset Management Policy outlines the procedures, requirements, and responsibilities for managing company assets at NEO. This policy applies to all company assets, with a focus on laptops, mobile devices, and cloud resources. It ensures proper asset tracking, usage, and return, as well as the protection of sensitive company data.

2.0 Asset Management System

NEO utilizes Kandji for Mobile Device Management (MDM) and AWS Resource Explorer for managing cloud resources. These systems provide comprehensive management, monitoring, and security of company assets.

3.0 Asset Allocation

3.1 Laptops and Mobile Devices:

  1. Allocation Process:
    • Laptops and mobile devices are allocated to employees and contractors based on their roles and responsibilities.
    • People Success team is responsible for approving asset allocation.
  2. MDM/EDR Enrollment:
    • All allocated laptops and mobile devices must be enrolled in Kandji, which provides both Mobile Device Management (MDM) and Endpoint Detection & Response (EDR) capabilities.
    • Employees and contractors must comply with Kandji security policies, including regular updates and security compliance.
  3. Data Loss Prevention (DLP) Rationale:
    • No DLP tools are implemented on endpoints, as no critical or sensitive data is stored locally on laptops or mobile devices. All sensitive data is stored and processed exclusively in AWS cloud infrastructure, which meets ISO 27001:2022 requirements for data protection. DLP requirements are addressed through policy, access controls, and user training.

3.2 Cloud Resources:

  1. Access Provisioning:
    • Access to AWS resources is provisioned based on job roles and project requirements.
    • AWS Resource Explorer is used to manage and monitor cloud resources.
  2. Usage Monitoring:
    • Regular audits are conducted to ensure proper usage and security of AWS resources.
    • Any unauthorized access or anomalies must be reported immediately.

4.0 Asset Return Process

4.1 Laptops and Mobile Devices:

  1. Data Wipe
    • The IT department will remotely erase the employee’s device:
      • For voluntary separation: On the last working day, at the agreed-upon time.
      • For involuntary termination: Immediately following termination, in coordination with People Success.
    • Employees must provide evidence of the factory reset process (e.g., a photo or video) to ensure compliance with data security protocols.
    • The IT department will verify the reset via Kandji.
    • Both the employee’s confirmation email and a screenshot from Kandji confirming the device reset must be attached as evidence to the offboarding JIRA ticket.
  2. Laptop OwnershipUpon separation, laptops issued to employees become their property by default. However, NEO reserves the right to request the return of laptops as detailed in the “Exceptions for Laptop Retention” section.
  3. DocumentationEmployees must sign a digital confirmation form via the talent platform, acknowledging that all company data has been removed and that they accept ownership of the device.

4.2 Exceptions for Laptop Retention

NEO reserves the right to request the return of laptops at its discretion. Decisions regarding laptop retention will be made on a case-by-case basis, considering factors such as operational needs, logistical constraints, or other business requirements.

Process for Exceptions

  • The decision to retain a laptop comes from People Success or the CFO and should be included in the offboarding JIRA ticket.
  • The employee will be informed of the decision within five business days of their separation notice and provided with clear return instructions, including shipping arrangements or drop-off locations.
  • The employee must facilitate a secure remote wipe by keeping the device on and remaining online during the requested time, then confirming the reset with evidence (photo or video).

4.3 Cloud Resources:

Access Revocation:

  • Upon separation, access to all company SaaS will be revoked immediately.
  • The IT department is responsible for de-provisioning access and ensuring the security of the cloud environment.

5.0 Compliance

All employees and contractors are required to comply with this Asset Management Policy. Failure to adhere to the policy may result in disciplinary action, including but not limited to financial liability for lost or unreturned assets and potential legal consequences.

6.0 Policy Review

This Asset Management Policy will be reviewed periodically and updated as needed to ensure its continued relevance and effectiveness.

For further information and guidance regarding asset management procedures, please consult the Head of People Success (Diana Upson) or refer to the employee handbook.

Let's build your proposal
Powered by NEO AI - Intelligent Matching Technology