...
Rules for the acceptable use of information, assets, and information processing facilities shall be identified and documented in the Information Security Policy.
Loss or Theft of Assets
All CloudCard personnel must immediately report the loss of any information systems, including portable or laptop computers, smartphones, PDAs, authentication tokens (keyfobs, one-time-password generators, or personally owned smartphones or devices with a CloudCard software authentication token installed) or other devices that can store and process or help grant access to CloudCard data.
...
Employees are responsible for ensuring that company equipment is secured and properly attended to whenever it is in an employee’s care, especially when is transported or stored outside of company facilities.
All mobile devices shall be handled in accordance with the Information Security Policy.
Excepting employee-issued devices, no company computer equipment or devices may be moved or taken off-site without appropriate authorization from management.
-owned facilities.
Asset Disposal & Re-Use
Company devices and media that stored or processed confidential data shall be securely disposed of when no longer needed. Data must be erased prior to disposal or re-use, using an approved technology in order to ensure that data is not recoverable. Or a A Certificate of Destruction (COD) must be obtained for devices destroyed by a third-party service.
...
Any known violations of this policy should be reported to the Managing Director. Violations of this policy can result in immediate withdrawal or suspension of system and network privileges and/or disciplinary action in accordance with company procedures up to and including termination of employment.
Version | Date | Description | Author | Approved by |
1.0 | 2023-03-21 | First Version | Ryan Heathcote | Luke Rettstatt |
2.0 | 2024-07-05 | Annual Policy Review | Ryan Heathcote | Luke Rettstatt |