Asset Management Policy

Policy Owner: Tech Ops

Effective Date: Feb 1, 2022

Last Updated Date: Jan 25, 2022

  1. Purpose

To identify organizational assets and define appropriate protection responsibilities. To ensure that information receives an appropriate level of protection in accordance with its importance to the organization. To prevent unauthorized disclosure, modification, removal, or destruction of information stored on media.

  1. Scope

This policy applies to all Sourcegraph owned or managed information systems.

Inventory of Assets

Assets associated with information and information processing facilities that store, process, or transmit classified information shall be identified and an inventory of these assets shall be drawn up and maintained. This inventory will live in our endpoint management system, Jamf.

Assignment of Assets

Assets maintained in the inventory shall be assigned to a specific individual or group within Sourcegraph.

Acceptable Use of Assets

Rules for the acceptable use of information, assets, and information processing facilities shall be identified and documented in the Information Security Policy.

Return of Assets

All employees and third-party users of Sourcegraph equipment shall return all of the organizational assets within their possession upon termination of their employment, contract, or agreement. There are exceptions to this as part of Sourcegraph’s Laptop Buyback policy (In work).

Handling of Assets

Employees and users who are issued or handle Sourcegraph equipment are expected to use reasonable judgment and exercise due care in protecting and maintaining the equipment.

Employees are responsible for ensuring that company equipment is secured and properly attended to whenever it is transported or stored outside of company facilities.

  1. Exceptions

Requests for an exception to this policy must be submitted to the Tech Ops manager and Security teams for approval. Exceptions include the following:

  • Newly hired employees who are waiting on receiving their Sourcegraph managed device
  • Temporary contractors who have limited access.
  • Sourcegraph Employees who have ordered a Sourcegraph device and are waiting to receive it.
  • Certain countries that we are not able to provide equipment to.

Violations & Enforcement

Any known violations of this policy should be reported to Failure to follow this policy can result in disciplinary action, up to and including termination.

Version Date Comments Author
1.0 First Version Nicky Van Maanen
1.1 Review & Approval Nicky Van Maanen
1.1 Annual Review Dora Neumeier