Policy Owner: Tech Ops
Effective Date: Feb 1, 2022
Last Updated Date: Jan 25, 2022
To identify organizational assets and define appropriate protection responsibilities. To ensure that information receives an appropriate level of protection in accordance with its importance to the organization. To prevent unauthorized disclosure, modification, removal, or destruction of information stored on media.
This policy applies to all Sourcegraph owned or managed information systems.
Assets associated with information and information processing facilities that store, process, or transmit classified information shall be identified and an inventory of these assets shall be drawn up and maintained. This inventory will live in our endpoint management system, VMWare Workspace One.
Assignment of Assets
Assets maintained in the inventory shall be assigned to a specific individual or group within Sourcegraph.
Rules for the acceptable use of information, assets, and information processing facilities shall be identified and documented in the Information Security Policy.
All employees and third-party users of Sourcegraph equipment shall return all of the organizational assets within their possession upon termination of their employment, contract, or agreement. There are exceptions to this as part of Sourcegraph’s Laptop Buyback policy (In work).
Employees and users who are issued or handle Sourcegraph equipment are expected to use reasonable judgment and exercise due care in protecting and maintaining the equipment.
Employees are responsible for ensuring that company equipment is secured and properly attended to whenever it is transported or stored outside of company facilities.
Requests for an exception to this policy must be submitted to the Tech Ops manager and Security teams for approval. Exceptions include the following:
- Newly hired employees who are waiting on receiving their Sourcegraph managed device
- Temporary contractors who have limited access.
- Sourcegraph Employees who have ordered a Sourcegraph device and are waiting to receive it.
- Certain countries that we are not able to provide equipment to.
Violations & Enforcement
Any known violations of this policy should be reported to the Tech Ops Team. Violations of this policy can result in immediate withdrawal or suspension of system and network privileges and/or disciplinary action in accordance with company procedures up to and including termination of employment.