Asset Management Policy
Introduction
This Workstation & Assets Management Policy is designed to protect customers' data stored on endpoints, including laptops and mobile devices. It details how WeSalute accounts for endpoint information technology assets (e.g. Team Member workstations, devices, mobile phones, computers etc.) and outlines what should be done if assets are lost, destroyed, or otherwise damaged.
When first onboarded at WeSalute, you are required to sign an Acceptable Use Policy that is an agreement to demonstrate respect for the WeSalute property assets and agreeing to return workstations and accessories upon and/or resignation. This policy is intended to provide WeSalute Team Members with guidance on WeSalute's systems resources, policies, and communication channels.
Usage
WeSalute assets, technology resources and communications systems are to be used for business purposes only unless otherwise permitted under applicable law.
All content maintained in WeSalute technology resources and communications systems is the property of WeSalute. Therefore, Team Members should have no expectation of privacy in any message, file, data, document, facsimile, telephone conversation, social media post, conversation, or any other kind or form of information or communication transmitted to, received, or printed from, or stored to or recorded on WeSalute electronic information and communications systems.
WeSalute reserves the right to monitor, intercept, and/or review all data transmitted, received, or downloaded over WeSalute technology resources and communications systems in accordance with applicable law. Any individual who is given access to the system is hereby given notice that WeSalute will exercise this right periodically, without prior notice and without prior consent.
The interests of WeSalute in monitoring and intercepting data include, but are not limited to, the protection of WeSalute trade secrets, proprietary information, and similar confidential commercially-sensitive information (i.e. financial or sales records/reports, marketing or business strategies/plans, product development, customer lists, patents, trademarks, etc.); managing the use of the computer system; and/or assisting Team Members in the management of electronic data during periods of absence.
Privacy
You should not interpret the use of password protection as creating a right or expectation of privacy, nor should you have a right or expectation of privacy regarding the receipt, transmission, or storage of data on WeSalute assets, technology resources and/or communications systems.
Do not use WeSalute assets, technology resources and/or communications systems for any matter that you would like to be kept personal, private or confidential.
Asset Standards
SystemsOps must review and approve any new type of asset (e.g. new computer model) that will be used for WeSalute operations.
Currently, approved devices manufacturer(s) include Apple. Devices should be configured such that there's reasonable confidence they will last 36 months.
WeSalute operates in a Corporate-Owned, Business-Only ("COBO") model for WeSalute Asset Standards. Assets are owned by WeSalute and given to Team Members for usage with permission. Team Members are granted the ability to download work-related applications and customize interfaces to their liking.
Configuration Standards
When WeSalute purchases the same hardware asset repeatedly, the team should design and implement consistent, secure configuration standards to ensure assets are configured securely and identically. As such, Fleet Device Management is required for all devices used at WeSalute. The standards should be based on the operations team and the role of the WeSalute Team Member who will be using the asset.
All devices provided by WeSalute should include the following minimum included in their baseline configuration:
- Password management software (1Password Business)
- Hard disk encryption (e.g. FileValut) enabled
- Password-protected screensaver that activates automatically after five minutes or less
- Antivirus software (CrowdStrike Falcon)
- Asset and Infrastructure Health Analytics (Kolide)
- Fleet Device Management (Kandji)
Variations to the Configuration Standard
Deviations from the standard configuration should be documented and approved by WeSalute SystemsOps. SystemsOps should only approve deviations from which there's a valid business need. This case is documented and ticketed to be included in WeSalute's Risk Register. The deviation is also documented in WeSalute's Inventory List.
Support of Non-Standard Assets
"Non-standard assets" are those that do not conform to WeSalute's asset and/or configuration standards. WeSalute will try to provide support such that these non-standard assets if they do not increase the company's risk profile. If SystemsOps cannot provide support, such as not meeting the minimum requirements for configuration standards, Team Members are prohibited from using the non-standard asset. It is the Team Member's responsibility to ensure that non-standard assets are protected from WeSalute systems and infrastructure.
Written approval from SystemsOps must be granted for any usage of non-standard assets before deployment or usage.
Asset Procurement Guidelines
Any request for Asset Procurement must be reviewed for compliance with WeSalute's Workstation and Asset Standards by SystemsOps. You must submit any request for assets via the WeSalute Help Center in compliance with the WeSalute Change Management Policy. Once the request passes review and approval, SystemsOps is responsible for placing orders to procure the requested assets through our vendor relations.
Software Licensing Guidelines
WeSalute's Vendor Management Policy details the policies for third-party software and services.
Technical Support and Maintenance Practices
SystemsOps is responsible for technical support. SystemsOps handles device maintenance and health. Support and maintenance requests should conform to all of WeSalute's security policies.
- If the device breaks in the first 36 months, the Team Member will be shipped a loaner device while the original is repaired.
- If a Team Member leaves the company, their device(s) will be locked, wiped, and reissued if purchased in the past 24 months; older devices will be added to the loaner pool.
- Workstations may be replaced when they are 36 months old.
- SystemsOps will be responsible for handling device exceptions that do not meet these policies.
Configuration Management Guidelines
You are responsible for initializing the execution of critical firmware and software updates that are pushed to assets. If a firmware or software update is not started within a two-week period SystemsOps will force the update.
Critical or "zero-day" updates will be pushed immediately to workstations throughout the fleet. If the device is currently offline, the update will begin immediately upon connection to the internet.
Asset Inventory Practice
SystemsOps is tasked with maintaining a list of all WeSalute company-owned assets.
You must immediately report any lost, stolen, or damaged devices to SystemsOps, which will then remotely lock down the missing asset as soon as possible via remote configuration management software.
Asset & Accessories Returns
Team Members have signed a legal separation agreement on their first day of onboarding that is sent to the Team Member during the asset return phase.
If an asset is being repaired, reissued or replace the legal separation agreement is not necessary.
Asset Return Policy
-
Prior to any Asset Return, the device will be remotely locked with a pin code preventing it access and usage.
-
Team Members have (10) business days to return the device upon receiving a return box from SystemsOps. The return box includes a return shipping label addressing the device to WeSalute SystemsOps Centralized Asset Inventory.
-
If a drop-off for shipping is not performed, Team Members may contact systems.ops@wesalute.com to schedule a pickup time.
-
Upon shipping the device, all records and information, such as the return address used and confirmation of shipment, must be sent to systems.ops@wesalute.com
-
AdministrativeOps will perform tracking of the device throughout the shipping process, confirming with SystemsOps the stages of delivery and completion.
Any Team Member questions related to returning assets please contact AdministrativeOps at administrative.ops@wesalute.com
Asset Disposal Guidelines
Whenever possible, WeSalute refurbishes, repairs, and reissues assets. If an asset will not be reused internally, due to the age or condition, WeSalute SystemsOps must invalidate any access credentials associated with the device, reformat the machine, and release the asset from configuration management software.
Once the device has been de-provisioned and reinitialized to a "blank slate", disconnected completely from the company asset management, it may become available to Team Members in need for personal reasons or family use.
Decommissioned devices are available and distributed on a first-in first-out basis. If simultaneous requests are made for a decommissioned device, and all previous request have been fulfilled, then a lottery system will be used to decide the recipient.
Once de-provisioned the decommissioned device cannot be reallocated with the company asset management or used as a workstation.
If the decommissioned device is unable to be reissued to a Team Member for personal use, then it will be recycled environmentally.
Policy Review, Disciplinary, & Responsibility
Disciplinary Action
Team Members who violate Workstations & Asset Management Policy may face disciplinary consequences in proportion to their violation. WeSalute ExecutiveOps will determine how serious a Team Member's offense is and take the appropriate action, including but not limited to termination. Failure to adhere to Workstations & Asset Management Policy is considered a compliance and security violation.
Responsibility
SystemsOps is responsible for ensuring Workstations & Asset Management Policy is followed.
This Policy currently does not have the required policy footer content standard on WeSalute Policies. This may be intentional by the nature of the content.