Asset Management Policy

Asset Management Policy

SOC2 CertificationNetspective Unified Process
 

The Asset Management Policy policy is to set the direction for establishing the accountability and managing the assets of Netspective Communications LLC

  • Netspective Communications LLC Information systems, encompassing hardware and software, shall be managed in accordance with the information asset protection objectives established in the Asset Management Policy throughout the life cycle of the systems; from acquisition to disposal.
  • All Information systems, networks, and applications used in Netspective Communications LLC production environment and in virtual premises, such as hosting sites, shall follow the documented change control process and procedures to ensure that only authorized updates or changes are made.
  • Specific instructions and requirements for change control are as specified in the Communications and Operations Management Policy.
  • All production systems and applications developed by Netspective Communications LLC or on behalf of Netspective Communications LLC shall adhere to the documented process of analyzing, designing, developing, testing, and enhancing systems to ensure the integration of appropriate security controls.

Inventory of Assets

  • Netspective Communications LLC IT Department shall maintain an inventory of all categories of Information Assets:
    • Hardware Assets
    • Software Assets
    • Information Assets
    • People Assets
  • Netspective Communications LLC shall keep an up-to-date inventory of their key configurations items (e.g., Application, Data, OS, DB, Patches, Hardware, etc.). Information Security Department shall ensure that the information is documented and referenced in an appropriate Configuration Management Database (CMDB) in line with international best practices.
  • Information Security Department shall ensure that a baseline of configuration items is kept for every system and service as a checkpoint to which to return to after changes rollback.
  • Information Security Department shall ensure that only authorized changes to the systems’ configuration will be allowed under formal change management procedures.
  • For Each Asset the following shall be identified:
    • Owners: managers of organizational units that have primary responsibility for information assets associated with their functional authority. When owners are not clearly implied by organizational design, the Head of Information Technology Department shall make the designation. Owners are responsible for:
      • Identification of information assets.
      • Assigning the proper information asset classification.
      • Ensuring the proper labeling for sensitive information.
      • Designating the custodian in possession of the information.
      • Ensuring the information classifications are properly communicated and understood by the custodians.
      • Reviewing information assets periodically to determine if their classifications shall be changed.
    • Custodians: managers, administrators, service providers, and those designated by the owner to manage, process, or store information assets. Custodians are responsible for understanding the information classifications, and applying the necessary controls to maintain and conserve the information classifications and labeling established by the Owners.
    • Users: individuals, groups, or organizations authorized by the Owner to access information assets. Users are responsible for:
      • Understanding the information classifications, abiding by the controls defined by the owner and implemented by custodians
      • Maintaining and conserving the information classification and labeling established by the Owners.
      • Contacting the Owner when information is unmarked or the classification is unknown.
    • Assets Inventory shall contain, but not limited to:
      • Asset identification.
      • Asset description.
      • Asset location.
      • Asset owner.
      • Asset classification.
      • Asset Value Sensitivity

Ownership of Assets

  • For each key Information Asset, Netspective Communications LLC shall ensure to identify an Information Asset ‘Owner’, who shall be ultimately responsible for the Information assets and all key decisions regarding the assets undertaken with due permission of identified ’owner’.
  • Information asset owners shall collaborate to ensure definition of adequate controls for their information assets that provide a coherent and consistent level of protection.
  • For business applications and data; the assigned owner shall be a senior business person. For IT internal application and data; the assigned owner shall be a senior IT Department person.

Acceptable Use of Assets

  • Before issuing any asset to the owners a delivery note is taken and this clearly highlights the acceptable user of assets, the do and do not’s mentioned in the delivery note.
  • Information security is committed to protect Netspective Communications LLC environment, employees and partners from illegal or damaging actions by individuals, either knowingly or unknowingly;Netspective Communications LLC will follow an “Acceptable Use Policy” that defines the guidelines for Asset management, this policy will not impose restrictions that are contrary to Netspective Communications LLC but will establish culture of openness, trust and integrity.
  • Intranet systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, and FTP, are the property of Netspective Communications LLC.
  • The systems mentioned previously are to be used for business purposes in serving the interests of Netspective Communications LLC in the course of normal operations.
  • Effective security is a team effort involving the participation and support of every Netspective Communications LLC employee and affiliate who deals with information and/or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct their activities accordingly.
  • Netspective Communications LLC serves the right to monitor, record, or periodically audit the use of its information and telecommunications systems and equipment. Use of these systems and equipment constitutes expressed consent by those covered by this policy to such monitoring, recording, and auditing. Actual or suspected misuse of these systems shall be reported to the appropriate Netspective Communications LLC management representative in a timely manner.

Return of Assets

  • Netspective Communications LLC employees, contractors must return all the allocated assets on change of employment or termination within the acceptable timeline.
  • During the notice period Netspective Communications LLC department will check if there is any unauthorized copying of information.
  • IT department checks the condition of assets on return, the IT managers take decision to waive or put penalty for the assets that are returned with damages.
  • Netspective Communications LLC IT department formats the mobile devices before issue of returned assets to other employees.

Approved by
Ajay Kumaran Nair on June 13, 2023 |
Last Updated by
Sreejith K on June 13, 2023