Looking for any policy or procedures regarding ITAM and process for employees for accepting responsibility for assets from onboarding to offboarding.
1 Like
My recommendation would be to include it on both: policy and procedural level. On policy level, you might want to includ e(or define if it has ot been done yet) an “Acceptable Use of Assets Policy” and enforce it by including mandatory training with digital acknowledgment or use the “tradititional” way by creating a template which need to be sign by each employee. As Acceptable Use of Assets Policy is one of ISO 27000 requirments, you can find numerouse templates on internet, e.g. https://resources.infosecinstitute.com/topics/management-compliance-auditing/essentials-acceptable-use-policy/
Should you have a strong leadership/organizatonal sponsorship you might be able to include reference to IT Assets in the company Standard Code of Conduct/ Ethics Charter.
This is actually what my team have done few years ago (see attachment). The full SE Trust Charter can be found on SE web page (see page 25).
Hope it helps
1 Like
@ChristineN—Ideally, your onboarding should have a contract entered by the “new” employee and the company. They will be responsible for taking reasonable care of the equipment given to them. The company will, of course, provide the support and maintenance of the hardware and software on the device(s).
For offboarding, some steps that need to be considered internally are disabling the AD account, locking the device, or erasing the device (if possible - tool dependent). Asset recovery steps before the employee/consultant leaves the company. I do recommend a strong partnership with HR and training for people managers so they understand the responsibilities of recovering devices before their employees or consultants leave.
2 Likes