Asset Management Policy

Policy owner Effective date
@knolleary 2023-06-01


To identify organizational assets and define appropriate protection responsibilities. To ensure that information receives an appropriate level of protection in accordance with its importance to the organization. To prevent unauthorized disclosure, modification, removal, or destruction of information stored on media.


This policy applies to all FlowFuse owned or managed information systems.

## Policy

Inventory of Assets

Assets associated with information and information processing facilities that store, process, or transmit classified information shall be identified and an inventory of these assets shall be created and maintained.

Ownership of Assets

Assets maintained in the inventory shall be owned by a specific individual or group within the company.

Acceptable Use of Assets

Rules for the acceptable use of information, assets, and information processing facilities shall be identified and documented in the Information Security Policy.

Loss or Theft of Assets

All personnel must immediately report the loss of any information systems, including portable or laptop computers, smartphones, PDAs, authentication tokens (keyfobs, one-time-password generators, or personally owned smartphones or devices with access to FlowFuse systems) or other devices that can store and process or help grant access to FlowFuse data.

Return of Assets

All employees and third-party users of FlowFuse equipment shall return all of the organizational assets within their possession upon termination of their employment, contract, or agreement in accordance with the off-boarding process.

Handling of Assets

Employees and users who are issued or handle FlowFuse equipment are expected to use reasonable judgment and exercise due care in protecting and maintaining the equipment.

Employees are responsible for ensuring that company equipment is secured and properly attended to whenever it is transported or stored. Equipment must be secured in accordance with the Access Control policy and must not be left unattended in public locations.

All mobile devices shall be handled in accordance with the Information Security Policy.


Requests for an exception to this policy must be submitted via email to the CEO or CTO for approval.

Violations & Enforcement

Any known violations of this policy should be reported to the CEO or CTO. Violations of this policy can result in immediate withdrawal or suspension of system access and/or disciplinary action in accordance with company procedures up to and including termination of employment.

Policy derived from JupiterOne/security-policy-templates (CC BY-SA 4 license) and Vanta