Purpose

This policy aims to identify organizational assets and define appropriate protection responsibilities. To ensure that information receives an appropriate level of protection in accordance with its importance to the organization. To prevent unauthorized disclosure, modification, removal, or destruction of information stored on media.

Scope

This policy applies to all Sourcegraph owned or managed information systems.

Inventory of Assets

Assets associated with information and information processing facilities that store, process, or transmit sensitive information shall be identified and an inventory of these assets shall be drawn up and maintained. This inventory will live in our endpoint management system.

Assignment of Assets

Assets maintained in the inventory shall be assigned to a specific individual or group within Sourcegraph.

Acceptable Use of Assets

Rules for the acceptable use of information, assets, and information processing facilities shall be identified and documented in the Acceptable Use Policy.

Return of Assets

All employees and third-party users of Sourcegraph equipment shall return all of the organizational assets within their possession upon termination of their employment, contract, or agreement. There are exceptions to this as part of Sourcegraph’s Laptop Buyback policy.

Handling of Assets

Employees and users who are issued or handle Sourcegraph equipment are expected to use reasonable judgment and exercise due care in protecting and maintaining the equipment.

Employees are responsible for ensuring that company equipment is secured and properly attended to whenever it is transported or stored outside of company facilities.

Exceptions

Requests for an exception to this policy must be submitted to the Tech Ops manager and Security team for approval. Exceptions include the following: