Equipment reassignment policy and checklist
June 2, 2020
This policy provides guidelines for reclaiming and reusing equipment from current or former employees. It outlines the steps that must be carried out by authorized individuals before this equipment can be considered safe to reassign. The following checklist will help ensure that all the appropriate steps are taken for equipment reassignment.
From the policy:
To achieve the maximum benefit from IT assets, organizations should ensure the longest possible lifespan for assigned equipment through proper usage support, maintenance, and reassignment. The reassignment of existing equipment takes place when employees depart the organization or receive new computers, mobile devices, printers, and other assets needed to perform their jobs. In these scenarios it is important to follow strict guidelines for equipment reassignment so that company investments, data, and privacy are protected. These guidelines are founded upon two principles: asset tracking/management and data administration.
All companies should perform asset tracking, whether they use vendor products such as Dell Kace, paid third-party tools such as BMC or Samanage, free solutions such as Spiceworks, or even a simple Excel spreadsheet. Without reliable asset tracking, any equipment reassignment policy will be impossible to implement effectively.
Asset details that should be tracked include:
- Serial number
- Invoice number
- Original PO number
- Manufacturer model number
- Description of equipment
- User responsible for equipment
Data often has a longer lifespan than the devices on which it is stored (or the time these devices spend in an employee’s possession). A critical security risk can occur if confidential information is not properly removed from systems with data storage capabilities before reassignment. Therefore, it is necessary to establish proper procedures for electronic data disposal when these devices are reassigned to other employees. Even if the employee receiving the reassigned equipment works in the same group as the former owner, it is still critical to follow the data removal processes outlined in this policy because the original employee may have left sensitive personal information on the device.