Purpose:

To establish and document Rundoo’s approach for maintaining an accurate and up-to-date inventory of all critical hardware and software assets utilized across the organization. This policy aims to secure sensitive data, ensure business continuity, and streamline access controls while allowing Rundoo flexibility in evolving its processes as necessary.

Scope:

This policy applies to all hardware assets issued to Rundoo employees and to the software, tools, and systems used to develop, deploy, and operate Rundoo’s technology solutions.

Policy:

1. Software Inventory Management: Rundoo’s production and operational software assets are managed through a centralized repository in GitHub. All code, documentation, and configurations relevant to Rundoo’s technology stack are maintained within GitHub’s secure environment. This includes the following measures:
2. Source Control: All software code and dependencies are managed in GitHub repositories. Versioning, permissions, and audit trails are enforced to protect the integrity and confidentiality of production software.
   1. Access Control: Access to the GitHub repositories is restricted to authorized personnel based on job function. Access is provisioned and deprovisioned according to employee roles and updated with organizational changes.
   2. Monitoring and Auditing: GitHub’s logging and monitoring capabilities are used to track modifications and access, ensuring software integrity and accountability.
3. SaaS Services Access and Inventory: Rundoo uses various third-party Software-as-a-Service (SaaS) solutions to manage operations, finance, marketing, and customer relations. Access to these services is managed exclusively through Google’s Single Sign-On (SSO) integration, providing secure authentication and streamlined access control.
   1. Provisioning: SaaS access is granted to employees upon onboarding, with permission levels aligned with their job functions and responsibilities. Access requests and changes are facilitated through Google’s SSO interface to enforce access control protocols.
   2. Deprovisioning: Access to SaaS applications is automatically revoked upon employee exit or role change. Regular access reviews are conducted to ensure continued compliance with Rundoo’s access policies.
   3. Inventory Management: A comprehensive inventory of SaaS applications and associated users is maintained by the Operations team and updated regularly to reflect organizational changes.
4. Hardware Asset Management: All hardware assets, including laptops, mobile devices, and other equipment provided by Rundoo to employees, are tracked and managed upon issuance.
   1. Onboarding and Allocation: Each new employee is issued hardware necessary for their role, and details are recorded in the asset management system. This record includes the device type, serial number, issue date, and assigned employee.
   2. Inventory Tracking and Auditing: The asset management system is periodically reviewed and audited to ensure that records accurately reflect the current allocation of hardware across the organization.
   3. Decommissioning and Retrieval: Upon employee exit or hardware upgrade, devices are returned, sanitized, and reissued as appropriate. Rundoo reserves the right to retrieve and decommission hardware to maintain an accurate and efficient inventory.
5. Policy Amendments and Revisions: Rundoo retains the right to amend or revise this Inventory Management Policy to adapt to changes in technology, business needs, and regulatory requirements. Employees will be notified of any significant changes to the policy.

Compliance:

All Rundoo employees are expected to adhere to this policy. Non-compliance may result in disciplinary actions, including but not limited to the revocation of access privileges and/or termination of employment.

https://embed.notionlytics.com/wt/ZXlKM2IzSnJjM0JoWTJWVWNtRmphMlZ5U1dRaU9pSkNZMlJNVm1seFdHUjViMmRYZERKbVlsQkpaaUlzSW5CaFoyVkpaQ0k2SWpFek1tVXhNVE01T0RabFlUZ3dZVEJpWlRJeFpqazBZMll6WW1WalkyVmhJbjA9