ISPOL-30-01

Introduction to Information Security Policy 30, Asset Management and Responsibilities Policy Policy 30 outlines the high-level responsibilities, practices, and security requirements for the management and use of information systems and assets. This includes requirements for asset registration, acceptable use, and the use of mobile devices to conduct Intel business. Intel information systems and resources are expected to be used primarily to conduct Intel business, and only in accordance with this security policy and associated security standards, as well as corporate policies. This policy supplements other corporate policies and guidelines specific to mobile device programs, handheld requirements, electronic communication guidelines, and the avoidance of inappropriate use. Asset registration enables Intel information to be accessible to Intel to help preserve the confidentiality, integrity, and availability of the information. Some of these assets include: computing devices, applications or platforms, and network equipment. Users must protect the information they are responsible for by enabling their devices to receive updates in accordance with Intel Minimum Security Specifications. They must also take every reasonable precaution to protect their information systems and assets, including at least one physical and one electronic security control. System Administrators have additional responsibility to ensure appropriate sanitization or disposal of unneeded systems. Policy 30 describes Intel’s rights as they relate to monitoring. Intel can monitor activity and use of its systems, information assets and resources, subject to applicable laws and regulations. Intel can also remove an individual’s access to information systems and assets in response to a violation of related policies and expectations. Policy 30 also describes areas of acceptable use, providing some examples of external internet resources and services that are not allowed, such as: Consumer services that allow remote control, Peer to Peer, server applications, employee tracking or reporting, or any app or website known to compromise security. Connecting to Intel systems and our network is also addressed, describing both requirements and restrictions. These policies cover connecting to an Intel-owned computer, using a cellular provider’s network, using guest internet access or dedicated subnets, direct network connections, and network gateways. Policy 30 mandates that the use of mobile devices to handle Intel information must be in accordance with the security requirements of this policy, the requirements of Intel IT Corporate and Personal Programs, and corporate handheld policies for mobile devices. This Policy pertains to all devices connecting to the Intel network, regardless of ownership or type. Owners of connected personal devices agree to related security policy requirements if those devices can receive information from the Intel network. When the support of a personally owned device is not provided by Intel, the device owner is responsible for the support and security and requirements of their device. Some of these support responsibilities and requirements include: Setting privacy expectations, maintaining device registration, monitoring and reporting security issues, removing access when leaving Intel, data destruction on old devices, assisting in formal investigations, and applying timely security updates. In summary, Information Security Policy 30 requires Intel employees to reasonably assure that information systems or assets operated by, or on behalf of Intel, receive adequate security safeguards in accordance with business requirements and relevant laws and regulations. This and other updated Information Security Policies, supporting documents, and our improved policy portal should make it easier for you to locate and understand our corporate information security requirements. They can be found on our corporate policy repository, Policy Central. Visit goto/InfoSecPolicies Policy Central to learn more or ask questions. Thank you for your help to keep Intel secure!