Skip to main content

ISO/IEC 27002:2022 | 5.11 - Return of Assets Policy

Per ISO/IEC 27002:20222 | 5.11 - Return of Assets, “Personnel and other interested parties as appropriate should return all the organization’s assets in their possession upon change or termination of their employment, contract or agreement.”

Having an IT return of assets policy after termination is crucial for the following reasons:

1. Asset Accountability: An IT return of assets policy ensures that employees returning from termination or leaving the organization are held accountable for the company's IT assets they were entrusted with. This includes laptops, mobile devices, software licenses, access credentials, and other valuable equipment. By enforcing this policy, the organization can maintain accurate records of its assets and prevent loss or misuse.

2. Security and Data Protection: When an employee leaves the company, their continued access to sensitive data and systems can pose a significant security risk. A robust IT return of assets policy ensures that all access credentials, including user accounts, passwords, and security tokens, are promptly revoked. This minimizes the potential for unauthorized access, data breaches, intellectual property theft, or sabotage.

3. Cost Efficiency: Efficient management of IT assets is crucial for controlling costs. By ensuring the return of company-owned assets, the organization can avoid unnecessary expenditures on purchasing or leasing new equipment. It also helps prevent loss or theft, reducing the financial impact associated with asset replacement.

4. Legal and Compliance Obligations: Depending on the industry and applicable regulations, organizations may have legal obligations to protect sensitive data or maintain certain records. An IT return of assets policy helps the organization demonstrate compliance with these obligations, ensuring that all assets and associated data are properly managed, tracked, and accounted for.

5. Transition and Knowledge Transfer: When an employee leaves, their departure may require a smooth transition of responsibilities to another individual or team. The IT return of assets policy ensures that necessary equipment, software, and information are available for the incoming personnel. This facilitates a seamless transition and minimizes any disruptions to business operations.

6. Employee Agreement and Expectation Setting: By implementing an IT return of assets policy and including it in employment agreements or termination procedures, organizations set clear expectations for employees regarding the return of company assets upon termination. This promotes a culture of responsibility and emphasizes the significance of protecting corporate resources.

To effectively implement an IT return of assets policy, organizations should establish a well-defined process for asset collection, conduct regular audits, maintain accurate records, and educate employees about their responsibilities. By doing so, organizations can safeguard their assets, data, and reputation while minimizing risks associated with terminated employees.

It's important to note that an email usage policy should be regularly reviewed, updated, and communicated to all employees. Adequate training and awareness programs should be in place to ensure that employees understand the policy and its importance. Additionally, enforcement and disciplinary measures for policy violations should be clearly outlined to maintain compliance and reinforce the policy's effectiveness.

Download ISMS 5.11 - Return of Assets Policy and Procedures

What organizations need to have in place is a well-defined policy regarding the return of assets (i.e., ISMS 5.11 - Return of Assets Policy and Procedures), which is available for download, along with more than 100 + ISMS policies, procedures, programs, and plans - all from MorganHill.

Download ISMS 27002:2022 Policy Templates Today - Over 100 + Documents Available

We offer world-class, industry leading security documentation for helping organizations develop all required Information Security Management System (ISMS) policies, procedures, programs, and plans in accordance with ISO/IEC 27001 & 27002:2022.

Talk to MorganHill today and Get the Answers You Need

Scope: We'll help you define important scoping parameters.

Documentation: We'll help you develop all required policies and procedures.

Guidance: We'll guide you through the ISO/IEC process from start to finish.

One Price: Our fees for all services are fixed.

Wherever you are in North America, Europe, Africa, or Asia, MorganHill is ready to assist.

Expertise: Since 2006, we have been an industry leader for ISO/IEC.

Knowledge: We've worked with every ISO/IEC standard currently in print.

Industry: We've worked in every major industry/sector.

Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input

Four months after completing all necessary pre-certification work, the organization obtained ISO/IEC 27001 certification from an accredited ISO ANAB body that we recommend to them.

Obtained ISO 27001 certification from an accredited ISO ANAB body that I recommend to them.

Four months after completing all necessary pre-certification work, the organization obtained ISO 27001 certification from an accredited ISO ANAB body that we recommend to them.

Three months after completing all necessary pre-certification work, the organization obtained ISO/IEC 27001 certification from an accredited ISO ANAB body that we recommend to them.