17.3.14 IT Asset Removal
IT Asset Removal is the temporary removal and retention of an IT asset in response to an incident. This may include the removal and retention of laptops, desktops, mobile drives or any other IT asset. IT assets are often critical to business functions, as such their removal is not routine, and must be appropriately requested and approved as described below.
IT assets can be removed and retained upon request by of one of the President, General Counsel, Provost, Secretary General, Dean of Research or Dean of Faculty Affairs, with the concurrence of the CIO. The CIO will notify the asset owner of the device removal, and delegate a member of IT Division to remove and retain the IT asset within secure IT facilities. The removal of the IT asset may precede the notification to the asset owner where legal or other requirements prevent advance notification.
Access to data held on IT assets, including those that have been removed and retained, is subject to the Data Forensics Procedure [Link: 17.3.13].
Responses to IT security incidents are not covered here, and are instead covered under PRP 17.3.12, Information Security Incident Response [Link: 17.3.12].