• Policy Title: Hardware Usage and Security Policy
• Policy Owner: IT Department
• Last Review Date: [11/24]
• Version: 1.0

1. Hardware Policy Overview

The purpose of this policy is to outline the hardware standards, security requirements, and usage guidelines for Forma employees who handle hardware devices to access company data, including Personally Identifiable Information (PII) and financial data. The policy ensures the integrity, confidentiality, and availability of Forma’s information assets while balancing the usability of company-owned and personal devices for business purposes.

2. Scope

This policy applies to all employees, contractors, and third-party users of Forma who utilize hardware (company-owned or personal devices) to access, process, store, or manage Forma's information resources. This policy includes computers, mobile devices, storage devices, and any other hardware that interfaces with Forma’s network or data.

3. Eligibility for Company Devices

• Permanent Employees: All full-time, permanent employees are eligible for company-provided devices appropriate to their role.
• Contractors and Vendors: Contractors and vendors may be eligible for company devices depending on their role, duration of engagement, and level of data access.
• Interns and Temporary Staff: Interns and short-term staff may receive company devices on an as-needed basis, with specific device configurations based on their project or job requirements.

4. Definitions

Company-Owned Device: Any device purchased by Forma for employee use, including laptops, desktops, and mobile devices.

• Personal Device: Any device owned by an individual employee that is used to access Forma’s data, applications, or network.
• Kandji MDM: Mobile Device Management (MDM) solution used by Forma to manage and secure both company-owned and personal devices accessing corporate data.