How do you identify hardware assets under legal hold?

John McConnell
Tera Contributor

‎12-02-2020 04:27 PM

How do you identify hardware assets under legal hold?
This would enable an asset manager member to ‘mark’ an asset in the hardware table when it’s reported to us that  Security, or Law Enforcement, or a Legal Team has ‘confiscated’ the device. We would like to "hide" all information about the hardware asset from basic users to maintain confidentiality and privacy.  The asset record can not be visible to those whose role isn't authorized to see it (on legal hold) nor would they be allowed to put it on "legal hold."
 
We thought about a specific state/substate or in a stockroom room. But how do you hide then a stockroom?
 
Thoughts and comments would be appreciated or if someone has a solution in place today.
0 Helpfuls
  • 1,867 Views
4 REPLIES 4

alexrozov
Tera Expert

‎12-02-2020 10:51 PM

Hi

 

I think a dedicated stock room could be a good idea.

but most probably adding a new sub state to retired state should give you want you want as well

 

With regards to hiding it - I think you will need to create ACL's and roles.

you would need one set of asset roles that can be the OOTB set - this will allow everything including your legal hold asset

and you would need to create another set of roles that cannot see assets in retired - legal hold state sub state and assign these roles to everyone.

with a client script you can check the role of the user and based on this hide or show the legal hold value to allow people with the role to move an asset to and from legal hold sub state

Frank1975
Kilo Guru

‎12-03-2020 12:25 AM

Hi John, 

we have established the following process.

We have added a checkbox on the cmdb_ci_computer table "is legal hold".

On a daily basis , we get a list from legal with the "Users" being on legal hold.

This import triggers a scheduled job which is checking all systems assigned to users which are on legal hold and check the new checkbox. 

A UI Policy then make the Computer Record to read only (so the assigned to cannot be changed from anyone). 

Once the checkbox is checked, our image process is doing a lookup on the computer record before imaging starts, if its is on legal hold, it won´t start the image process and the system won´t get wiped out.

 

Hope this helps from a process point of view.

 

Frank

 

Ed Laar1
Kilo Guru
In response to Frank1975

‎12-03-2020 02:57 AM

Hi,

My understanding of the requirement: A User has an Asset assigned. An Asset can be 'confiscated' (ie taken away from the User) for legal or security reasons.

These Assets should not be visible for anybody except certain staff and the assigned user I presume.

In this case based on ACL's the visibility can be arranged. From physical perspective certain Stockrooms can be arranged. Also important is what happens with the Assigned to of the confiscated Asset? It remains on the user?

Perhaps it's a good idea to relate some more info to an confiscated Asset like dossier number and involved security staff member? Also this info should have limited access of course.

Last but not least: The user of the confiscated asset: Does het get a replacement asset?

Hope this helps. 

 

Ed

0 Helpfuls

Mike Condon
Tera Expert

‎12-03-2020 05:15 AM

Similar to everyone else, we solved this by simply adding a new asset state field for "Legal Hold".  (It should be created on the CI record too)

This allowed us to reflect the fact that we had them scattered in different stockrooms, but still could easily identify them.

Frank's process mentioned above is pretty awesome too.

-Mike