HIVES.CLOUD
Home
Products
Pricing
Blog
0xAPI5
About
Contact
Get Started
HIVES.CLOUD

Enterprise-grade tools designed for MSMEs. Empowering businesses with secure, AI-powered solutions.

Registered office: Delhi, IndiaOperating office: Gurugram, Haryana, IndiaGSTIN: 07AAPCP5499L1ZEsales@hives.cloud · support@hives.cloud

Products

  • All Products
  • Warden
  • Nectr
  • Vision
  • AMS
  • Unit
  • Fixr

Resources

  • Pricing
  • Blog
  • 0xAPI5

Company

  • About Us
  • Contact

Legal

  • Privacy Policy
  • Terms of Service

© 2026 Hives.cloud. All rights reserved.

Blogarama - Blog Directory

SOC 2ISO 27001GDPR
Chat on WhatsApp
← All articles
Asset Management21 April 2026·By Harish Mehra

Building an IT Asset Policy: A Template for Indian Companies

A practical IT asset policy template for Indian MSMEs — the eight sections every policy needs, sample clauses, GST and depreciation references, employee sign-off, and the clauses that actually reduce asset loss.

A mid-sized Indian company we onboarded in 2025 had issued 138 laptops over five years. Before our engagement, they could verify the physical location of 94 of them. The other 44 were "with employees", "under repair", "with vendor", or — the most common answer — "not sure". Six figures worth of hardware, quietly unaccounted for, because nobody had written down what an asset policy actually is.

An IT asset policy is boring to write and enormous to have. It won't feel important until the quarter you need to do a hardware audit for ISO 27001, or until a laptop walks out with a former employee who then stops replying to emails. By then it's late. This article is the template.

What an IT asset policy is (and isn't)

An IT asset policy is the document that says:

  • What hardware the company provides to which roles
  • Who owns that hardware (hint: the company, always, until explicitly signed over)
  • What employees can and can't do with it
  • What happens on loss, damage, return, or exit
  • How assets are tracked, numbered, and depreciated

It is not:

  • A procurement handbook (that's a separate doc)
  • A security policy covering passwords, MFA, USB restrictions (separate, linked from here)
  • An HR handbook addition (standalone, cross-referenced)

The right shape is a 3–6 page PDF that every employee signs as a named, dated appendix to their employment contract. Sample templates at the end of this article.

The eight sections every policy needs

1. Scope and coverage

State clearly which hardware is in scope: laptops, desktops, mobile phones issued by the company, monitors, peripherals (keyboards, mice, headsets), USB drives, portable hard disks, dongles, network equipment if issued to the employee (like a home-office router for WFH setups).

What's not covered is worth naming too: personal devices used for work (that's a BYOD policy, separate), office furniture, gifts, event swag.

2. Ownership and assignment

The operative clause is short and important:

All IT assets issued to the Employee under this policy remain the property of [Company Name] at all times. The Employee has a right of use for the purpose of performing their duties, which expires at the end of the employment relationship or on demand by the Company with reasonable notice.

That one paragraph closes the ambiguity. It says the laptop is the Company's. It says the employee has use rights. It says the rights end when employment ends.

3. Permitted use

Specify what's allowed and what isn't. A reasonable baseline:

  • Primary purpose: performing the Employee's duties
  • Limited personal use permitted (email, web, music during breaks) — call out that personal data stored on the device isn't protected from company visibility
  • Prohibited: pirated software, modification of OS-level security tools, disabling antivirus/MDM agents, using the device as a server for outside services, installing cryptocurrency miners (more common than it should be)

Keep the tone direct without being punitive. The goal is clarity, not a rulebook.

4. Security obligations

This section should cross-reference your security policy rather than duplicating it, but the asset-specific parts to call out:

  • Device must be locked when unattended
  • Whole-disk encryption enabled (FileVault / BitLocker / LUKS)
  • Screen lock timer set to 5 minutes
  • Company-approved password manager used for all work credentials — which is why Unit exists as a dedicated tool, rather than Chrome's saved-passwords
  • No sharing of login credentials with anyone, including spouse, housemate, or colleagues
  • Physical security when travelling: keep the device in sight, don't check it into hotel luggage, don't leave it visible in a car

5. Return on exit

This is the clause that determines whether you get the laptop back. Key elements:

  • Timeline: return on the last day of notice, before final-settlement release
  • Condition: in working order, with all accessories (charger, bag, peripherals)
  • Data: employee should have backed up personal data before return; company has the right to wipe on receipt
  • Handover: signed checklist listing each item; countersigned by IT
  • Withholding: the final-settlement clause that says full/final is processed after asset return (coordinated with HR)

The return clause works because of the full-and-final coordination. HR and IT have to actually gate one on the other. We've helped companies reduce asset non-return from 30% to under 2% simply by making IT sign-off a final-settlement precondition.

6. Lost, stolen, or damaged devices

Cover three cases:

  • Accidental damage: company repairs or replaces, employee isn't charged (this is the default for a good employer)
  • Negligent damage: repair cost may be deducted from salary with written notice and employee acknowledgement (check with legal counsel on the specific language per state labour laws)
  • Loss or theft: must be reported within 24 hours; employee cooperates with police report; insurance claim may or may not cover depending on policy

A useful addition: a clause that requires the employee to immediately report lost / stolen devices to IT so that remote wipe and credential revocation can happen. The speed of the report is what matters for security.

7. GST, depreciation, and asset register

This is the section that ties the policy to compliance. Reference (don't duplicate) your IT asset register — the actual list of devices with their tags, purchase date, depreciation schedule, and current assignment.

  • Each asset has a unique tag number (consistent format — we use HVS-LAP-NNN for laptops, HVS-MBL-NNN for mobiles)
  • Original GST invoice is preserved for input-tax-credit purposes
  • Depreciation is calculated per Companies Act Schedule II
  • Disposal routed through a responsible e-waste partner with a certificate of destruction

The GST-ready IT asset register article has the register side in full detail. AMS is the software that keeps it.

8. Acknowledgement

Last page, simple:

I, [Employee Name], Employee ID [XXX], have read and understood the IT Asset Policy of [Company Name] dated [Date]. I acknowledge receipt of the assets listed below, and I agree to abide by the terms of the policy for the duration of my use of these assets and until their return.

Then a checklist of assets: tag number, make, model, serial, accessories received. Employee signature, date. Counter-signature from IT.

Store signed copies in the employee's HR file. A digital copy in the AMS asset record closes the loop.

Clauses that actually reduce asset loss

Years of watching this: four clauses do most of the work.

  1. The "property of Company at all times" sentence — makes it legally clear, and psychologically frames the laptop as a loan rather than a perk.
  2. Return-on-exit with F&F gating — the single biggest determinant of asset recovery rate.
  3. Unique asset tag printed on the device — makes it harder to "lose track of" a device. We see recovery rates 20+ percentage points higher when every laptop has a visible company tag.
  4. 90-day warranty alerts automated out of the asset register — not strictly policy, but it means the company knows what's under warranty when devices fail. AMS ships this; more on the sibling GST asset register article.

Personal use: where to draw the line

Indian MSMEs divide roughly 50/50 on whether to allow any personal use of company laptops. Our observation:

  • No personal use allowed is cleaner legally and for data-protection purposes but is rarely enforced in practice. Employees check WhatsApp Web on work laptops regardless.
  • Limited personal use allowed with reduced privacy expectation is the practical middle ground. The employee understands that the device is monitorable, but isn't expected to live like a prisoner.

We recommend the second. The policy language:

Occasional personal use of company-issued IT assets is permitted, provided it does not interfere with job duties or violate any other section of this policy. The Employee acknowledges that any personal data stored or transmitted on company-issued devices is subject to the Company's IT monitoring, security, and data-handling policies, and does not enjoy the same privacy expectation as on a personal device.

Works in most Indian MSME cultures. Loosen or tighten for your risk appetite.

Enforcement without being a jerk

Policy enforcement is where otherwise-reasonable companies become unreasonable. Three principles:

  • Measure enforcement by recovery rates, not punishment counts. If 98% of laptops come back on time, the 2% that don't are a manageable problem for targeted follow-up, not a reason to tighten policy on the 98%.
  • Make the first response to any incident educational. The first time someone leaves their device unlocked in a meeting room, it's a conversation, not a warning letter.
  • Automate the mechanical stuff. AMS warranty alerts, Warden revocation on exit, Unit vault deprovisioning — these should happen without any manager thinking about them. Policy is the human layer; software is the mechanical layer.

A starter template

For companies that want a starting point — here's a compressed sample clause for each of the eight sections. Copy into a Word doc, customise, send to legal counsel for Indian labour-law review, issue.

1. Scope: This policy governs the issuance, use, and return of IT assets
   including laptops, desktops, mobile phones, peripherals, and network
   equipment provided by [Company] to its Employees.

2. Ownership: All IT assets remain the property of [Company] at all times.

3. Permitted Use: Assets are to be used primarily for work duties. Limited
   personal use is allowed. Prohibited: pirated software, disabling security
   tools, using assets for external commercial purposes.

4. Security: Whole-disk encryption required. 5-minute screen lock. Credentials
   managed via company-approved password manager. No credential sharing.

5. Return: All assets returned on the last working day, in working order, with
   all accessories. Final settlement processed after asset return confirmed
   by IT.

6. Loss/Damage: Accidental damage covered by Company. Negligent damage may be
   recoverable. Loss/theft reported within 24 hours.

7. Asset Register: Each asset is tagged and tracked in the Company's asset
   management system. GST invoices retained per compliance requirements.

8. Acknowledgement: Employee signs the attached asset receipt confirming
   receipt of the policy and assets.

Short. Direct. Covers the ground. Expand any section as needed — but a longer policy is not a better policy. A policy people read and sign is the goal.

Once the policy is live, the asset register and warranty tracking needs a home. AMS is the software we built for this; the GST-ready IT asset register article covers how the register itself should be shaped. Laptop repair is the other half of the lifecycle — onsite vs offsite IT repair covers that side.

Keep reading

Related articles

Attendance21 Apr 2026

Face Attendance Compliance Under the DPDP Act 2023: What Indian MSMEs Must Know

The Digital Personal Data Protection Act 2023 treats face attendance as regulated biometric processing. Most Indian MSMEs haven't adjusted their setup. Here's the short checklist of what actually changes.

Read →
Asset Management20 Apr 2026

GST-Ready IT Asset Register: A Template for Indian MSMEs

The fields every Indian MSME needs in an IT asset register to pass a GST audit — and the automation that stops the register from rotting by month three.

Read →
Onboarding21 Apr 2026

The 10-Item IT Admin Checklist for New Hires

Five items before day 1, five items on day 1, and the exact same list in reverse on exit. The checklist an Indian MSME IT admin can run without thinking.

Read →
About Hives.cloud

Hives.cloud is an Indian enterprise-software company founded on 12 March 2025 by Vaibhav Sharma (Founder & CEO) and Harish Mehra (Co-Founder & COO). It builds Warden, Nectr, Vision, AMS, and Unit — paid cloud-native IT products giving Indian MSMEs a Microsoft-grade stack at rupee-first, GST-aware pricing. Plus Fixr, a free direct-to-consumer IT repair platform open to both individuals and organisations. The company also runs 0xAPI5, a cybersecurity learning community. Registered office: Delhi. Operating office: Gurugram, Haryana. GSTIN: 07AAPCP5499L1ZE.

Learn more at hives.cloud/about or contact the team at hives.cloud/contact.

Last updated: 21 April 2026