I
I
IllumiDesk
Search…
I
I
IllumiDesk
IllumiDesk Team Handbook
People Group
Introduction
General Employment
Employment Status & Recordkeeping
Working Conditions & Hours
Employee Benefits
Employee Conduct
Timekeeping & Payroll
Security and Compliance
Security Controls
BC.1.01 - Business Continuity Plan
BC.1.0.2 - Business Continuity Plan: Roles and Responsibilities
BC.1.03 - Continuity Testing
BC.1.04 - Business Impact Analysis
CFG.1.01 - Baseline Configuration Standard
Laptop or Desktop System configuration
Configuring New Laptops
Security Best Practices
CFG.1.03 - Configuration Checks
CM.1.01 - Change Management Workflow
CM.1.02 - Change Approval
CM.1.03 - Change Management Issue Tracker
CM.1.04 - Emergency Changes
DM.1.01 - Data Classification Criteria
DM.2.01 - Terms of Service
DM.4.01 - Encryption of Data in Transit
DM.7.03 - Data Retention and Disposal Policy
IAM.1.01 - Logical Access Provisioning
IAM.1.02 - Logical Access De-Provisioning
IAM.1.04 - Logical Access Review
IAM.1.05 - Transfers: Access De-Provisioning
IAM.1.06 - Shared Logical Accounts
IAM.1.08 - New Access Provisioning
IAM.2.01 - Unique Identifiers
IAM.2.02 - Password Authentication
IAM.2.03 - Multi-factor Authentication
IAM.3.02 - Source Code Security
IAM.4.01 - Remote Connections
IAM.6.01 - Key Repository Access
IR.1.01 - Incident Response Plan
IR.1.03 - Incident response
IR.1.04 - Insurance Policy
IR.2.02 - Incident Reporting
NO.1.01 - Network Policy Enforcement Points
PR.1.01 - Background Checks
RM.1.01 - Risk Assessment
RM.1.02 - Continuous Monitoring
RM.1.04 - Service Risk Rating Assignment
RM.1.05 - Risk Management Policy
RM.3.01 - Remediation Tracking
SDM.1.01 - System Documentation
SG.1.01 - Policy and Standard Review
SG.2.01 - Information Security Program Content
SG.5.03 - Security Roles and Responsibilities
SG.5.06 - Board of Director Bylaws
SG.5.07 - Board of Directors Security Program Content
SLC.1.01 - Service Lifecycle Workflow
SLC.2.01 - Source Code Management
SYS.1.01 - Audit Logging
SYS.2.01 - Security Monitoring Alert Criteria
SYS.2.07 - System Security Monitoring
TPM.1.01 - Third Party Assurance Review
TPM.1.02 - Vendor Risk Management
TRN.1.01 - General Security Awareness Training
TRN.1.02 - Code of Conduct Training
VUL.1.01 - Vulnerability Scans
VUL.1.03 - Approved Scanning Vendor
VUL.2.01 - Application & Infrastructure Penetration Testing
VUL.3.01 - Infrastructure Patch Management
VUL.3.02 - End of Life Software
VUL.4.01 - Enterprise Protection
VUL.5.01 - Code Security Check
VUL.6.01 - External Information Security Inquiries
VPAT Version 2.3
Powered By GitBook
Configuring New Laptops

Configuring New Laptops

New laptops should be configured with security in mind. Please refer to security best practices when configuring new laptops. All team-members must provide proof of whole-disk encryption within the new laptop order issue.
Certain circumstances (world region and availability of hardware) might require the self installation of Linux on a Dell that was shipped with OEM Windows. Please make sure you follow any needed requirements when self installing and open an issue with IT-Ops for verification.
For laptops shipped with OEM Windows you may want to make a full drive backup (e.g. by using open source utility Clonezilla) to the external drive before installing Linux. That way you could restore your laptop to the original state at any time. It will make the RMA process much easier in case you need it.

Laptop Buy back Policy

Team members can choose to refresh their laptop, no questions asked, after 3 years of use (not necessarily 3 years of employment if a used laptop was issued at the time of onboarding).
Team members have the option to buy back their existing laptops either when it gets refreshed for a new one, or when the team member is offboarding. If the team member has completed 1 calendar year or more at IllumiDesk at the time of laptop refresh or offboarding, they can opt to keep their laptop at no cost. If the team member hasn't completed 1 calendar year at IllumiDesk at that time, they have the option to purchase their laptop for current market value.
IT Ops will email the team member asking if they would like to send back or purchase their laptops. If purchasing, our Business Ops Director will approve, and we will send the employee an email with the determined value. Then, if the employee decides to move forward with purchasing, our accounting department will reach out with payment information.
If a team member decides to retain their laptop, they are required to wipe the machine and re-install the base operating system, and remove any and all software and configurations that were supplied by IllumiDesk. Evidence or a declaration that the device has been wiped must be supplied to IllumiDesk within 2 weeks of the end of employment. If IllumiDesk discovers that a device has not been wiped according to policy, IllumiDesk may act to enforce a remote wipe without notice.
If team members opt not to keep or purchase their existing laptops, they can return them to IllumiDesk. See the returning old/offboarded laptops section below for details.

Returning Old/OffBoarded Laptops

Part of the IT Ops replacement laptop process is providing each team-member with instructions about how to return their old laptop (whether outdated or broken). All laptops must be returned within 2 weeks of receiving the replacement laptop, so please prioritize transferring information between laptops within this timeframe.
If an offboarded employee decides not to purchase, then we will have them ship to our 3rd party vendor that handles sell backs, SellYourMac. SYM will send them a shipping label, and in the US, a shipping box as well. Please note shipping times may vary, expect between 2-4 weeks for Sell Your Mac to provide shipping information and packaging
All team-member laptops must be securely erased before being returned. This not only protects the company, but also protects you since it is possible for personal information to exist on these machines. Reformatting a computer is not sufficient in these cases because it is possible for sensitive data to be recovered after reinstalling an operating system.

Other Resources

Full Disk Encryption

To provide proof of Full Disk Encryption, please do the following depending on the system you are running.
  • Apple : Take a screenshot showing both the confirmation of enabled Full Disk Encryption as well as the info showing your serial number. Both pieces of information can be found by clicking on the Apple icon in the top left corner of your screen. For proof of disk encryption, choose System Preferences -> Security & Privacy, and then choose the FileVault tab near the top of the window. For your serial number, choose the About This Mac option. Please get both pieces of information in a single screenshot.
  • Linux : Take a screenshot showing the output of sudo dmsetup ls && sudo dmidecode -s system-serial-number && cat /etc/fstab

IllumiDesk.com Apple ID's

We require the use of an @IllumiDesk.com Apple ID that is separate from any personal Apple ID's you may have. Some of these reasons include:
  • Backups, keychains and documents are all considered sensitive information, and should not be stored in personal services.
  • 2FA for remote lock, wipe, or account resets are common methods of account compromises, and ensuring the use of IllumiDesk.com email addresses also ensures we are in control of that aspect of multi-factor authentication.
  • Keeping a strong separation between work and personal accounts will help prevent the accidental leak of information from one to the other, in either direction.
Defense in depth, in part, means you make a best effort to be secure at each layer.
Previous
Laptop or Desktop System configuration
Next
Security Best Practices
Last modified 2yr ago
Copy link
Contents
Configuring New Laptops
Laptop Buy back Policy
Returning Old/OffBoarded Laptops
Other Resources
Full Disk Encryption
IllumiDesk.com Apple ID's