Asset Management

Home » Support & Help Resources » Capexplan Security: Frequently Asked Questions » Asset Management

Asset Management

Q: Does your organization maintain an asset inventory of all supplier relationships, cloud providers, servers, applications, laptops, and hardware/software assets used in the development, support, and maintenance of products/services?

A: Yes, we maintain an internal document that tracks all relevant assets, including supplier relationships, cloud providers, servers, applications, laptops, and hardware/software used in our operations.

Q: Does your organization use antivirus software or any form of endpoint protection monitoring? If so, please specify.

A: Yes, we utilize Microsoft Defender, which includes antivirus protection, malware scanning, and a firewall to safeguard our systems.

Q: Does your organization have a data classification policy and/or supporting processes? If so, can you provide the policy and any applicable documents?

A: We have a data retention policy that includes provisions on data classification, specifying which data is retained and for how long. We can provide a copy of this policy upon request.

Q: Does your system have the capability to manage and support data retention policies, including deleting records, archiving, and purging at configurable/defined intervals? If so, please specify.

A: Our system includes tools for data management, specifically for archiving data. We do not have an automated deletion feature, as customers typically prefer to retain their data indefinitely while they remain active users. However, if a specific need arises, we can develop a script to support additional data retention requirements upon request.

Q: Does your organization have a formal policy and/or procedures outlining the storage, transmission, and deletion of information on media, as well as the destruction or reuse of media based on the criticality of the information? If so, can you provide the policy and any applicable documents?

A: Currently, all information is deleted following the same standard process, without differentiation based on criticality.

Q: Will the data owned by Neptune be managed in a separate database instance from the rest of the vendor’s clients?

A: By default, Neptune’s data is stored in the same database as other clients within the same server cluster. However, for an additional fee, we offer the option to have a completely isolated database instance. That said, we have never experienced a breach, and our system ensures that customers can only access their own data, making this option rarely requested.

Q: What happens to Neptune’s proprietary data stored in the cloud platform once the PoC is finalized and while the contracting decision is being made?

A: This depends on Neptune’s decision. By default, we keep the account active while Neptune evaluates the next steps.

  • If Neptune decides not to proceed, we will delete the account and all associated data.
  • If Neptune decides to continue, we will maintain the account and continue working on any pending implementations. Once testing is completed, we can remove any demo data to prepare the account for go-live.

This approach is preferred by most customers, as it preserves all configurations made during the PoC, significantly accelerating the transition to production—some customers go live within 2-3 weeks after PoC completion. Additionally, there is no cost or commitment required at the PoC stage.

Q: What is the procedure for retrieving Neptune’s proprietary data from your platform once the PoC or service delivery has ended?

A: Customers can retrieve all their data, including documents attached to CAPEX requests, at any time. This can be done through the Help/Export menu, where various tabs allow exporting data in structured groups (e.g., CAPEX, tracking, budgets, etc.).

Additionally, we offer the option to automate data exports, enabling regular replication to Neptune’s servers on a weekly, monthly, quarterly, or annual basis, including all attachments.

Q: Once Neptune has retrieved its data, what actions are taken to ensure that the information stored on your platform is no longer recoverable?

A: Data can be deleted directly from the UI panel by the customer. However, for complete removal, we typically handle the deletion from our general Admin Panel upon request, ensuring that the information is no longer recoverable.

Q: Do these actions also apply to backups? If not, how long are backups containing Neptune’s data retained before being overwritten?

A: Backups are retained for three months, after which the data is automatically removed.

Q: How do you ensure the accuracy and completeness of your asset inventory?

A: We do not have physical assets. Our assets are software and data, and we maintain an inventory of systems and servers, which is reviewed monthly.

Q: Are all devices accessing Customer data enrolled in a mobile device management (MDM) solution?

A: No, we do not currently enforce MDM.

Scroll to Top