>mind boggling Byzantine rules

Hint: by all means possible, make sure you are not the owner of (or manager of the person who owns) any assets beyond your personal laptop. If, for example, you end up being the owner of all the development and test servers of the original company, then it will become your responsibility to ensure that each OS (of each LPAR of each VM) is security compliant, is running the end-point asset manager, and has up to date OS patches, that the DASD is encrypted, and you must periodically show physical proof that the asset still exists and indicate where it's located- photos of assets tags or whatever. It will be your responsibility to dispose of the asset (with all associated paperwork) at the end of its life.

It helps if such machines are not actually on the 9. network, or are behind an internal firewall (then they don't care about the security compliance as much).

▲

numbsafari 16 hours ago | parent [-]

… isn’t this… what you should be doing already?

	▲	jhallenworld 16 hours ago \| parent \| next [-]
		Probably, but now it's going to be formalized and will entail a lot of paperwork (manual entry on many very badly written JAVA-based CRUD applications). Sure, these things are all good ideas, but trust me, they have all been overthought. Do you want this to be your job?
	▲	lII1lIlI11ll 16 hours ago \| parent \| prev [-]
		> … isn’t this… what you should be doing already? I still "own" (i.e. I'm the sole user with a root access and can install OS of my choosing) an old machine from the days before everything moved to a cloud and guess no one from IT has got to decommission it yet. I'm have no idea where it is located (besides knowing which office it is assigned to), never saw it, no way in hell am going to attach any tags and waste my time to install enterprise spyware on it or manually encrypt it's data. Do engineers do that for development servers on your job? If yes, name and shame!