Mobile Device Policy

Introduction
More and more work is being done outside the company premises using mobile devices such as smartphones, laptops and tablets. This policy specifies security requirements to mitigate associated risks.

Objective
To ensure the security of remote working and mobile devices.

Scope
This policy applies to all staff and all mobile devices whether used onsite or offsite.

Policy

• All devices should be authorised, registered and maintained on the asset inventory.
• Devices should be used in compliance with the company’s information security policies.
• Devices should be configured according to company’s standard device configuration.
• The system software must be kept up to date with the latest security patches.
• The device must be enabled with a strong passcode or PIN.
• The device must automatically lock after 5 or less minutes of no use.
• Full device encryption must be enabled if available.
• VPN software should be used to access the company network.
• Firewalls and anti-virus should be enabled if available.
• Do not connect to unsecured wifi networks (use WPA2 or VPN).
• The device should be protected from damage and theft at all times.
• Lost or stolen devices should be reported to IT immediately and line manager.
• Stolen devices should be reported to the police.
• The company may remotely monitor and disable device and erase all content.
• All equipment and devices must be returned to the company upon request or termination.