Mobile Device Policy

Having a Mobile Device Policy is very important for every organization. Today we will look at a sample policy that can be modified to suit your organization.

Policy Statement:

"When using mobile devices, special care shall be taken to ensure that business information is not compromised"

Policy Components:

    Information communication and usage devices:

• For generally used software at the organization, licensed and updated versions that are approved by IT Division shall be used. For other sectional-specific requirements, software approved by the Unit Head of the relevant operational area shall be used.
• Before using open-source software, the outcome of the information security risk assessment shall be considered.
• User shall not make any changes to the hardware or software without the approval of the device issuing section/party of the organization.
• For mobile devices owned by third parties, to connect to the organizational network prior approval shall be obtained considering the outcome of the risk assessment.
• For mobile devices owned by third parties shall be protected with required security controls.
• All mobile devices shall be kept updated with the latest patches.

    Information Storage mobile devices:

• All information storage mobile devices shall be documented at the business unit level.
• Confidential information stored in the mobile device shall be encrypted.  

    Security Controls:

• Reputed anti-virus software shall be installed and kept updated.
• Screen locking mechanism shall be deployed.