Mobile device security policy
Mobile Device Security Policy
This document describes the procedures, restrictions and standards for the use of mobile devices connecting to Smith Kendon's internal network or related technology resources. The primary goal of this security policy is to ensure Smith Kendon's technology based resources (networks, data, databases, computer systems, etc.) are adequately protected from unauthorized use, damage to critical application, loss of revenue, malicious attack that could result in loss of information, and any sort of damage to company's public image.
This policy applies to all Smith Kendon employees, these includes part time staff, full Staff and third party people who make use of personally or company owned mobile devices to access the organizations' data and networks via any means.
Mobile Devices: These covers any electric or battery operated device that is capable of storing, processing or transmitting data and can be easily transported, including but not limited to the following device classification:
- Handheld running the Symbian, PocketPC or Windows Mobile, Microsoft Windows CE , PalmOS, or Mobile Linux operating systems.
- Cell phones, Smart phones, Personal Digital Assistants (PDAs),Blackberry, Laptops, Tablet PCs, Palm Pilot, memory sticks, text pagers, iPod, MP3 players, USB drives and other similar devices.
- Devices that have integrated wireless capability but not limited to, Wi-Fi, Infra-Red and Bluetooth.
Responsibilities and Ownership
- The Chief Executive Officer of Smith Kendon has the overall responsibility for the confidentiality, integrity, and availability of corporate data.
- The Chief Executive Office, Smith Kendon has delegated the implementation and maintenance of Information Technology and Systems to the Chief Information Security Officer.
- Other Information Systems and IT staffs under the direction of the Chief Information Security Officer are responsible for the following procedures and policies within Information Systems and Technology.
- Managers and supervisors are responsible for ensuring that users are aware of and understand this policy and all related procedures.
- All Smith Kendon employees are responsible to act in accordance with company policies and procedures.
- The duty for the appropriate use of mobile devices issued by the Organisation rests with the designated user.
- Smart Phones, additional equipment and their contents issued to employees remain the property of Smith Kendon and may be subject to regular audit and monitoring.
- Employees who require the use of a mobile device to perform work duties must go through an application process that evidently outlines why access is required and must request with the approval and signatory of supervisor or department head before submitting to the IT department. Any request must be justifiable and in line with the job role of the recipient.
- If mobile device is being used in such a way that puts the systems, data, users and clients of the organization at risk, IT reserves the right to refuse, by physical and non-physical means, the ability to connect mobile devices to corporate infrastructure.
- Prior to initial use on the corporate network or related infrastructure, all mobile devices must be registered with the IT department. Smith Kendon will maintain a list of approved mobile devices. All mobile devices attempting to connect to the corporate network through an unmanaged network will be inspected using technology centrally managed by Smith Kendon's IT department. Devices that have not been previously approved by IT will not be allowed to connect.
- Employees with company issued mobile devices and related software for network and data access will without exception, use secure data management procedures.
- All mobile devices carrying company data must be protected by a strong password (at least 8 characters in length) and all data stored on the device must be encrypted using strong encryption.
- The physical security of company issued mobile devices is the responsibility of whom it's assigned to and may only be used by designated users only.
- Sensitive and confidential information should be permanently erased from the mobile devices before it is returned, exchanged or disposed.
- IT will manage security policies, network, application and data access centrally using appropriate technology solutions it deems suitable. Any attempt to contravene or bypass security implemented will be deemed an intrusion attempt and will be dealt with in accordance with Smith Kendon's security policy.
- In the event of lost or stolen of company issued mobile device, it is incumbent on the user to report this to security and IT department immediately. The data on the device will be remotely wiped or locked to prevent access by IT department. If the device is recovered, it should be returned to the IT department.
- Company software or application is not to be installed on personal mobile devices.
- Employees and third parties will not make modification of any kind to Smith Kendon owned and installed hardware or software without approval of the company's IT department.
Employees and third parties who by their action violate or do not comply with this policy or its procedures may need to be reprimanded or discharged, may be fined or penalized, and may involve civil or criminal litigation.
Need an essay? You can buy essay help from us today!