HomeMy WebLinkAbout2015-PAD-069 Mobile Device Management
COUNTY OF NEWELL - POLICY HANDBOOK
POLICY NO: 2015-PAD-069
TITLE: MOBILE DEVICE MANAGEMENT
ADOPTED: SUPERCEDES NO: 2014-PAD-069
December 10, 2015 (C-432-15)
TO BE
REVIEWED: PAGE NO: 1 of 3
Definitions
MOBILE DEVICE: A mobile device is a device that is made for portability, and is
therefore both compact and lightweight. These devices include smartphones,
tablets, mobile printers and so on and pertain to both company-owned and
employee-owned (BYOD), personal devices, which they use in the office
environment.
JAILBREAK/ROOT: To jailbreak/root a mobile device is to remove the limitations
imposed by the manufacturer. This gives access to the operating system, thereby
unlocking all its features and enabling the installation of unauthorized software.
Scope
The provisions of this policy apply to all situations where the County has issued a
mobile device to employees for use in carrying out their responsibilities. Mobile
devices are an extension of the County’s information system network. It is vital
that measures be taken to ensure the security and usage made of the County’s
network is not compromised. In addition to the specific provisions of this policy,
employees are reminded that other IT related policies that address acceptable use
of the technology, electronic communications, use of social media, etc. also apply to
mobile devices. The scope of this policy does not include corporate IT managed
laptops.
Care, Custody and Usage of Devices:
Mobile devices issued by the County of Newell for use by employees, will include
protective cases and accessories that the employee may require such as a hands
free device. Employees will be held responsible for the safekeeping of the mobile
device and accessories issued.
Depending upon the circumstances pertaining to incidents in question, the
replacement of mobile devices that may be lost, stolen, or damaged as a result of
mishandling may become the responsibility of the employee. A determination will
be made in this regard by the Department Head and or the CAO in the case of
employees who are direct reports to the CAO.
COUNTY OF NEWELL - POLICY HANDBOOK
POLICY NO: 2015-PAD-069
TITLE: MOBILE DEVICE MANAGEMENT
ADOPTED: SUPERCEDES NO: 2014-PAD-069
December 10, 2015 (C-432-15)
TO BE
REVIEWED: PAGE NO: 2 of 3
User Requirements
1.Users may only load corporate data that is essential to their role onto their
mobile device(s).
2.Users must report all lost or stolen devices to County of Newell IT
department immediately.
3.If a user suspects that unauthorized access to company data has taken place
via a mobile device, they must report the incident in alignment with the
County of Newell incident handling process.
4.Devices must not be “jailbroken” or “rooted” or have any software/firmware
installed which is designed to gain access to functionality not intended to be
exposed to the user.
5.Users must not load pirated software or illegal content onto their devices.
6.Devices must be kept up to date with manufacturer or network provided
patches as set by the IT Department.
7.Devices must not be connected to a PC which does not have up to date and
enabled anti-malware protection and which does not comply with corporate
policy.
8.Compliance will be checked regularly and should a device be non-compliant
that may result in the loss of access to email, a device lock, or in particularly
severe cases, a device wiped.
9.The user is responsible for the backup of their own personal data and the
County of Newell will accept no responsibility for the loss of files due to a
non-compliant device being wiped for security reasons.
Unapproved Software Applications:
The County IT Department has been delegated the authority to either authorize or
ban downloading of specific mobile device software applications. When questions
arise in this regard, employees are encouraged to submit a formal service request
seeking approval from the IT Dept. before the downloading occurs.
Costs that relate to personal use of the County issued mobile device:
The County reserves the right to recover costs that have been incurred that relate
to the personal use of the mobile device. The employee’s supervisor has the
authority to make a final determination in that regard.
COUNTY OF NEWELL - POLICY HANDBOOK
POLICY NO: 2015-PAD-069
TITLE: MOBILE DEVICE MANAGEMENT
ADOPTED: SUPERCEDES NO: 2014-PAD-069
December 10, 2015 (C-432-15)
TO BE
REVIEWED: PAGE NO: 3 of 3
Mobile Device Settings and Security Features:
These mobile devices will be subject to valid compliance rules on security features
such as encryption, password, key lock, etc. These policies will be enforced by the
IT department using Mobile Device Management Software.
Actions which may result in a full or partial wipe of the device, or other
interaction by IT:
1.A device is jailbroken/rooted.
2.A device contains an app known to contain a security vulnerability (if not
removed within a given time-frame after informing the user).
3.A device is lost or stolen.
4.A user has exceeded the maximum number of failed password attempts.
5.An essential and/or required setting has been changed.