Loading...
HomeMy WebLinkAbout2015-PAD-069 Mobile Device Management COUNTY OF NEWELL - POLICY HANDBOOK POLICY NO: 2015-PAD-069 TITLE: MOBILE DEVICE MANAGEMENT ADOPTED: SUPERCEDES NO: 2014-PAD-069 December 10, 2015 (C-432-15) TO BE REVIEWED: PAGE NO: 1 of 3 Definitions MOBILE DEVICE: A mobile device is a device that is made for portability, and is therefore both compact and lightweight. These devices include smartphones, tablets, mobile printers and so on and pertain to both company-owned and employee-owned (BYOD), personal devices, which they use in the office environment. JAILBREAK/ROOT: To jailbreak/root a mobile device is to remove the limitations imposed by the manufacturer. This gives access to the operating system, thereby unlocking all its features and enabling the installation of unauthorized software. Scope The provisions of this policy apply to all situations where the County has issued a mobile device to employees for use in carrying out their responsibilities. Mobile devices are an extension of the County’s information system network. It is vital that measures be taken to ensure the security and usage made of the County’s network is not compromised. In addition to the specific provisions of this policy, employees are reminded that other IT related policies that address acceptable use of the technology, electronic communications, use of social media, etc. also apply to mobile devices. The scope of this policy does not include corporate IT managed laptops. Care, Custody and Usage of Devices: Mobile devices issued by the County of Newell for use by employees, will include protective cases and accessories that the employee may require such as a hands free device. Employees will be held responsible for the safekeeping of the mobile device and accessories issued. Depending upon the circumstances pertaining to incidents in question, the replacement of mobile devices that may be lost, stolen, or damaged as a result of mishandling may become the responsibility of the employee. A determination will be made in this regard by the Department Head and or the CAO in the case of employees who are direct reports to the CAO. COUNTY OF NEWELL - POLICY HANDBOOK POLICY NO: 2015-PAD-069 TITLE: MOBILE DEVICE MANAGEMENT ADOPTED: SUPERCEDES NO: 2014-PAD-069 December 10, 2015 (C-432-15) TO BE REVIEWED: PAGE NO: 2 of 3 User Requirements 1.Users may only load corporate data that is essential to their role onto their mobile device(s). 2.Users must report all lost or stolen devices to County of Newell IT department immediately. 3.If a user suspects that unauthorized access to company data has taken place via a mobile device, they must report the incident in alignment with the County of Newell incident handling process. 4.Devices must not be “jailbroken” or “rooted” or have any software/firmware installed which is designed to gain access to functionality not intended to be exposed to the user. 5.Users must not load pirated software or illegal content onto their devices. 6.Devices must be kept up to date with manufacturer or network provided patches as set by the IT Department. 7.Devices must not be connected to a PC which does not have up to date and enabled anti-malware protection and which does not comply with corporate policy. 8.Compliance will be checked regularly and should a device be non-compliant that may result in the loss of access to email, a device lock, or in particularly severe cases, a device wiped. 9.The user is responsible for the backup of their own personal data and the County of Newell will accept no responsibility for the loss of files due to a non-compliant device being wiped for security reasons. Unapproved Software Applications: The County IT Department has been delegated the authority to either authorize or ban downloading of specific mobile device software applications. When questions arise in this regard, employees are encouraged to submit a formal service request seeking approval from the IT Dept. before the downloading occurs. Costs that relate to personal use of the County issued mobile device: The County reserves the right to recover costs that have been incurred that relate to the personal use of the mobile device. The employee’s supervisor has the authority to make a final determination in that regard. COUNTY OF NEWELL - POLICY HANDBOOK POLICY NO: 2015-PAD-069 TITLE: MOBILE DEVICE MANAGEMENT ADOPTED: SUPERCEDES NO: 2014-PAD-069 December 10, 2015 (C-432-15) TO BE REVIEWED: PAGE NO: 3 of 3 Mobile Device Settings and Security Features: These mobile devices will be subject to valid compliance rules on security features such as encryption, password, key lock, etc. These policies will be enforced by the IT department using Mobile Device Management Software. Actions which may result in a full or partial wipe of the device, or other interaction by IT: 1.A device is jailbroken/rooted. 2.A device contains an app known to contain a security vulnerability (if not removed within a given time-frame after informing the user). 3.A device is lost or stolen. 4.A user has exceeded the maximum number of failed password attempts. 5.An essential and/or required setting has been changed.