This document describes the procedures, restrictions and standards for the use of mobile devices connecting to Smith Kendon's internal network or related technology resources. The primary goal of this security policy is to ensure Smith Kendon's technology based resources (networks, data, databases, computer systems, etc.) are adequately protected from unauthorized use, damages to vital business application, revenue loss, malicious attack that can lead to loss of information, and any sort of damage to company's public image.
This policy applies to all Smith Kendon employees, these includes part time staff, full Staff and third party people who make use of personally or company owned mobile devices to access the organizations' data and networks via any means.
Mobile Devices: These covers any electric or battery operated device that is capable of storing, processing or transmitting data and can be easily transported, including but not limited to the following device classification:
- Handheld running the Symbian, Windows Mobile, Palm operating system, or Mobile Linux operating systems.
- Cell phones, Smart phones, Personal Digital Assistants (PDAs),Blackberry, Laptops, Tablet PCs, Palm Pilot, memory sticks, text pagers, iPod, MP3 players, USB drives and other similar devices.
- Devices that have integrated wireless capability but not limited to, Wi-Fi, Infra-Red and Bluetooth.
Responsibilities and Ownership
- The Chief Executive Officer of Smith Kendon has the overall responsibility for the confidentiality, integrity, and availability of corporate data.
- The Chief Executive Office, Smith Kendon has delegated the implementation and maintenance of Information Technology and Systems to the Chief Information Security Officer.
- Other Information Systems and IT staffs under the direction of the Chief Information Security Officer are responsible for the following procedures and policies within Information Systems and Technology.
- Managers and supervisors are responsible for ensuring that users are aware of and understand this policy and all related procedures.
- All Smith Kendon employees are responsible to act in accordance with company policies and procedures.
- The duty for the appropriate use of mobile devices issued by the Organisation rests with the designated user.
- Smart Phones, additional equipment and their contents issued to employees remain the property of Smith Kendon and may be subject to regular audit and monitoring.
- Employees who require the use of a mobile device to perform work duties must go through an application process that evidently outlines why access is required and must request with the approval and signatory of supervisor or department head before submitting to the IT department. Any request must be justifiable and in line with the job role of the recipient.
- Prior to initial use on the corporate network or related infrastructure, all mobile devices must be registered with the IT department. Smith Kendon will maintain a list of approved mobile devices. All mobile devices attempting to connect to the corporate network through an unmanaged network will be inspected using technology centrally managed by Smith Kendon's IT department. Devices that have not been previously approved by IT will not be allowed to connect.
- Any mobile device used in such a way that puts the systems, data, users and clients of the organization at risk, IT reserves the right to refuse by any means the ability to connect the mobile device to corporate infrastructure.
- Employees with company issued mobile devices and related software to access data and network will use secure network and data management procedures without exception.
- All mobile devices carrying company data must be protected by a strong password (at least 8 characters in length) or must encrypt using strong encryption all critical data stored on the device.
- The physical security of company issued mobile devices is the responsibility of whom it's assigned to and may only be used by designated users only.
- Sensitive and confidential information should be permanently erased from the mobile devices before it is returned, exchanged or disposed.
- IT department will use appropriate technology solutions to centrally manage security policies, applications, network and data access. Any attempt to breach or evade security implemented will be considered as an intrusion attempt and dealt with in accordance to Smith Kendon's security policy.
- In a case of lost or stolen of company issued mobile device, it is the duty of user to report this to security and IT department immediately. The data on the device will be remotely wiped or locked to prevent access by IT department. If the device is recovered, it should be returned to the IT department.
- Company software or application is not to be installed on personal mobile devices.
- Employees and third parties will not make modification of any kind to Smith Kendon owned and installed hardware or software without approval of the company's IT department.
Employees and third parties who by their action violate or do not comply with this policy or its procedures may need to be reprimanded or discharged, may be fined or penalized, and may involve civil or criminal litigation.
Critical Review of Policy