A.6.2.1 Mobile device policy

Requirement	For copyright reasons, this space does not contain citations from the Standard.
Instruction	The mobile device policy will contain statements about the use of laptops, tablets, mobile phones and will describe whether or not people are allowed to use their own devices (BYOD) to gain access to the organization's information systems. Think about security measures such as disk encryption, VPN, privacy screens, sand boxing, disabling app stores, remote wipe and anti virus/malware.
Implementation	Stipulations are defined in the Mobile device policy: Mobile device policy We encourage teleworking. To underline this principle, all employees are given a laptop. On this laptop, a VPN client will connect you automatically to the corporate network. For (BYOD) devices that are used to carry data labelled as confidential or sensitive: Always use (full disk) encryption on laptops, mobile phones and tablets Use a pincode, password or fingerprint to unlock Only use authorized repair shops, never give away unlock codes or passwords For (BYOD) devices that are used to read corporate email (Exchange): Remote device wipe is required Avoid the use of public Wi-Fi networks. If you must, use a VPN client.
Status	Implemented
Applicable	YES
Reason	Risk assessment

Owner	Security officer (role)
Frequency	Quarter
Instruction	Check if mobile devices are still encrypted, for instance by checking the laptop or phone of a new hire.

	File	Modified

No files shared here yet.