A.6.2.1 Mobile device policy

Control details


For copyright reasons, this space does not contain citations from the Standard.


The mobile device policy will contain statements about the use of laptops, tablets, mobile phones and will describe whether or not people are allowed to use their own devices (BYOD) to gain access to the organization's information systems.

Think about security measures such as disk encryption, VPN, privacy screens, sand boxing, disabling app stores, remote wipe and anti virus/malware.


Stipulations are defined in the Mobile device policy:

Mobile device policy
We encourage teleworking. To underline this principle, all employees are given a laptop. On this laptop, a VPN client will connect you automatically to the corporate network.

For (BYOD) devices that are used to carry data labelled as confidential or sensitive:

  • Always use (full disk) encryption on laptops, mobile phones and tablets
  • Use a pincode, password or fingerprint to unlock
  • Only use authorized repair shops, never give away unlock codes or passwords

For (BYOD) devices that are used to read corporate email (Exchange):

  • Remote device wipe is required

Avoid the use of public Wi-Fi networks. If you must, use a VPN client.

ReasonRisk assessment

Check details

OwnerSecurity officer (role)

Check if mobile devices are still encrypted, for instance by checking the laptop or phone of a new hire.

  File Modified
No files shared here yet.