A.6.2.1 Mobile device policy

Control details

Requirement

For copyright reasons, this space does not contain citations from the Standard.

Instruction

The mobile device policy will contain statements about the use of laptops, tablets, mobile phones and will describe whether or not people are allowed to use their own devices (BYOD) to gain access to the organization's information systems.

Think about security measures such as disk encryption, VPN, privacy screens, sand boxing, disabling app stores, remote wipe and anti virus/malware.

Implementation

Stipulations are defined in the Mobile device policy:

Mobile device policy
We encourage teleworking. To underline this principle, all employees are given a laptop. On this laptop, a VPN client will connect you automatically to the corporate network.

For (BYOD) devices that are used to carry data labelled as confidential or sensitive:

  • Always use (full disk) encryption on laptops, mobile phones and tablets
  • Use a pincode, password or fingerprint to unlock
  • Only use authorized repair shops, never give away unlock codes or passwords

For (BYOD) devices that are used to read corporate email (Exchange):

  • Remote device wipe is required

Avoid the use of public Wi-Fi networks. If you must, use a VPN client.

StatusImplemented
ApplicableYES
ReasonRisk assessment

Check details

OwnerSecurity officer (role)
FrequencyQuarter
Instruction

Check if mobile devices are still encrypted, for instance by checking the laptop or phone of a new hire.


  File Modified
No files shared here yet.