[organisation] is dedicated to providing mobile staff with the IT equipment needed to successfully and efficiently perform their role. The purpose of this policy is to ensure that the mobile devices provided to [organisation] staff enable ready access to corporate information whilst protecting the security of that information.
This policy applies to all employees, board members, contractors, consultants and visitors that use ICT systems and services provided by [organisation].
This policy includes all mobile ICT equipment that can establish a data connection to the [organisation] corporate network (for example, smartphones) and excludes ultrabooks and standard mobile phones (ie providing only voice and messaging services).
Software. All mobile devices are provided with:
- Native email client (eg Apple mail),
- Native browser client (eg Safari),
- MDM client (for monitoring and providing a level of control over the device),
- MS Office or similar app for viewing and editing Microsoft Office documents,
- MS Skype for Business client,
- Corporate network and application access through a virtual desktop client (for example, Remote Desktop Services), and
- Custom corporate apps, as required.
Other apps can be loaded by users at their discretion and using their personal app store (for example, iTunes) account. In all situations, the IT Acceptable Use Policy applies.
Specific or custom equipment. Mobile devices that fall outside the scope of this policy may be provided in exceptional circumstances where there is a business case to support such a device. This business case must be approved by a General Manager and IT before the item can be ordered.
Bring Your Own Device. A personally owned mobile device can only be used for [organisation] business or be connected to the [organisation] corporate data network if approved by [sponsor role]. If such approval is granted, the owner of the mobile device must acknowledge that the device may be wiped if lost or compromised, and usage of the device (as it relates to [organisation] corporate information) may be monitored.
In all cases, [organisation] accepts no responsibility for any loss of personal information or damage that may be caused to the device. In addition, [organisation] is not responsible for reimbursing any resulting costs (for example, data usage) unless agreed with [sponsor role] before the device is used for [organisation] business use.
Mobile Device Management. [organisation] have a system in place for monitoring the use of mobile devices, controlling access, managing updates and remote wiping a device if it is lost or the security of [organisation] corporate information is compromised.
Compliance and breaches
[organisation] may commence applicable disciplinary procedures if a person to whom this policy applies breaches this policy (or any of its related procedures).
Legislative and other references
- <Acceptable ICT Use>
- <Information Management Policy>
- <IT End User Equipment Policy>