LEP Mobile Device Policy
LEP Mobile Device Policy
LEP Mobile Device Policy
Mobile computing devices (smartphones, tablets, convertible laptops, and various other personal
computing devices) are becoming an implementation standard in today’s computing environment. Their
size, portability, and ever- increasing functionality are making the devices desirable in replacing traditional
desktop devices. However, the portability offered by these devices can also increase security exposure
to individuals using the devices.
2. Purpose
The purpose of this policy is to establish the procedures and protocols for the use of mobile devices and
their connection to the network.
3. Scope
This policy applies to all [LEP] staff who use personal devices for business purposes or business-issued
mobile computing devices.
4. Policy
5. GENERAL
All mobile devices, whether owned by [LEP] or owned by staff, that have access to systems
and applications are governed by this policy. Applications, including cloud storage software
used by staff on their own personal devices are also subject to this policy. The following
general procedures and protocols apply to the use of mobile devices:
Mobile computing devices must be protected with a password required at the time the
device is powered on
Passwords must meet the requirements outlined in the [LEP] Access Control and
Password Policy
Wireless encrypted security and access protocols shall be used with all wireless
network connections
Staff shall refrain from using public or unsecured network connections while using
their mobile device for work
Personal mobile computing devices that require network connectivity must conform to
all [LEP] standards for use and configuration
Personal devices used for work business shall be registered with the [Insert
Appropriate Role] approved by [Insert Appropriate Department]
Mobile computing devices that access the [LEP] network shall have active and up-to-
date anti-malware and firewall protection
Lost and stolen devices shall have locations services enabled and the units “bricked”
or wiped of all information so they are unusable until recovered or destroyed
The following procedures and requirements shall be followed by all users of mobile devices:
Staff shall not load illegal content or pirated software onto any mobile device
Only approved applications are allowed on mobile devices that connect to the [LEP]
network
Staff shall use [LEP] corporate email system when sending or receiving [LEP] data
Staff are responsible for ensuring all important files stored on the mobile device are
backed up on a regular basis
Staff shall not modify configurations without express written authorization from the
[Insert Appropriate Role]
7. ADMINISTRATIVE RESPONSIBILITIES
Specific configuration settings shall be defined for personal firewall and malware
protection software to ensure that that this software is not alterable by users of
mobile and/or employee-owned devices.
Annual security training is provided to users of mobile devices. The content and form
of that training shall be decided by the [LEP] or their designee. Periodic security
reminders may be used to reinforce mobile device security procedures.
MDM software is used to manage risk, limit security issue, and reduce costs and
business risks related to mobile devices. The software shall include the ability to
inventory, monitor (e.g. application installations), issue alerts (e.g. disabled
passwords, categorize system software (operating systems, rooted devices), and
issue various reports (e.g. installed applications, carriers).
MDM software shall include the ability to distribute applications, data, and global
configuration settings against groups and categories of devices.
Regular reviews and updates of security standards and strategies used with mobile
computing devices.
Procedures and policies exist to manage requests for exemptions and deviations
from this policy.
[Insert Appropriate Department] shall implement procedures and measures to strictly limit
access to sensitive data moving to and from mobile computing devices since these devices
generally pose a higher-risk for incidents than non-portable devices.
Spot user checks for compliance with mobile device computing policies
Readily available processes and procedures for staff use of mobile devices
9. Enforcement
Staff members found in policy violation may be subject to disciplinary action, up to and including
termination.
10. Distribution
This policy is to be distributed to all [LEP] staff and contractors using [LEP] information resources.