Corporate Mobile Device Usage Form - Get as DOC

Document Sample
Corporate Mobile Device Usage Form - Get as DOC Powered By Docstoc
					                                          APPENDIX B




Mobile Device Usage and Security Policy




Version 0.1
May 2005
                                                                           Mobile Device Usage and Security Policy



Version Control

Version          Date Issued                 Distribution/Comments

0.1              19 May 2005                 To Employment Committee for adoption



Contents

Purpose ............................................................................................................... 3

Background ......................................................................................................... 3

Mobile Devices and their uses ........................................................................... 4

Responsibilities .................................................................................................. 5

Guidance for Use - Avoiding Loss or Damage. ................................................ 5

Guidance for Use - Health and Safety ............................................................... 7

Protecting the Council’s computer Network .................................................... 7

Guidance for Use - Protecting Information ....................................................... 8

IT Support ............................................................................................................ 9

Laptops .............................................................................................................. 10

Mobile Phones................................................................................................... 10

Digital Cameras & Camera Cards .................................................................... 10

Disciplinary Considerations............................................................................. 11

What can you do to help? ................................................................................ 12




Version 0.1                                                                                                 Page 2

D:\Docstoc\Working\pdf\8fda8ced-8381-4289-80de-d305df2d72f4.doc
                                                           Mobile Device Usage and Security Policy



Purpose
1. This document sets out the Council’s policy for the use and security of mobile
   IT equipment, the rules relating to use and the consequences that may arise
   from misuse. It should be read in conjunction with the Home/Remote Working
   Policy that sets out the key considerations for home/remote working for staff.

Background
2. Mobile devices are important to the Council. They allow us to work more
   effectively in places where using an ordinary computer would be impractical.
   Mobile devices such as Pocket PCs, Digital Cameras and Mobile Phones
   allow us to achieve more by providing facilities on the move such as seeing
   our GroupWise calendars, taking pictures, getting reminders of appointments,
   looking up phone numbers. In the future, with the right systems at the
   Council, mobile workers could become less tied to a desk with a computer on
   it. Information about jobs will be stored and retrieved electronically wherever
   they are. Customers will be able to sign for services on the screen of a
   mobile computer. Eventually, many of our staff will be using mobile devices
   to enable them to work more efficiently and effectively. This is why this
   document and the policies and procedures contained in it are important.

3. Although mobile devices have the potential to deliver significant benefits
   (better services, increased efficiency), they also carry a number of risks. The
   key risks are:

       Cost of loss or damage to expensive equipment as a consequence of
        theft, carelessness or misuse.

       Health and safety problems for users (as with any new way of working).

       Introduction of viruses to the computer network if devices become
        infected.

       Disruption of the computer network if incompatible devices are connected.

       Increased IT support costs.

       Loss of information contained on mobile devices and consequent
        disruption to work.

       Disclosure of confidential information stored on devices as a consequence
        of loss of devices or careless use.



Version 0.1                                                                            Page 3

D:\Docstoc\Working\pdf\8fda8ced-8381-4289-80de-d305df2d72f4.doc
                                                           Mobile Device Usage and Security Policy



4. The aim of this policy is to enable the Council to benefit from the new
   technologies that are available, whilst managing the above risks. The risks
   are unlikely to be eliminated, but can be mitigated through compliance with
   this policy. Given that there will remain inherent risks associated with the use
   of mobile devices, it is important that clear business benefits can be
   demonstrated, wherever they are used, which outweigh those risks.

5. The key to managing all of the above risks is ensuring that users conform to
   some basic rules and good practice guidelines. For that reason all users will
   be asked to sign an Acceptable Use Agreement, acknowledging the
   responsibilities attached to the device they are using.

Mobile Devices and their uses
6. The types of Mobile Device currently used within the Council are:

       Laptops – effectively desktop computers, that can be transported
        anywhere and used without requiring mains power for the most part.
        Laptops allow their custodians to look at, create or modify information
        stored on them.

       Mobile Phones – the amount of information the average mobile phone
        can hold increases year by year. For example a very basic current mobile
        phone can hold first and last names along with telephone numbers for
        hundreds of people.

       Digital Cameras – Pictures for work purposes can be taken and then
        subsequently transferred into the corporate network. Computer files of
        other types could be transferred to such devices.

       Pocket PCs (PDAs)– the Council’s preferred product is HP/Compaq’s
        “IPaq” – this is a pocket sized computer that can be used to store, modify
        and transfer computer files such as documents and spreadsheets or
        emails and their attachments. Most of the benefits of a computer in a
        fraction of the space/weight.

       Camera cards – tiny disks that have very high capacity. For instance a
        128 MB SD or Compact Flash card can hold the contents of nearly 90
        floppy disks. This equates to over a thousand small documents or
        spreadsheets.

       Mobile storage devices such as USB data drives are a cheap and readily
        available means of transporting large quantities of computer files from one
        location to another. A mobile storage device is any device that contains
        non-permanent storage that you can store files on.
Version 0.1                                                                            Page 4

D:\Docstoc\Working\pdf\8fda8ced-8381-4289-80de-d305df2d72f4.doc
                                                           Mobile Device Usage and Security Policy



7. Other devices may be added to this list in the future. The key features of
   mobile devices are that they are portable and have non-permanent storage.

8. IT will maintain standard specifications for all items that should meet every
   user’s requirement for speed and functionality. Where a non-standard
   specification is required to meet business requirements this will require the
   agreement of the Head of Business Services, taking account of the additional
   costs and risks involved. The latest specification for each type of mobile
   device can be obtained from the IT Section for all items.

Responsibilities
9. Users of mobile devices are responsible for them. As such, users must take
   good care of mobile devices provided. Despite their portability, most of the
   mobile devices are valuable assets and must be treated as such.

10. It is a condition of receiving any equipment that users sign an Acceptable Use
    Agreement that will include the terms laid out in this policy. When users leave
    the Council equipment must be returned within the times laid out in that
    agreement.

11. In general, a useful guide as to whether equipment is being used responsibly
    is whether the use being made of the equipment would be viewed as
    acceptable both professionally and personally by local taxpayers.

12. The Acceptable Use Agreement for a particular piece of equipment will set
   out whether personal use of the equipment is allowed and whether any costs
   arising must be repaid.

13. The Council will be responsible for providing any training needed to use any
   issued mobile devices via the corporate training programme.

14. All laptops, mobile phones, and PDAs must be provided by the IT Unit.
    Individual departments are not permitted to purchase their own, or to move
    from the standard specification, without the agreement of the IT Unit.

Guidance for Use - Avoiding Loss or Damage.
15. The majority of mobile devices require care. The following are guidelines for
    avoiding loss of or damage to mobile devices.

       Don’t leave equipment in positions visible from the street especially at
        ground floor level.



Version 0.1                                                                            Page 5

D:\Docstoc\Working\pdf\8fda8ced-8381-4289-80de-d305df2d72f4.doc
                                                           Mobile Device Usage and Security Policy



       Store equipment securely in the boot of your car during transit and don’t
        leave equipment on display. Wherever possible keep mobile equipment
        with you when away from the office.

       Where possible lock mobile devices in drawers when they are not with
        you. In the event of an emergency every reasonably effort must be made
        by you to secure your mobile device or laptop but never at the cost of your
        own safety. For example, if you are challenged in the street by a would-be
        thief, always hand over your mobile device rather than risk personal injury.

       If your mobile device should be stolen, immediately notify the Police and
        contact the IT helpdesk for assistance (from outside the Council’s
        premises 01273 484047 or extension 4047 internally). Your Acceptable
        Use Agreement may have other instructions as well.

       Do not drop your mobile device, allow it to bump into things as you carry it
        or put things on top of the case when it is inside.

       When transporting your mobile device turn if off or place it in hibernate
        mode whenever appropriate and put it in a carrying case before moving it.

       Carry or moving a mobile device from one place to another without the
        case can be risky as without the case the smallest knocks can result in
        damage.

       Avoid touching the screen of laptops. If you get fingerprints on your
        screen, these can be removed using appropriate screen wipes. Touching
        your screen can damage it!

        Avoid exposing any mobile device to extreme temperatures.

       Don’t leave your mobile device in the boot of your car overnight. Items
        such as hard drives and screen can fail prematurely. Generally, keep
        mobile devices in temperatures that you feel comfortable in.

       Keep drinks and other liquids (especially cola drinks and any drink with
        milk or sugar in it) away form your mobile device.

       A spillage can result in an electrical short and could result in the complete
        loss of your mobile device and all the data held on it. Cola drinks (and
        many other canned carbonated drinks) are quite corrosive to the moving
        and electronic parts of any mobile device.




Version 0.1                                                                            Page 6

D:\Docstoc\Working\pdf\8fda8ced-8381-4289-80de-d305df2d72f4.doc
                                                           Mobile Device Usage and Security Policy



          In the event of an accidental spillage switch off immediately and call the IT
           help desk straight away (from outside the Council’s premises 01273
           484047 or extension 4047 internally).

         Keep diskettes, drives and mobile devices away from magnetic fields such
          as hi-fi speakers or microwaves.

         It is safe to allow airport security to x-ray your laptop, digital camera or
          PDA.

         It is not safe to leave either floppy disks or your computer on top of a
          running microwave or hi-fi speakers.

         You must not tamper with or remove the asset tag attached to your
          computer by Lewes District Council.

Guidance for Use - Health and Safety
16. Exact Health and Safety procedures will vary from device to device, but some
    general guidance is:

          Take regular breaks and ensure your posture is good.

          Don’t type for longer periods than is comfortable.

          Don’t load your laptop case up with excessive amounts of additional items
           such as books.

          Where possible avoid carrying your laptop for long distances or long
           periods of time.

          You may need to use a wheeled device to transport your laptop if you
           need to avoid back strain.

          Sit comfortably at a desk.

          Don’t be tempted to work for prolonged periods with a laptop in your lap.

          Avoid working with a laptop on the arm of an armchair or sofa (with your
           back twisted).

Protecting the Council’s Computer Network
17. Virus infections of corporate computer networks are frequently introduced by
    mobile devices that become infected and pass this into the network when

Version 0.1                                                                            Page 7

D:\Docstoc\Working\pdf\8fda8ced-8381-4289-80de-d305df2d72f4.doc
                                                           Mobile Device Usage and Security Policy



    reconnected. The following rules are designed to minimise the chances of
    mobile devices causing damage or disruption to the Council’s computer
    network:

       You must not disable virus checking. Under no circumstances should
        virus protection services be turned off. Once established, certain types of
        virus can become invisible to virus projection systems and therefore can
        do damage for which you will be held responsible.

       You must not install or allow software to be installed on the mobile device
        issued to you except by authorised IT staff

       All software installations must be carried out by people authorised by the
        IT Unit. In circumstances where another party is to install software,
        specific authority must be sought from the Head of Business Services.
        Software can contain a means for other parties to get information they are
        not entitled to. Installing authorised software yourself without applying
        security fixes can be as damaging as installing unauthorised software that
        could spread computer viruses.

       Never connect unauthorised hardware to the Council’s network.

       Mobile devices owned by third parties should never be connected to the
        Council’s network. If you own a personal mobile device, you should never
        connect it to the Council’s network without express written approval from
        the Head of Business Services. You will need to provide assurances that
        it has not been used in a way that could introduce a security risk (e.g.
        connection to other PC’s, software downloads). The IT Unit will not
        support any devices not owned by the Council.

       Never connect a mobile device to a non-Council network. Viruses can be
        easily introduced to our network in this way. So mobile devices issued to
        you must only be connected to a Council PC or the Council’s network.

       Pictures taken on digital cameras can be stored on the corporate network
        but users are expected to “weed” pictures to those that are actually
        needed – not just store the entire contents of every camera card.

Guidance for Use - Protecting Information
18. Security is a primary concern for the Council. Information flow from the
    Council to the outside world should be properly controlled with sensitive (or
    personal) information never being allowed out to third parties without express
    permission.

Version 0.1                                                                            Page 8

D:\Docstoc\Working\pdf\8fda8ced-8381-4289-80de-d305df2d72f4.doc
                                                           Mobile Device Usage and Security Policy



       Always ensure that your use of hardware, software and data complies with
        the requirements of the Data Protection Act. If in doubt contact IT
        Services or the Head of Democratic Services.

       All files and information on mobile devices should be backed up regularly
        to network servers.

       Ensure that you only hold the absolute minimum of confidential documents
        on your laptop under any circumstance. Any data you carry could be at
        potential risk of theft, the less information you carry the better. This is
        especially true of PDA type devices.

       Ensure that you backup your documents when away from the office for
        any significant period of time in an appropriate manner. (Corporate
        servers are backed up every day).

       Ensure that when you are in a public space that any confidential
        documents you are working on are not visible to others.

       Be aware that it you are travelling on a train or sitting in a public area,
        others can view the information on your screen.

       If you are working on a large document add it to a zip file and then
        password protect the zip file before transferring to floppy disk or writeable
        CD. Information on how to do this can be provided by IT.

       If your mobile device should be stolen, immediately notify the Police and
        contact the IT helpdesk for assistance (from outside the Council’s
        premises 01273 484047 or extension 4047 internally).

       Always secure your mobile device.

       If you are in an insecure area don’t leave your mobile device on a desk or
        in full view when you are away from it. Ideally leave your mobile device in
        a drawer and lock that drawer if possible.

19. If you have followed the other policies laid out in this document the impact to
    your working day will have been minimised and the IT team will do their best
    to get you working again as quickly as possible.

IT Support
20. As with any electronic device, at some time you may require support if they
    fail. This section describes the support available from IT on mobile devices.


Version 0.1                                                                            Page 9

D:\Docstoc\Working\pdf\8fda8ced-8381-4289-80de-d305df2d72f4.doc
                                                           Mobile Device Usage and Security Policy



21. For all types of device, users are expected to bring faulty equipment to the IT
    Unit. Home visits will be by arrangement only, when the fault experienced
    specifically requires a home attendance by a technician..

Laptops

22. Data will need to be secured on a server or burnt to CD regularly by the user,
    in order to prevent data loss. IT will make sure users know how to do this.

23. Where a fault is found to require warranty repair the device will be returned to
    the Manufacturer or their agent for repair. Replacement equipment and or
    services will be by arrangement with IT. The availability of temporary
    replacement equipment cannot be guaranteed. Where a device is found to
    be outside of warranty a replacement will be arranged by IT.

Mobile Phones

24. Mobile phones will be supported by the IT team on a break fix basis. Users of
    mobile phones will be responsible for any data (phone numbers, contacts,
    etc.) stored on their mobile phone. Any faulty mobile phone should be
    reported to the IT Helpdesk and a replacement will be provided.

Digital Cameras & Camera Cards

25. Due to licensing, a camera’s software must only be installed on one PC. User
    data should be stored on removable media cards that are suitable for use with
    the camera. Storing data on removable media helps minimise loss of data and
    allows sharing of data via card readers. If the camera fails and the pictures
    have been stored on a media card, the card can be removed. However if a
    Camera fails and the pictures have been stored on the camera’s internal
    memory then the pictures may be lost.

26. The software for connecting the camera will be reinstalled, if this does not
    resolve the issue it may be necessary to send the device for warranty repair.

27. Where warranty repair is required the device will be returned under the
    manufacturer’s warranty. A temporary replacement for the device will not be
    made whilst the device is away with the manufacturer. Where a device is
    outside of the warranty period a new device will need to be purchased with
    guidance from IT.

Pocket PCs (PDAs)

28. User data should be stored on removable media cards that are suitable for
    use with the pocket PC. Storing data on removable media helps prevent loss
    of data, and is a function performed by the user. If the Pocket PC fails and the
Version 0.1                                                                           Page 10

D:\Docstoc\Working\pdf\8fda8ced-8381-4289-80de-d305df2d72f4.doc
                                                           Mobile Device Usage and Security Policy



    data has been stored on a media card, the card can be removed. However if
    a Pocket PC fails and data has been stored on the Pocket PC’s internal
    memory then the data may be lost.

29. Where re-installing any affected software cannot rectify a fault, the removable
    media will be taken out of the device and a soft reset will be attempted. A soft
    reset powers the device off and back on again and should not cause loss of
    user settings or data. Where a Soft reset does not resolve the problem a hard
    reset of the device will be attempted. A hard reset, sets the device back to
    factory defaults, all user data and settings that have not been stored on
    removable media will be lost.

30. In the event that a hard reset does not correct the fault being experienced, the
    device will be returned under the manufacturer’s warranty. A temporary
    replacement for the device will not be made whilst the device is away with the
    manufacturer, unless specific arrangements have been made. Where a
    device is outside of the warranty period a new device will be provided.

Disciplinary Considerations
31. The Council views computer security very seriously. Any breach of this policy
    will be regarded as important and could lead to disciplinary measures being
    taken.

32. In particular, examples of the actions that could be considered gross
    misconduct and result in dismissal from the Council’s employment are:

 Introduction of a computer virus to Council equipment because of a failure to
  conform with some or all of the provisions of this policy.

 Failure to take swift and appropriate action in accordance with this policy
  should a virus be discovered.

 Allowing, without permission, a third party to access the Council’s network
  using the mobile device.

 Using any unauthorised software on Council equipment.

33. In addition, the Council could view a failure to disclose knowledge of any of
    the above being undertaken by another officer as a potentially serious matter
    as well.

34. For councillors, serious failure to comply with this policy could be regarded as
    a breach of the code of conduct and may justify intervention by the Standards
    Board.

Version 0.1                                                                           Page 11

D:\Docstoc\Working\pdf\8fda8ced-8381-4289-80de-d305df2d72f4.doc
                                                           Mobile Device Usage and Security Policy



What can you do to help?
35. Comments or suggestions for improvement on this policy document are
    always welcome. If you have any, please contact: Head of Business Services
    via john.clark@lewes.gov.uk

Head of Business Services

April 2005




Version 0.1                                                                           Page 12

D:\Docstoc\Working\pdf\8fda8ced-8381-4289-80de-d305df2d72f4.doc

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:1
posted:8/16/2011
language:English
pages:12
Description: Corporate Mobile Device Usage Form document sample