Security & Compliance

< Back to Article List

IS-07 Mobile Device and Remote Working Policy

Last updated: 24 October 2024 at 11:44:56 UTC by Russell Briggs

Mobile Device and Remote Working Policy


 

Document Ref No

IS-07

Version No

V1

Last review date

16/10/2021

Approved by

Dom Tyler

Next review

16/10/2022


Contents

1.Purpose, scope and users                                                                                                               3

2.Mobile computing                                                                                                                               3

2.1.Introduction                                                                                                                               3

2.2.Mobile device controls                                                                                                           3

3.Personal Equipment                                                                                                                         3

4.Remote Working                                                                                                                                 4

5.Document management                                                                                                                     4

6.Version history                                                                                                                                   4

 

 

 

 

 

 

 

 


1.    Purpose, scope and users

The purpose of this document is to prevent unauthorised access to mobile devices both within and outside of the organisation's premises.

This document is applied to the entire Information Security Management System (ISMS) scope, i.e. to all persons, data and equipment in the ISMS scope.

Users of this document are all employees of Recycly .

 

2.    Mobile computing

2.1.         Introduction

Mobile computing equipment includes laptops, tablets, mobile phones, smartphones and other mobile equipment used for storage, processing and transferring of data.

Recycly allows company-provided mobile equipment to be taken off-premises in accordance with the Acceptable Use Policy.

2.2.         Mobile device controls

Special care should be taken when mobile computing equipment is placed in vehicles (including cars), public spaces, hotel rooms, meeting places, conference centres, and other unprotected areas outside the organisation's premises.

The person taking mobile computing equipment and/or paper documents away from their regular place of work must follow these rules:

       Mobile computing equipment and/or paper documents containing important, sensitive, or critical information must not be left unattended and, if possible, should be physically locked away.

       Mobile devices must be protected with a password and/or pin in line with the Password Policy

       When using mobile computing equipment and/or paper documents in public places, the user must take care that data cannot be read by unauthorised persons.

       Ensure updates of patches and other system settings are performed.

       Protection against malicious code is installed and updated.

       Connecting to communication networks and data exchange must reflect the sensitivity of data and a VPN must be used where available.

       Information on mobile computing equipment must be encrypted.

       Protection of sensitive data must be implemented in accordance with the Information Classification Policy.

 

3.    Personal Equipment

Personal devices should be used in line with the Acceptable Use Policy.

 

4.    Remote Working

Remote working means that information and communication equipment is used to enable employees to perform their work outside the organisation. 

Remote working is authorised for users of company owned mobile computer equipment and smartphones.

Staff who are working remotely should:

       Protect mobile computing equipment as specified in Section 2.

       When connecting to “public” Wi-Fi connections, the user must take all precautions to ensure the connection is safe i.e. a network that requires a password to connect .

       Prevent unauthorised access by persons living or working at the location where the remote working activity is performed.

       Protect the organisation's intellectual property rights, either for software or other materials that may be protected by intellectual property rights.

       Otherwise act in accordance with company policies as they would in an office.

 

5.    Document management

This policy shall be available to all Recycly Employees and any Third Parties where required. The policy must be reviewed and, if necessary, updated at least once a year. Notice of significant revisions shall be provided to Recycly Employees via email.

 

6.    Version history

Summary of Change

Date of Change

Author

Version No

First Draft

16/10/2021

Dom Tyler

1