Security & Compliance
< Back to Article ListIS-07 Mobile Device and Remote Working Policy
Last updated: 24 October 2024 at 11:44:56 UTC by Russell Briggs
Mobile Device and Remote Working Policy
Document Ref No |
IS-07 |
Version No |
V1 |
Last review date |
16/10/2021 |
Approved by |
Dom Tyler |
Next review |
16/10/2022 |
Contents
1.Purpose, scope and users 3
2.Mobile computing 3
2.1.Introduction 3
2.2.Mobile device controls 3
3.Personal Equipment 3
4.Remote Working 4
5.Document management 4
6.Version history 4
1. Purpose, scope and users
The purpose of this document is to prevent unauthorised access to mobile devices both within and outside of the organisation's premises.
This document is applied to the entire Information Security Management System (ISMS) scope, i.e. to all persons, data and equipment in the ISMS scope.
Users of this document are all employees of Recycly .
2. Mobile computing
2.1. Introduction
Mobile computing equipment includes laptops, tablets, mobile phones, smartphones and other mobile equipment used for storage, processing and transferring of data.
Recycly allows company-provided mobile equipment to be taken off-premises in accordance with the Acceptable Use Policy.
2.2. Mobile device controls
Special care should be taken when mobile computing equipment is placed in vehicles (including cars), public spaces, hotel rooms, meeting places, conference centres, and other unprotected areas outside the organisation's premises.
The person taking mobile computing equipment and/or paper documents away from their regular place of work must follow these rules:
● Mobile computing equipment and/or paper documents containing important, sensitive, or critical information must not be left unattended and, if possible, should be physically locked away.
● Mobile devices must be protected with a password and/or pin in line with the Password Policy
● When using mobile computing equipment and/or paper documents in public places, the user must take care that data cannot be read by unauthorised persons.
● Ensure updates of patches and other system settings are performed.
● Protection against malicious code is installed and updated.
● Connecting to communication networks and data exchange must reflect the sensitivity of data and a VPN must be used where available.
● Information on mobile computing equipment must be encrypted.
● Protection of sensitive data must be implemented in accordance with the Information Classification Policy.
3. Personal Equipment
Personal devices should be used in line with the Acceptable Use Policy.
4. Remote Working
Remote working means that information and communication equipment is used to enable employees to perform their work outside the organisation.
Remote working is authorised for users of company owned mobile computer equipment and smartphones.
Staff who are working remotely should:
● Protect mobile computing equipment as specified in Section 2.
● When connecting to “public” Wi-Fi connections, the user must take all precautions to ensure the connection is safe i.e. a network that requires a password to connect .
● Prevent unauthorised access by persons living or working at the location where the remote working activity is performed.
● Protect the organisation's intellectual property rights, either for software or other materials that may be protected by intellectual property rights.
● Otherwise act in accordance with company policies as they would in an office.
5. Document management
This policy shall be available to all Recycly Employees and any Third Parties where required. The policy must be reviewed and, if necessary, updated at least once a year. Notice of significant revisions shall be provided to Recycly Employees via email.
6. Version history
Summary of Change |
Date of Change |
Author |
Version No |
First Draft |
16/10/2021 |
Dom Tyler |
1 |
|
|
|
|
|
|
|
|