If you want to develop a policy for the management of mobile devices in your organization – what should be included? What is in scope?
I’m assuming that a mobile device policy is an extension of a general IT or acceptable use policy and is likely to include, phones, smart phones, PDAs, scanners, tablets and other mobile devices.
I have included some ideas below – is there anything I’ve missed here?
Business Justification
Requirement – when do staff get issued a phone or mobile device? Which circumstances? What justification?
Jurisdiction – Is it a company-supplied device with company contract, a company-financed device with personal contract or outright personal device?
Sharing – Is it a shared or pooled device or allocated to one individual?
Device Choice – Do different types exist depending on circumstances e.g. smart phone or regular phone?
Internal Costing – How will the cost be internally charged? What happens if the device is surrendered before the end of the minimum contract term?
Mobile Asset Lifecycle
Security Register – Will the device be logged on a third party security register in the event of loss?
Device Recovery – How is a device recovered when a member of staff leave or no longer require a device?
Damaged Handsets – How are they handled, how are replacements managed? Insurance?
Device Asset Register – Phone Number, Device, International Mobile Equipment Identity (IMEI), Owner etc.
Loss or Theft
Handset Recycling / Sustainability
Acceptable Usage
Data Allowance, Data Roaming and Management Thereof
International calls and international data
How is usage monitored?
Call Barring
Personal Calls /Usage
Data Storage – e.g. MP3 storage? data backup?
IT Governance
User Privacy
Configuration Settings (e.g. should internet be routed through a corporate proxy)
Signature file
Dropbox or other other corporate data / Intellectual property controls
Skype policy
Usage whilst Driving or otherwise occupied
Health Advice
Social media policy
Email use
Server / network access policy
Auto-Lock policy
Apps – purchase of, use of, ownership, data usage, privacy settings etc.
Is there anything else to add here? Please leave a comment below or contact me directly. Thanks.
The ongoing legal battle between VMware (under Broadcom ownership) and Siemens is yet another example of why ITAM goes far beyond license compliance and SAM. What might, at first glance, appear to be a licensing dispute, ...
During one of the keynotes at the FinOps X conference in San Diego, JR Storment, Executive Director of the FinOps Foundation, interviewed a senior executive from Salesforce. They discussed the idea of combining the roles of ...
I recently reported on the FinOps Foundation’s inclusion of SaaS and Datacenter in its expanded Cloud+ scope. At that time, I highlighted concerns about getting the myriad SaaS companies to supply FOCUS-compliant billing data. A couple ...
Podcast
No time to read? Want to stay up to date on the move? Subscribe to the ITAM Review podcast.
Marks & Spencer (M&S), the iconic UK retailer, recently became the latest high-profile victim of a devastating cyberattack. Fellow retailers The Co-Op and Harrods were also attacked. Recent reports suggest the rapid action at the Co-Op ...
During our Wisdom Unplugged USA event in New York in March 2025, we engaged ITAM professionals with three targeted polling questions to uncover their current thinking on Artificial Intelligence—what concerns them, where they see opportunity, and ...
In the world of ITAM, the regulatory spotlight continues to intensify, especially for financial institutions facing increasing scrutiny from regulatory bodies due to the growing importance of IT in operational resilience, service delivery, and risk management. ...
Executive Summary For ITAM teams, sustainability is a core responsibility and opportunity. Managing hardware, software, and cloud resources now comes with the ability to track, reduce, and report carbon emissions. Understanding emission scopes—from direct operational emissions ...