What to Include in a Mobile Device Policy?

What to Include in a Mobile Device Policy?

If you want to develop a policy for the management of mobile devices in your organization – what should be included? What is in scope?

I’m assuming that a mobile device policy is an extension of a general IT or acceptable use policy and is likely to include, phones, smart phones, PDAs, scanners, tablets and other mobile devices.

I have included some ideas below – is there anything I’ve missed here?

Business Justification

• Requirement – when do staff get issued a phone or mobile device? Which circumstances? What justification?
• Jurisdiction  – Is it a company-supplied device with company contract, a company-financed device with personal contract or outright personal device?
• Sharing – Is it a shared or pooled device or allocated to one individual?
• Device Choice – Do different types exist depending on circumstances e.g. smart phone or regular phone?
• Internal Costing – How will the cost be internally charged? What happens if the device is surrendered before the end of the minimum contract term?

Mobile Asset Lifecycle

• Security Register – Will the device be logged on a third party security register in the event of loss?
• Device Recovery – How is a device recovered when a member of staff leave or no longer require a device?
• Damaged Handsets – How are they handled, how are replacements managed? Insurance?
• Device Asset Register – Phone Number, Device, International Mobile Equipment Identity (IMEI), Owner etc.
• Loss or Theft
• Handset Recycling / Sustainability

Acceptable Usage

• Data Allowance, Data Roaming and Management Thereof
• International calls and international data
• How is usage monitored?
• Call Barring
• Personal Calls /Usage
• Data Storage – e.g. MP3 storage? data backup?

IT Governance

• User Privacy
• Configuration Settings (e.g. should internet be routed through a corporate proxy)
• Signature file
• Dropbox or other other corporate data / Intellectual property controls
• Skype policy
• Usage whilst Driving or otherwise occupied
• Health Advice
• Social media policy
• Email use
• Server / network access policy
• Auto-Lock policy
• Apps – purchase of, use of, ownership, data usage, privacy settings etc.

Is there anything else to add here? Please leave a comment below or contact me directly. Thanks.