What to Include in a Mobile Device Policy?
30 January 2012
2 minute read
If you want to develop a policy for the management of mobile devices in your organization – what should be included? What is in scope?
I’m assuming that a mobile device policy is an extension of a general IT or acceptable use policy and is likely to include, phones, smart phones, PDAs, scanners, tablets and other mobile devices.
I have included some ideas below – is there anything I’ve missed here?
- Requirement – when do staff get issued a phone or mobile device? Which circumstances? What justification?
- Jurisdiction – Is it a company-supplied device with company contract, a company-financed device with personal contract or outright personal device?
- Sharing – Is it a shared or pooled device or allocated to one individual?
- Device Choice – Do different types exist depending on circumstances e.g. smart phone or regular phone?
- Internal Costing – How will the cost be internally charged? What happens if the device is surrendered before the end of the minimum contract term?
Mobile Asset Lifecycle
- Security Register – Will the device be logged on a third party security register in the event of loss?
- Device Recovery – How is a device recovered when a member of staff leave or no longer require a device?
- Damaged Handsets – How are they handled, how are replacements managed? Insurance?
- Device Asset Register – Phone Number, Device, International Mobile Equipment Identity (IMEI), Owner etc.
- Loss or Theft
- Handset Recycling / Sustainability
- Data Allowance, Data Roaming and Management Thereof
- International calls and international data
- How is usage monitored?
- Call Barring
- Personal Calls /Usage
- Data Storage – e.g. MP3 storage? data backup?
- User Privacy
- Configuration Settings (e.g. should internet be routed through a corporate proxy)
- Signature file
- Dropbox or other other corporate data / Intellectual property controls
- Skype policy
- Usage whilst Driving or otherwise occupied
- Health Advice
- Social media policy
- Email use
- Server / network access policy
- Auto-Lock policy
- Apps – purchase of, use of, ownership, data usage, privacy settings etc.
Is there anything else to add here? Please leave a comment below or contact me directly. Thanks.