The ITAM Review

News, reviews and resources for worldwide ITAM, SAM and Licensing professionals.

What to Include in a Mobile Device Policy?

If you want to develop a policy for the management of mobile devices in your organization – what should be included? What is in scope?

I’m assuming that a mobile device policy is an extension of a general IT or acceptable use policy and is likely to include, phones, smart phones, PDAs, scanners, tablets and other mobile devices.

I have included some ideas below – is there anything I’ve missed here?

Business Justification

  • Requirement – when do staff get issued a phone or mobile device? Which circumstances? What justification?
  • Jurisdiction  – Is it a company-supplied device with company contract, a company-financed device with personal contract or outright personal device?
  • Sharing – Is it a shared or pooled device or allocated to one individual?
  • Device Choice – Do different types exist depending on circumstances e.g. smart phone or regular phone?
  • Internal Costing – How will the cost be internally charged? What happens if the device is surrendered before the end of the minimum contract term?

Mobile Asset Lifecycle

  • Security Register – Will the device be logged on a third party security register in the event of loss?
  • Device Recovery – How is a device recovered when a member of staff leave or no longer require a device?
  • Damaged Handsets – How are they handled, how are replacements managed? Insurance?
  • Device Asset Register – Phone Number, Device, International Mobile Equipment Identity (IMEI), Owner etc.
  • Loss or Theft
  • Handset Recycling / Sustainability

Acceptable Usage

  • Data Allowance, Data Roaming and Management Thereof
  • International calls and international data
  • How is usage monitored?
  • Call Barring
  • Personal Calls /Usage
  • Data Storage – e.g. MP3 storage? data backup?
READ ALSO:  Shortcuts to SAM Immaturity

IT Governance

  • User Privacy
  • Configuration Settings (e.g. should internet be routed through a corporate proxy)
  • Signature file
  • Dropbox or other other corporate data / Intellectual property controls
  • Skype policy
  • Usage whilst Driving or otherwise occupied
  • Health Advice
  • Social media policy
  • Email use
  • Server / network access policy
  • Auto-Lock policy
  • Apps – purchase of, use of, ownership, data usage, privacy settings etc.

Is there anything else to add here? Please leave a comment below or contact me directly. Thanks.


About Martin Thompson

Martin is owner and founder of The ITAM Review, an online resource and community for worldwide ITAM professionals.

Martin is also author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management.

On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.

Learn more about him here and connect with him on Twitter or LinkedIn.

One Comment

  1. Additional feedback from a reader:

    “Under business justification I’d add reimbursement considerations and under IT Governance I’d add Policy Violations and Security considerations”

    LinkedIn Discussion Here:

Leave a Comment