What to Include in a Mobile Device Policy?

30 January 2012
2 minute read
Best practice

What to Include in a Mobile Device Policy?

30 January 2012
2 minute read

If you want to develop a policy for the management of mobile devices in your organization – what should be included? What is in scope?

I’m assuming that a mobile device policy is an extension of a general IT or acceptable use policy and is likely to include, phones, smart phones, PDAs, scanners, tablets and other mobile devices.

I have included some ideas below – is there anything I’ve missed here?

Business Justification

  • Requirement – when do staff get issued a phone or mobile device? Which circumstances? What justification?
  • Jurisdiction  – Is it a company-supplied device with company contract, a company-financed device with personal contract or outright personal device?
  • Sharing – Is it a shared or pooled device or allocated to one individual?
  • Device Choice – Do different types exist depending on circumstances e.g. smart phone or regular phone?
  • Internal Costing – How will the cost be internally charged? What happens if the device is surrendered before the end of the minimum contract term?

Mobile Asset Lifecycle

  • Security Register – Will the device be logged on a third party security register in the event of loss?
  • Device Recovery – How is a device recovered when a member of staff leave or no longer require a device?
  • Damaged Handsets – How are they handled, how are replacements managed? Insurance?
  • Device Asset Register – Phone Number, Device, International Mobile Equipment Identity (IMEI), Owner etc.
  • Loss or Theft
  • Handset Recycling / Sustainability

Acceptable Usage

  • Data Allowance, Data Roaming and Management Thereof
  • International calls and international data
  • How is usage monitored?
  • Call Barring
  • Personal Calls /Usage
  • Data Storage – e.g. MP3 storage? data backup?

IT Governance

  • User Privacy
  • Configuration Settings (e.g. should internet be routed through a corporate proxy)
  • Signature file
  • Dropbox or other other corporate data / Intellectual property controls
  • Skype policy
  • Usage whilst Driving or otherwise occupied
  • Health Advice
  • Social media policy
  • Email use
  • Server / network access policy
  • Auto-Lock policy
  • Apps – purchase of, use of, ownership, data usage, privacy settings etc.

Is there anything else to add here? Please leave a comment below or contact me directly. Thanks.

Can’t find what you’re looking for?