EXECUTIVE DECISION NOTICE. ICT, Communications and Media. Councillor John Taylor. Deputy Executive Leader
|
|
- Percival Chandler
- 8 years ago
- Views:
Transcription
1 EXECUTIVE DECISION NOTICE SERVICE AREA: SUBJECT MATTER: DECISION: DECISION TAKER(S): DESIGNATION OF DECISION TAKER(S): GOVERNANCE ICT, Communications and Media PERSONAL DEVICE POLICY That the Personal Device Policy at appendix 1 of the report is adopted. Councillor John Taylor Deputy Executive Leader DATE OF DECISION: 13 March 2013 REASON FOR DECISION: The Council wants to encourage its staff to work as efficiently as possible. It provides staff with the essential technology they need to do their job. However it cannot provide all employees with every type of device which might conceivably be useful to them in their work. The Council wants to allow its employees this facility as far as possible. However, the Council is subject to legal rules and must ensure that access to its data is safeguarded. A Personal Device Policy has been designed to allow as much flexibility as possible whilst meeting the operational needs of the Council. In order to manage these risks and ensure employees understand their responsibilities a policy has been drawn up that specifies the conditions under which personal devices may be used and how they will be managed to protect the Council s systems and data. ALTERNATIVE OPTIONS Continue with current arrangements this would not allow REJECTED (if any): employees to have secure and safe access to council systems and does not allow the Council to protect data to the extent that is required. The Council is under a legal duty to take appropriate organisational and technical safeguards to ensure the security of personal data. Do not allow access to the Council s systems and data at all this does not allow employees to work in a flexible way that is beneficial to the Council. CONSULTEES: FINANCIAL IMPLICATIONS: (Authorised by Borough Treasurer) LEGAL IMPLICATIONS: (Authorised by Borough Solicitor) None There is no additional cost to the Council in setting up the infrastructure Mobile Device Management (MDM) system, as ICT Services have sufficient server capacity to meet this requirement. The charge to Service Areas of 5.50 per device per month, is the full cost to the Council from Orange to operate the MDM software licence. IT Services will need to ensure that all software licence costs incurred are recovered from Service Areas. The Data Protection Act 1998 has always required organisations to take appropriate steps to maintain data security. This has become increasingly important as technology develops and high profile incidents have led to public concerns about this issue and
2
3 EXECUTIVE DECISION REPORT SERVICE AREA: SUBJECT MATTER: GOVERNANCE ICT, Communications and Media PERSONAL DEVICE POLICY DATE OF DECISION: 13 March 2013 DECISION TAKER REPORTING OFFICER: REPORT SUMMARY: RECOMMENDATIONS: JUSTIFICATION FOR DECISION: Councillor John Taylor Deputy Executive Leader Tim Rainey Assistant Executive Director, ICT Media and Communications The Council wants to encourage its staff to work as efficiently as possible. It provides staff with the essential technology they need to do their job. However it cannot provide all employees with every type of device which might conceivably be useful to them in their work. The Council wants to allow its employees this facility as far as possible. However, the Council is subject to legal rules and must ensure that access to its data is safeguarded. A Personal Device Policy has been designed to allow as much flexibility as possible whilst meeting the operational needs of the Council. That the Personal Device Policy at appendix 1 of the report is adopted. In order to manage the risks and ensure employees understand their responsibilities a policy has been drawn up that specifies the conditions under which personal devices may be used and how they will be managed to protect the Council s systems and data. ALTERNATIVE OPTIONS Continue with current arrangements this would not allow REJECTED (if any): employees to have secure and safe access to council systems and does not allow the Council to protect data to the extent that is required. The Council is under a legal duty to take appropriate organisational and technical safeguards to ensure the security of personal data. Do not allow access to the Council s systems and data at all this does not allow employees to work in a flexible way that is beneficial to the Council. CONSULTEES: FINANCIAL IMPLICATIONS: (Authorised by Borough Treasurer) LEGAL IMPLICATIONS: (Authorised by Borough Solicitor) None. There is no additional cost to the Council in setting up the infrastructure Mobile Device Management (MDM) system, as ICT Services have sufficient server capacity to meet this requirement. The charge to Service Areas of 5.50 per device per month, is the full cost to the Council from Orange to operate the MDM software licence. IT Services will need to ensure that all software licence costs incurred are recovered from Service Areas. The Data Protection Act 1998 has always required organisations to take appropriate steps to maintain data security. This has become increasingly important as technology develops and high profile incidents have led to public concerns about this issue and
4 with the Information Commissioner being given increased powers to impose civil monetary penalty notices on organisations. The policy seeks to balance the desire of employees to use their own technology to process personal data with the needs of the organisation to maintain data security. RISK MANAGEMENT: LINKS TO COMMUNITY PLAN: ACCESS TO INFORMATION: The potential risks identified are set out in the report. Indirectly the policy contributes to all elements of the Community Plan. Background papers can be inspected by contacting the report author Julie Hayes, Head of ICT Services on Tel: or
5 1. INTRODUCTION 1.1 Mobile computing devices have quickly become a critical business tool. Due to their flexibility, intuitive behaviour and convenience, increasingly people are turning to tablet devices such as the market leading ipad for business applications. 1.2 There are many benefits to using an ipad, not least their ease of use and the wealth of apps that are readily available for the devices. But these benefits are not without risks and as the potential grows for more and more employees to bring their personal ipad and iphone devices into the workplace these risks need to be recognised and mitigated. 1.3 One way of dealing with the security risks associated with ipads and iphones is to enforce an outright ban. Another approach would be to continue only allowing a limited number of corporately approved and controlled devices as we do presently. In reality neither of these traditional approaches is likely to be successful in practice. 1.4 Mobile technology is a fast moving and fast evolving field. Many people will already have more technologically advanced devices and smartphones at home for personal use than they have in the workplace. This coupled with our current financial situation - where less will be spent on technology refreshes in future - mean that the Council needs to address the issues of staff bringing their own devices, including ipads and iphones into the workplace and wanting to use them for work related activities such as Unlike the Blackberry fleet there is currently no policy in place to ensure that we can provide a level of secure access to our corporate network for personal devices to be used on our network, accessing our information. 1.6 The Council wants to encourage its staff to work as efficiently as possible and it acknowledges that many of its employees have purchased their own electronic devices for their personal use and that some staff are willing to use their device for work purposes in order to help them do their job. 1.7 The Council wants to allow its employees this facility as far as is reasonable and safe to do. However, the Council is subject to legal rules and must ensure that access to its data is safeguarded. This policy has been designed to allow as much flexibility as possible whilst meeting the operational needs of the Council. 1.8 The main risks associated with this are the potential loss or exposure of personal data. The Council is under a legal duty to take appropriate organisational and technical safeguards to ensure the security of personal data. Breach of data security means that the Information Commissioner can fine the Council up to 500,000 and fine individual employees up to 50, In order to manage these risks and ensure employees understand their responsibilities a policy has been drawn up that specifies the conditions under which personal devices may be used and how they will be managed to protect the Council s systems and data As the Policy covers the use of personal equipment in any setting, including in the home, the policy has been entitled Personal Device Policy
6 2 KEY POINTS OF THE POLICY 2.1 Employees can use their own equipment to access the Council s systems and data from the Council s network if they do so in accordance with the policy. The use of personal equipment to access council networks is prohibited under any other circumstances. 2.2 The policy only allows access to Council systems in one of the following ways: Via a website made available for that purpose (for example Outlook Web Application - OWA); Via Netilla (if they are an authorised Netilla user and they device supports this); In a way which is managed by the Council s approved mobile device management software (currently Mobile Iron); or Via a VPN connection (Virtual Private Network) configured by ICT services. 2.3 Whenever accessing council data the individual must ensure that they comply with the provisions of the policy as well as the ICT Security Policy, Acceptable Use Guidelines, the Data Protection Act 1998 and all Information Risk Management policies. Individuals must ensure that the Council s data is not viewed by friends or family. 2.4 The Council will not provide support or training in the use of personal devices except about Mobile Device Management software 2.5 The Council remains the owner of all council data on the device. It has the legal duty to control that data. For that reason employees who participate in the agreement give the Council some control over the device. The rights the individual is giving the Council are outlined in the policy. 2.6 The cost of the software to control and manage personal devices will be borne by the service the individual works for. 2.7 The policy contains the agreement which individuals must sign to indicate that they understand their responsibility for safeguarding all council data and will comply in full with the requirements of the policy. 2.8 The policy is attached at Appendix 1. 3 COSTS 3.1 Individuals who wish to take advantage of the policy do so at their own expense. The Council will not reimburse individuals for any support costs they incur nor will it reimburse data charges or for any damage to the device caused by the installation or removal of mobile device management software. 3.2 The cost of the Mobile Device Management software licence is 5.50 per device per month, which must be funded by each individual s service. 4 RISK ASSESSMENT AND MANAGEMENT 4.1 The potential risks identified are: Risks involved in viewing the Council s data on a personal device the Council has purchased Mobile Device Management software to control personal devices and access is restricted to the secure ways outlined in the policy. Employees must sign an
7 Additional financial cost around loss or damage of the device or use of the device for Council purposes. The policy makes it clear that all costs (other than the device management software) are to be borne by the individual. 5 CONCLUSIONS 5.1 The Council wants to allow its employees to use their personal devices as far as possible. However, the Council is subject to legal rules and must ensure that access to its data is safeguarded. This policy has been designed to allow as much flexibility as possible whilst meeting the operational needs of the Council. 5.2 The main risks associated with this are the potential loss or exposure of personal data. The Council is under a legal duty to take appropriate organisational and technical safeguards to ensure the security of personal data. Breach of data security means that the Information Commissioner can fine the Council up to 500,000 and fine individual employees up to 50, In order to manage these risks and ensure employees understand their responsibilities a policy has been drawn up that specifies the conditions under which personal devices may be used and how they will be managed to protect the Council s systems and data. 6 RECOMMENDATIONS 6.1 That the Personal Device Policy at appendix 1 of the report is adopted.
8 APPENDIX 1 Tameside MBC Bring Your Own Device (BYOD) Policy Contents Document Control Introduction When can I use my personal device to access Council Data? Use of personal devices 3 4. Use of personal devices with Mobile Device Management Software Costs 7 Appendix 1 Approved and Excluded Devices 8 Appendix 2 BYOD Agreement Document Control Name Version Description Date Julie Hayes.01 Draft 2 January 2013 Risk and Audit.02 Draft 3 January 2013 Organisational Development.03 Draft 4 January 2013 Paul Turner.04 Draft 8 January 2013 IRMG.04 Draft 9 January 2013 Live 1 1st Published version 1 Introduction 1.1 The Council wants to encourage its staff to work as efficiently as possible. It provides staff with the essential technology they need to do their job. However it cannot provide all employees with every type of device which might conceivably be useful to them in their work. 1.2 The Council recognises that many of its employees have purchased their own electronic devices for their personal use and that some staff are willing to use their device for work purposes in order to help them do their job. 1.3 The Council wants to allow its employees this facility as far as possible. However, the Council is subject to legal rules and must ensure that access to its data is safeguarded. This policy has been designed to allow as much flexibility as possible whilst meeting the operational needs of the Council. 1.4 The main risks associated with this are the potential loss or exposure of personal data. The Council is under a legal duty to take appropriate organisational and technical safeguards to ensure the security of personal data. Breach of data security means that the Information Commissioner can fine the Council up to 500,000 and fine individual employees up to 50, Managers are directly responsible for disseminating and implementing this policy. 1.6 All references to Council data refer to data for which the Council is data controller this is not limited to personal data but also includes data which is not known to the public. 1.7 In the event of any conflict the ICT Security Policy will take precedence except where it relates to the connection of personal devices to the Council s network.
9 2 When can I use my personal device to access Council Data? 2.1 You can use your own equipment to access the Council s systems and data from the Council s network if you do so in accordance with this policy. 2.2 This policy only allows access to Council systems in one of the following ways: Via a website made available to you for that purpose (for example Outlook Web Application - OWA) Via Netilla (if you are an authorised Netilla user and your device supports this) In a way which is managed by the Council s approved mobile device management software (currently Mobile Iron) Via a VPN connection (Virtual Private Network) configured by ICT services 2.3 The use of your own equipment to access council networks is prohibited except in accordance with this policy. 3 Use of personal devices 3.1 If you use your device via Netilla, VPN or websites you must not download documents containing personal data or other material to your device. 3.2 You must regularly check your device to ensure that no files have been accidentally downloaded and stored on the device (e.g. by accidentally downloading an attachment to an ). Any such file found must be deleted immediately. Unless you are sure that you do not have data on your device you should protect access to your device using a pass code and, where possible, encrypting that device. 3.3 In particular you must check the device before allowing someone else to use it or before you dispose of the device to make sure that nothing has been accidentally downloaded onto the device. 3.4 Whenever accessing council data you must ensure that you comply with the provisions of this policy as well as the ICT Security Policy, Acceptable Use Guidelines, the Data Protection Act 1998 and all Information Risk Management policies, which can be found on the intranet. By using a personal device to access the Council s systems and data, an individual is accepting responsibility for the safeguarding of data viewed on that device and will be held accountable for any incidents which compromise the safety of that data. Failure to adhere to these policies may lead to disciplinary action being taken and for more serious cases, where individuals have not followed guidance and policies, legal action. In addition it should be noted that an individual fine can be imposed by the Information Commissioner s Office (ICO) in the event that the personal device is purposefully used to obtain information for an individual s own financial or personal benefit. 3.5 You must not connect your personal device to the Council s private wifi network (although you are permitted to use the free public wifi hotspots located in some Council offices). 3.6 Individuals who wish to take advantage of this policy do so at their own expense. The Council will not reimburse individuals for any support costs they incur nor will it reimburse the cost of supplying data to the device or for any damage to the device caused by the installation or removal of mobile device management software. 3.7 Individuals must notify the Council IMMEDIATELY if any of the following occur, a device that has been set up to access the Council s systems is lost, the device has been damaged/has developed a fault, if the device is handed temporarily or permanently to a third party for repair or other reason. In all cases ICT Services will remove the facilities to access the Council s systems and data 4 Use of personal devices with Mobile Device Management Software 4.1 Mobile device management software will only be available where: (a) a service (or an individual employee) is prepared to pay the annual cost of the licence for that software
10 (b) the employee has a device covered by this policy as shown in Appendix 1 (c) the individual signs a bring your own device agreement (Appendix 2); and (d) the service agrees that this facility is appropriate for the employee concerned. For example, if an individual handles personal information on behalf of other organisations, steps should be taken to check that the Council is not breaching any information sharing protocols or data exchange agreements. If an individual handles very sensitive personal data then the service must ensure that the protection offered by the software is adequate to protect the data. 4.2 Once the fee has been paid, IT Services will set up the employee in the system and send a notification to confirm this has been done. 4.3 Once they receive the notification the employee is responsible for downloading the mobile device management software and installing it on their device. They must ensure that: (a) Only the employee can view the Council s data and that friends and family cannot access it. (b) The device is protected with a passcode lock requiring a PIN to be entered before use. (c) Council data is only stored on the device if that data is controlled by the mobile device management (training will be given about this) (d) Council data is not transferred from the device to any other device or storage medium. (e) Any instructions given in relation to their device are followed. This could include: A requirement to update software or operating system A requirement to install new software A requirement to delete software Configuring their device in a particular way (f) Council data is deleted if the Employee leaves the Council or if the Council requires. 4.4 The Council will not provide support or training in the use of your device except about Mobile Device Management software. 4.5 The Council remains the owner of all council data on the device. It has the legal duty to control that data. For that reason employees who participate in this agreement give the Council some control over the device. They are giving the Council the right to: (a) Delete Council data from the device or lock the device or that data. (b) Scrutinise the employee s device. (c) Require the employee to allow the device to be physically inspected. (d) Collect systems data about the personal device on an ongoing basis, which will be stored in the Mobile Device Management (MDM) system. The data will only be used by the Council for necessary administration, business purposes and to support the investigation of misuse, fraud, criminal activity or data loss if necessary. Data will include but is not limited to Telephone number International Mobile Equipment (IMEI) number Make and Model Operating System and version Configuration Applications installed In addition the Mobile Device Management (MDM) system will collect data in relation, but not limited to Device location Council systems and data accessed by the device (e) Collect data about applications an individual has installed on their device. If the Council considers that an application may compromise the Council s systems and data it will delete council data from the device and suspend access to council data. (f) Require the employee to attend training as necessary for the Mobile Device Management (MDM) software or in relation to Data Protection/Information Management. 4.6 ICT Services may remove the facilities to access the Council s systems and data, remote wipe and/or initiate a remote lock of the device if it considers it appropriate to do so. It may not be possible to give advance warning or seek permission on an individual basis.
11 5 Costs 5.1 The cost of the infrastructure to set up the Mobile Device Management (MDM) system will be funded by ICT Services. 5.2 The MDM software annual licence fee for each individual must be funded by that individual s service. Managers must therefore balance the benefits of the individual using their personal device with the cost of the licence to manage and protect the Council s systems and data on that device. This may be attractive where the individual was previously allocated a Council owned Blackberry. Licences may be transferred to another individual. If the individual is part of another service that service will take on the on-going annual commitment but there will be no in year adjustment 5.3 The individual granted permission to use their own device to access the Council s systems and data must ensure they understand their own contract and data/call allowances as they will be liable for all costs (except those identified in 4.1) incurred when using the device, including but not limited to, data costs (including roaming costs), call charges (even when used for business calls), support from their provider, repair and insurance costs. 5.4 The Council will not reimburse individuals for business calls made. Where an individual needs to make a large number of work-related calls it is likely that a Council issued device will be more appropriate. 5.5 The Council will not accept liability for damage, theft or loss of an individual s personal device, no matter how caused. This applies even in the event of a device being damaged whilst being used to access Council data. 5.6 The Council will not accept liability for damage, theft or loss of an individual s personal data including music and applications, no matter how caused. This applies even in the event of a device being damaged whilst being used to access Council data. 5.7 The Council may under certain circumstances reimburse individuals for additional charges in a disaster recovery situation emergency (but prior approval is needed for this). Appendix 1 Approved and Excluded Devices Excluded Devices Devices that have been Jailbroken, hacked, rooted or in any way tampered with. Devices with the following operating systems o IOS 3 or earlier o Symbian 3rd Edition, base, FP1, FP2, 5th generation o WebOS o Windows Mobile 5 Personal laptops or computers except as outlined in Section 2 of this Policy. Approved Devices Please note that list is subject to change without notice should a device become a security risk to the Council s systems or data. Devices with the following operating systems o Android 2.2 and later o Blackberry and later o IOS4.x+ MDM o Windows Mobile 6 o Windows phone 7.x Personal laptops or computers as outlined in Section 2 of this Policy. Appendix 2 BYOD Agreement Name Notes Service Device Authorised by Location of assessment Date effective from In consideration of the Council agreeing to allow me to access its data on my personal device I agree that:-
12 1. I wili comply in full with the requirements of the BYOD policy (as available on the Council s intranet from time to time). 2. The Council may take any action in relation to my device and collect information about my device in accordance with the BYOD policy (as available on the Council s intranet from time to time). 3. I will comply with all instructions given to me under the BYOD policy (as available on the Council s intranet from time to time). 4. I understand my responsibility for safeguarding all council data. 5. I understand that the Council and I can end this agreement at any time but that if the agreement is ended then the Council will have permission to delete its data and software from my device and that if necessary I will need to present the device to IT Services at my own expense and help staff ensure that Council data has been deleted from the device. I note that if I do not comply with the policy or break this agreement then I may be subject to disciplinary action. Signed... Dated
Bring Your Own Device (BYOD) Policy
Bring Your Own Device (BYOD) Policy Document History Document Reference: Document Purpose: Date Approved: Approving Committee: To set out the technical capabilities of the chosen security solution Airwatch
More informationMobile Security Standard
Mobile Security Standard Title Mobile Security Standard Mobile Device Security Category Version: 18/07/2013 PUBLISHED Author:, IT Services Contact: itsecurity@contacts.bham.ac.uk Mobile Security Standard
More informationREMOTE WORKING POLICY
Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance
More informationMobile Devices Policy
Mobile Devices Policy Item Policy description Division Director Contact Description Guidelines to ensure that mobile devices are deployed and used in a secure and appropriate manner. IT Services and Records
More information[BRING YOUR OWN DEVICE POLICY]
2013 Orb Data Simon Barnes [BRING YOUR OWN DEVICE POLICY] This document specifies a sample BYOD policy for use with the Orb Data SaaS MDM service Contents 1 ACCEPTABLE USE... 3 1.1 GENERAL RULES... 3 2
More informationBYOD Policy for [AGENCY]
BYOD Policy for [AGENCY] This document provides policies, standards, and rules of behavior for the use of smartphones, tablets and/or other devices ( Device ) owned by [AGENCY] employees personally (herein
More informationUSE OF PERSONAL MOBILE DEVICES POLICY
Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014
More informationBring Your Own Device Policy
Bring Your Own Device Policy Purpose of this Document This document describes acceptable use pertaining to using your own device whilst accessing University systems and services. This document will be
More informationPolicy Checklist. Directorate of Performance and Reform. Stephen Hylands, Head of Information Technology
Policy Checklist Name of Policy: Purpose of Policy: Directorate responsible for Policy Name & Title of Author: Does this meet criteria of a Policy? Trade Union consultation? Equality Screened by: Date
More informationInformation Governance Officer 01427 676652 Steve.anderson@west-lindsey.gov.uk
B CPR.32 15/16 Corporate Policy and Resources Committee Date: 10 November 2015 Subject: Bring Your Own Device Policy Report by: Director of Resources Contact Officer: Purpose / Summary: Steve Anderson
More informationWashwood Heath Academy Use by staff of private communication devices policy
As a learning community, Washwood Heath Academy wants all staff and students to be able to be safe users of ICT and all data storage. The development of responsible, independent users is a prime aim of
More informationConsumer Device Policy (Smartphones / Tablets) BYOD (Bring Your Own Device)
Consumer Device Policy (Smartphones / Tablets) BYOD (Bring Your Own Device) Policy Number: 422 Supersedes: - Standards For Healthcare Services No/s 1, 5, 19 New Version Date Of Reviewer Completed Date
More informationAdams County, Colorado
Colorado Independent Consultants Network, LLC Adams County, Colorado Bring-Your-Own-Device Policy Prepared by: Colorado Independent Consultants Network, LLC Denver, Colorado March 20, 2014 Table of Contents
More informationThis policy outlines different requirements for the use of PSDs based on the classification of information.
POLICY OFFICE OF THE INFORMATION COMMISSIONER Use of portable storage devices 1. Purpose A Portable Storage Device (PSD) is a mobile device capable of storing and transferring digital information. Examples
More informationProcedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom
Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Indirani 02/11/2009 Draft 2 Include JG s comments Jackie Groom
More informationEnterprise Mobility as a Service
Service Description: Insert Title Enterprise Mobility as a Service Multi-Service User Management for Mobility 1. Executive Summary... 2 2. Enterprise Mobility as a Service Overview... 3 3. Pricing Structure...
More informationBRING YOUR OWN DEVICE POLICY (BYOD)
BRING YOUR OWN DEVICE POLICY (BYOD) APPROVED BY: South Gloucestershire Clinical Commissioning Group Quality and Governance Committee DATE August 2015 Date of Issue: August 2015 Version No: 7 Review due:
More informationSouthwest Airlines 2013 Terms of Use Portable Devices Feb 2013
1 TERMS OF USE As of February 3, 2013 The following terms and conditions of use ( Terms of Use ) form a legally binding agreement between you (an entity or person) and Southwest Airlines Co. ( Southwest
More informationData Protection Act 1998. Bring your own device (BYOD)
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
More informationBYOD. opos WHAT IS YOUR POLICY? SUMMARY
BYOD WHAT IS YOUR POLICY? opos SUMMARY The organization s employees and contractors frequently perform employment-related tasks which require connecting to the organization s networks, systems, and/or
More informationPolicy for Staff and Post 16 Student BYOD (Bring Your Own Device)
Policy for Staff and Post 16 Student BYOD (Bring Your Own Device) Date approved: 7 th May 2015 Review Schedule: Annual Reviewed: Next review: 1 Context Aims of this Policy Definitions CONTENTS 1. OVERVIEW...
More informationPRIVACY BREACH MANAGEMENT POLICY
PRIVACY BREACH MANAGEMENT POLICY DM Approval: Effective Date: October 1, 2014 GENERAL INFORMATION Under the Access to Information and Protection of Privacy Act (ATIPP Act) public bodies such as the Department
More informationCCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY
CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review
More informationData Protection Breach Management Policy
Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/
More informationHELPFUL TIPS: MOBILE DEVICE SECURITY
HELPFUL TIPS: MOBILE DEVICE SECURITY Privacy tips for Public Bodies/Trustees using mobile devices This document is intended to provide general advice to organizations on how to protect personal information
More informationPAPER RECORDS SECURE HANDLING AND TRANSIT POLICY
PAPER RECORDS SECURE HANDLING AND TRANSIT POLICY CORPORATE POLICY Document Control Title Paper Records Secure Handling and Transit Policy Author Information Governance Manager ** Owner SIRO/CIARG Subject
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More informationOther Review Dates: 15 July 2010, 20 October 2011
POLICY:- Policy Title: Mobile Telephone Policy File reference: F10/618-04 Date Policy was adopted by Council initially: 18 December 2008 Resolution Number: 404/08 Other Review Dates: 15 July 2010, 20 October
More informationProtection of Privacy
Protection of Privacy Privacy Breach Protocol March 2015 TABLE OF CONTENTS 1. Introduction... 3 2. Privacy Breach Defined... 3 3. Responding to a Privacy Breach... 3 Step 1: Contain the Breach... 3 Step
More informationInformation Incident Management Policy
Information Incident Management Policy Change History Version Date Description 0.1 04/01/2013 Draft 0.2 26/02/2013 Replaced procedure details with broad principles 0.3 27/03/2013 Revised following audit
More informationBring Your Own Device Acceptable Use Policy
Bring Your Own Device Acceptable Use Policy Released On Author(s) Reviewed By Version and Date Master Document Index Number Protective Marking Irene Docherty v 1.3, 08/01/14 IS-WC-POL-0001 unclassified
More informationBRING YOUR OWN DEVICE
BRING YOUR OWN DEVICE Legal Analysis & Practical TIPs for an effective BYOD corporate Policy CONTENTS 1. What is BYOD? 2. Benefits and risks of BYOD in Europe 3. BYOD and existing Policies 4. Legal issues
More informationSomerset County Council - Data Protection Policy - Final
Organisation Title Author Owner Protective Marking Somerset County Council Data Protection Policy - Final Peter Grogan Information Governance Manager Unclassified POLICY ON A PAGE Somerset County Council
More informationBring Your Own Device (BYOD)
1. Introduction Introduction This document outlines the considerations that the Council needs to consider in relation to its decision whether or not to adopt the current trend (arising from the consumerisation
More informationCounty of Grande Prairie - Information Systems
County of Grande Prairie - Information Systems Title [Systems] [BRING YOUR OWN DEVICE - BYOD] - Procedure Location Buddie Systems and HR Documents Approved by Natalia Madden Collaborators Sophie Mercier,
More informationAppendix 1b. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA. Review of Mobile Portable Devices Management
Appendix 1b DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA Review of Mobile Portable Devices Management DISTRIBUTION LIST Audit Team David Esling, Head of Audit and Assurance
More informationCorporate Mobile Policy Template
Updated July 2011 Three major changes have occurred over the past 18 months that require updates to your organization s mobile policy. These changes include widespread adoption of tablet devices, changes
More informationBell Mobile Device Management (MDM)
Bell MDM Business FAQs 1 Bell Mobile Device Management (MDM) Frequently Asked Questions INTRODUCTION Bell Mobile Device Management provides business customers an all in one device administration tool to
More informationOWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.
OWA vs. MDM Introduction SmartPhones and tablet devices are becoming a common fixture in the corporate environment. As feature phones are replaced with new devices such as iphone s, ipad s, and Android
More informationBring Your Own Device (BYOD) for Staff and Visitors
Bring Your Own Device (BYOD) for Staff and Visitors Version 1.01 01.16 Created April 2015 Reviewed by Education and staffing Committee 21.01.16 Review Cycle Triennial Next review September 2019 Source
More informationMobile Device Management for CFAES
Mobile Device Management for CFAES What is Mobile Device Management? As smartphones and other mobile computing devices grow in popularity, management challenges related to device and data security are
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More information1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?
MaaS360 FAQs This guide is meant to help answer some of the initial frequently asked questions businesses ask as they try to figure out the who, what, when, why and how of managing their smartphone devices,
More informationCompany Mobile Phone Policy
Company Mobile Phone Policy Policy Clifford House Fostering is committed to ensuring that adequate communication facilities are available to its staff in order for them to carry out their normal daily
More informationFrequently Asked Questions & Answers: Bring Your Own Device (BYOD) Policy
Frequently Asked Questions & Answers: Bring Your Own Device (BYOD) Policy Converting a Device Whose phones will be wiped on Wednesday, January 30? If you continue to have a company-paid phone, you are
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
More informationGuidance on Bring Your Own Device (BYOD) Policy for Staff, Pupils and Visitors
Guidance on Bring Your Own Device (BYOD) Policy for Staff, Pupils and Visitors Policy Nr 109 Published 30-Jun-15 Page 1 of 5 Bring Your Own Device (BYOD) Policy for Staff, Pupils and Visitors School Guidelines
More informationAPPLE & BUSINESS. ios ENTERPRISE SECURITY ENTERPRISE NEEDS CONFIGURATION PROFILES
APPLE & BUSINESS ios ENTERPRISE SECURITY Apple have had an uphill battle getting into businesses for many years the Windows monopoly Phones provided another attempt Blackberrys and Windows Mobile were
More informationGuidelines. London School of Economics & Political Science. Remote Access and Mobile Working Guidelines. Information Management and Technology
London School of Economics & Political Science Information Management and Technology Guidelines Remote Access and Mobile Working Guidelines Jethro Perkins Information Security Manager Summary This document
More informationManaging iphones, ipads, and Androids with Exchange ActiveSync. Presented by Val Hetrick
Managing iphones, ipads, and Androids with Exchange ActiveSync Presented by Val Hetrick 1 What Will I Learn Today? How Exchange can be used as a basic management tool for Mobile Devices The features and
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationPrivacy and Cloud Computing for Australian Government Agencies
Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy
More informationIT ACCESS CONTROL POLICY
Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance
More informationThe Maximum Security Marriage:
The Maximum Security Marriage: Mobile File Management is Necessary and Complementary to Mobile Device Management The bring your own device (BYOD) trend in the workplace is at an all-time high, and according
More informationInformation Governance Framework. June 2015
Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationTrust Operational Policy. Information Security Department. Third Party Remote Access Policy
Trust Operational Policy Information Security Department Policy Reference: 3631 Document Control Document Title Author/Contact Document Reference 3631 Pauline Nordoff-Tate, Information Assurance Manager
More informationAnswers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.
Mobility options and landscapes are evolving quickly for the corporate enterprise. Mobile platform providers such as Apple, Google and Microsoft, and leading device hardware vendors are constantly updating
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationWhite Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0
White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative
More informationBYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012
BYOD and Mobile Device Security Shirley Erp, CISSP CISA November 28, 2012 Session is currently being recorded, and will be available on our website at http://www.utsystem.edu/compliance/swcacademy.html.
More informationOperational Risk Publication Date: May 2015. 1. Operational Risk... 3
OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...
More informationMobile Security: Controlling Growing Threats with Mobile Device Management
Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work
More informationSecurity Incident Management Policy
Security Incident Management Policy January 2015 Document Version 2.4 Document Status Owner Name Owner Job Title Published Martyn Ward Head of ICT Business Delivery Document ref. Approval Date 27/01/2015
More informationDublin City University
Asset Management Policy Asset Management Policy Contents Purpose... 1 Scope... 1 Physical Assets... 1 Software Assets... 1 Information Assets... 1 Policies and management... 2 Asset Life Cycle... 2 Asset
More informationLSE PCI-DSS Cardholder Data Environments Information Security Policy
LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationBring Your Own Devices (BYOD) Information Governance Guidance
Bring Your Own Devices (BYOD) Information Governance Guidance 1. Purpose The purpose of this document is to provide guidelines that will support organisations considering whether to enable the use of Bring
More informationSecure Mobile Solutions
Secure Mobile Solutions Manage workloads securely on the move sevices@softbox.co.uk 01347 812100 www.softbox.co.uk Contents Secure Mobile Solutions Key Features and Benefits Integration and Management
More informationNetwork Password Management Policy & Procedures
Network Password Management Policy & Procedures Document Ref ISO 27001 Section 11 Issue No Version 1.3 Document Control Information Issue Date April 2009, June 2010, September 2011 Status Approved By FINAL
More informationTHE ENTERPRISE MOBILITY POLICY GUIDEBOOK
THE ENTERPRISE MOBILITY POLICY GUIDEBOOK October 2010 Edition 2 About This Guidebook Research from Strategy Analytics shows that over 90% of organizations now have employees using smartphones within their
More informationRemote Access and Home Working Policy London Borough of Barnet
Remote Access and Home Working Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Remote Access and Home Working Policy Document Description This policy applies to home and
More informationPolicy Document. Communications and Operation Management Policy
Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationHow To Write A Mobile Device Policy
BYOD Policy Implementation Guide BYOD Three simple steps to legally secure and manage employee-owned devices within a corporate environment We won t bore you with the typical overview that speaks to the
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September
More informationAcceptable Media Use and Bring Your Own Device (BYOD) Policy
Acceptable Media Use and Bring Your Own Device (BYOD) Policy Author: Mr Joe Cowell Headteacher Date Ratified by Governors: September 2015 Date of Review: September 2018 Wollaston School Acceptable Media
More informationBring Your Own Device. Individual Liable User Policy Considerations
Bring Your Own Device Individual Liable User Contents Introduction 3 Policy Document Objectives & Legal Disclaimer 3 Eligibility Considerations 4 Reimbursement Considerations 4 Security Considerations
More informationHow To Understand The Bring Your Own Device To School Policy At A School
The Thomas Hardye School Bring Your Own Device to School (BYOD) Policy for Students Adopted by Personnel & Resources Committee 1 st September 2014 Review date: 31 st August 2015 Signed by Chair:. CONTENTS
More informationipad in Business Mobile Device Management
ipad in Business Mobile Device Management ipad supports Mobile Device Management, giving businesses the ability to manage scaled deployments of ipad across their organizations. These Mobile Device Management
More informationITEM NO: 4. Date: 23 March 2010. Pam Williams Borough Treasurer Wendy Poole Head of Risk Management Audit Services. Reporting Officers:
ITEM NO: 4 Report To: AUDIT PANEL Date: 23 March 2010 Reporting Officers: Subject: Report Summary: Recommendations: Links to Community Strategy: Policy Implications: Financial Implications: (Authorised
More informationData Breach Management Policy and Procedures for Education and Training Boards
Data Breach Management Policy and Procedures for Education and Training Boards POLICY on DATA BREACHES in SCHOOLS/COLLEGES and OTHER EDUCATION and ADMINISTRATIVE CENTRES UNDER the REMIT of TIPPERARY EDUCATION
More informationBring Your Own Device Mobile Security
Abstract Energized by the capability of consumer mobile devices employees demanded them in the workplace. Information technology organizations had neither the time nor budget to satisfy employee demands.
More informationSERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0
SERVER, DESKTOP AND PORTABLE SECURITY September 2014 Version 3.0 Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable Policy Title SERVER, DESKTOP AND PORTABLE SECURITY POLICY
More informationPolicy: Telephone and Cell Phone
Policy: Telephone and Cell Phone Effective Date: 8/20/2015 Section: 2-5 Policy Local and Long Distance Personal Use of League Phones/Faxes The League provides desk phones and cell phones to employees who
More informationInformation Technology and Governance Committee
Information Technology and Governance Committee Paper Title: Enhancing Information Governance at Loughborough University Author: Information Governance Sub-Committee 1. Specific Decision Required by Committee
More informationProcedure for Managing a Privacy Breach
Procedure for Managing a Privacy Breach (From the Privacy Policy and Procedures available at: http://www.mun.ca/policy/site/view/index.php?privacy ) A privacy breach occurs when there is unauthorized access
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationONE Mail Direct for Mobile Devices
ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document
More informationSophos Mobile Control User guide for Apple ios
Sophos Mobile Control User guide for Apple ios Product version: 2.5 Document date: July 2012 Contents 1 About Sophos Mobile Control... 3 2 Login to the Self Service Portal... 4 3 Set up Sophos Mobile Control
More informationCyber and Data Security. Proposal form
Cyber and Data Security Proposal form This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which
More informationPrivacy and Electronic Communications Regulations
ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3
More informationBOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy
BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy
More informationFINAL NOTICE. 1.2. Nationwide has confirmed that it will not be referring the matter to the Financial Services and Markets Tribunal.
Financial Services Authority FINAL NOTICE To: Of: Nationwide Building Society Nationwide House Pipers Way Swindon SN38 1NW Date: 14 February 2007 TAKE NOTICE: The Financial Services Authority of 25 The
More informationPlease Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision.
May 2013 Bring Your Own Device Policy Template for Further Education Please Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision. Table
More informationiphone in Business Mobile Device Management
19 iphone in Business Mobile Device Management iphone supports Mobile Device Management, giving businesses the ability to manage scaled deployments of iphone across their organizations. These Mobile Device
More informationHow To Protect The Agency From Hackers On A Cell Phone Or Tablet Device
PRODUCT DESCRIPTION Product Number: 0.0.0 MOBILE DEVICE MANAGEMENT (MDM) Effective Date: Month 00, 0000 Revision Date: Month 00, 0000 Version: 0.0.0 Product Owner: Product Owner s Name Product Manager:
More informationThe Future of Mobile Device Management
The Future of Mobile Device Management Simplifying the move from BlackBerry to a multi-os environment MobileIron Advisory Services 415 E. Middlefield Road Mountain View, CA 94043 www.mobileiron.com Table
More informationBARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY
Putting Barnsley People First BARNSLE CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLIC Version: 2.0 Approved By: Governing Body Date Approved: Feb 2014 (initial approval), March
More information