Bring Your Own Device (BYOD) Policy

Similar documents
Mobile Devices Policy

NSW Government. Wireless services (WiFi) Standard

Security Systems Surveillance Policy

NSW Government. End User Computing Standard. Version 1.0. October 2014

Highland Council Information Security Policy

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

Information Security Program

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

Developing a Policy for Bring Your Own Device. Report to the Joint Legislative Oversight Committee on Information Technology

Bring Your Own Device Policy

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

Bring Your Own Device (BYOD) and Mobile Device Management.

How To Protect Decd Information From Harm

Information Security Policy

Records and Document Management

University of Liverpool

RECORDS MANAGEMENT POLICY

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

Mobile Security Standard

POLICY ON USE OF INTERNET AND

How To Write A Mobile Device Policy

NSW Government. Cloud Services Policy and Guidelines

INFORMATION SECURITY PROCEDURES

Bring Your Own Device (BYOD) and Mobile Device Management

Information Security Incident Management Policy September 2013

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

COMPUTER USER REGULATIONS INFORMATION TECHNOLOGY POLICY 1

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015

Newcastle University Information Security Procedures Version 3

PS177 Remote Working Policy

Guideline for Roles & Responsibilities in Information Asset Management

How To Ensure Network Security

Information Technology Services

YORK REGION DISTRICT SCHOOL BOARD

Boston Public Schools. Guidelines for Implementation of Acceptable Use Policy for Digital Information, Communication, and. Technology Resources

Information & ICT Security Policy Framework

NSW Government. Mobile Device & Application Framework. Version 1.0

Corporate Information Security Management Policy

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Clevertar Privacy Policy

Service Schedule for CLOUD SERVICES

Access Control Policy

DOT.Comm Oversight Committee Policy

How To Understand The Bring Your Own Device To School Policy At A School

Draft Information Technology Policy

Network Security Policy

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

Don t Let A Security Breach Put You Out of Business

Choose Your Own Device (CYOD) and Mobile Device Management. gsolutionz.com

Records Management Policy & Procedure

COUNCIL POLICY R180 RECORDS MANAGEMENT

Data Protection Act Bring your own device (BYOD)

COMPUTER USAGE -

Encryption Policy Version 3.0

B. Privacy. Users have no expectation of privacy in their use of the CPS Network and Computer Resources.

SERVER, DESKTOP AND PORTABLE SECURITY. September Version 3.0

School of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy

Information Management and Security Policy

INFORMATION SECURITY POLICY

ICT budget and staffing trends in the UK

Document Control. Version Control. Sunbeam House Services Policy Document. Data Breach Management Policy. Effective Date: 01 October 2014

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

Cyber Security. John Leek Chief Strategist

BYOD. Bring Your Own Device - Mobile Device Management.

Data Governance. Policy FINAL (Approved)

Type of Personal Data We Collect and How We Use It

IT TECHNOLOGY ACCESS POLICY

amaysim Privacy Policy

Intel Enhanced Data Security Assessment Form

CJIS SECURITY POLICY: VERSION 5.2 CHANGES AND THE UPCOMING REQUIREMENTS.

St. Peter s C.E. Primary School Farnworth , Internet Security and Facsimile Policy

Information Technology and Communications Policy

Transcription:

Bring Your Own Device (BYOD) Policy Version: 1.0 Last Amendment: N/A Approved by: Executive Committee Policy owner/sponsor: Director, Digital Library Services and CIO Policy Contact Officer: Manager, ICT Services Policy No: PD/40 TRIM File No: 51966 Date approved: 07/10/2014 Next review: 01/10/2016 1. Summary Technology is part of the everyday life of the modern public sector worker. Consumer technology is evolving quickly and is often more advanced than the technology available in the workplace. Employees increasingly prefer to use their own smart phones, tablets and other devices to access corporate information. Empowering them to do so supports greater workplace morale, mobility and flexibility. Many government agencies have adopted the use of mobile communication devices including laptops, smart phones, tablets and similar equipment as efficient business communication tools. The Office of Finance and Services have established government contracts covering the procurement and connection of mobile communication devices for government agencies. The State Library of New South Wales (the Library) has determined that the use of mobile communication technology for Library staff, contributes to the efficiency and effectiveness of staff, especially when they are remote from the Library or mobile within the premises. To ensure security of the Library s systems accessed by staff own mobile devices, ICT Services is implementing MDM (Mobile Device Management) software. MDM will be used to manage all mobile devices used to access our internal systems and ensure security of corporate data stored on the mobile devices. These procedures will define MDM requirements and roles and responsibilities of staff using their mobile devices to access the Library s internal systems. The purpose of this policy and associated BYOD procedures is to allow staff to use their own mobile devices if they wish to do so, while also ensuring they take steps to minimise the risk of unauthorised access to the Library s systems or unauthorised use or disclosure of the data held by the Library. This BYOD Policy and associated procedures have been informed by the NSW Government Mobility Solutions Framework. The Framework assists NSW Government agencies to define their agency specific mobility strategy and approach. Bring Your Own Device.docx 1/5

2. Policy statement This policy and associated BYOD procedures set out the terms of use for BYOD within the Library. It affects any device or accompanying media that staff may use to access the systems and data of the library, whether they are used within or outside the standard working hours. This Policy applies to all Library staff (see definition in Section 4 below) and must be read in conjunction with the BYOD procedures and other Library s policies and the Code of Conduct. 3. Legislative and Policy Framework This policy supplements the Library s Information and Technology Services Policy. You should also have regard to the following statutory rules, policy documents and standards. They provide direct or related guidance for the use of technology and the collection, storage, access, use and disclosure of data by NSW public sector agencies: Most relevant legislation Copyright Act 1968 (Cth) Crimes Act 1900 Crimes Act 1914 (Cth) Electronic Transactions Act 2000 Email Policy Evidence Act 1995 Government Information (Public Access) Act 2009 Government Sector Employment Act 2013 Health Records and Information Privacy Act 2002 Library Act 1939 Library Regulation 2010 Privacy and Personal Information Protection Act 1998 Public Finance and Audit Act 1983 Public Interest Disclosures Act 1994 State Records Act 1998 Workplace Surveillance Act 2005 Related and/or most relevant State Library and government policies AS/NZS ISO 31000 Risk management - Principles and guidelines AS/NZS ISO/IEC 27000:2013 Information Technology Security techniques Code of practice for information security management 2013 Code of Conduct Electronic Document Management Policy Information and Communications Technology (ICT) Services Policy M2012-15 Digital Information Security Policy Mobile Technology Usage Policy NSW Government Cloud Services Policy and Guidelines NSW Government ICT Strategy NSW Government Mobility Solutions Framework 2013 NSW Government BYOD Devices Policy 2013 NSW Government Open Data Policy NSW Government Social Media Policy and Guidelines NSW Procurement: Small and Medium Enterprises Policy Framework Password Policy Bring Your Own Device.docx 2/5

Privacy Management Plan Records Management Policy Remote Access Policy 4. Sector Definitions and acronyms Account - Telecommunication services provider billing account. Application Computer software designed to assist end users to carry out useful tasks. Examples of applications may include the Microsoft Office suite of products or smartphone applications such as Google Maps. Bring Your Own Device (BYOD) - Any electronic device owned, leased or operated by an employee or contractor of the Library which is capable of storing data and connecting to a network, including but not limited to mobile phones, smartphones, tablets, laptops, personal computers and netbooks. Data - Any and all information stored or processed through a BYOD. Library s data refers to data owned, originating from or processed by the Library s systems. Device hygiene - BYOD must have appropriate and up-to-date hygiene solutions installed. Device hygiene includes anti-virus, anti-spam and antispyware solutions. Minimum requirements - The minimum hardware, software and general operating requirements for a BYOD. Mobile Device Management (MDM) Solution which manages, supports, secures and monitors mobile devices. Wipe A security feature that renders the data stored on a device inaccessible. Wiping may be performed locally, via an MDM product, or remotely by a network administrator Staff - all staff on the State Library payroll and all contractors, consultants, members of the Library Council of NSW, volunteers, State Library scholars and fellows. 5. Responsibilities The Director, Digital Library Services and CIO is responsible for: o ownership of the policy o assessing and acting on serious breaches of the policy requiring suspension and termination of access o tabling serious breaches of this policy to the Executive Committee The Executive Committee is accountable for: o leading the implementation of this policy including its conformity to legislative and other compliance requirements, especially those relating to the security of corporate information and protection of personal information o ensuring this policy is communicated effectively to managers, supervisors and coordinators o Reviewing serious breaches of the policy ensuring that the policy is reviewed every two years. Bring Your Own Device.docx 3/5

Manager, ICT Services is responsible for: o implementing procedures to ensure auditing of ICT infrastructure and systems security complies with this policy and other Library and ICT policies o Ensuring breaches are escalated to the Director, Digital Library Services and CIO promptly for assessment and possible further action. Division Directors are responsible for: o ensuring there is ongoing and effective communication of this policy to all staff o ensuring all reports of breaches of the policy are raised as soon as possible with the ICT Service Desk. Managers and supervisors are accountable for: o ensuring there is ongoing and effective communication of this policy to all staff o ensuring all reports of breaches of the policy are raised as soon as possible with their Executive member o ensuring the Privacy Contact Officer is informed of any breach of privacy o ensuring feedback on the implementation of the policy is communicated to the ICT Service Desk. ICT Services Branch staff are accountable for: o ensuring the policy is followed when working with: personal user account creation and deletion restricted group account creation and deletion. o ensuring the policy is followed when assisting State Library staff accessing the internal network and ICT services o revalidating ICT network and systems access privileges for State Library staff and third-party vendors on a yearly basis. The Privacy Contact Officer is responsible for: o managing privacy issues and applications for internal review, which may result from a breach of this policy, in accordance with the State Library s Privacy Management Plan. State Library staff are responsible for: o understanding and complying with this policy o ensuring that records created as a result of compliance with this policy are managed in accordance with the Records Management Policy. 6. BYOD Procedures Staff must review and accept BYOD Policy with associated procedures before using their own mobile devices to access the Library s internal systems. The agreement to the requirements of this policy is indicated by staff signature/acceptance of the BYOD Acceptance Form (BYOD Procedures - Appendix B). 7. Privacy The State Library is required to comply with the Privacy and Personal Information Protection Act 1998 (NSW) and the Health Records and Information Privacy Act 2002 (NSW) both of which contain Principles that the Library must abide by when it collects, stores, uses and discloses personal or health information. Bring Your Own Device.docx 4/5

Reasonable steps must be taken to ensure the security of personal, health or sensitive information against loss, unauthorised access, modification or other misuse. It is the responsibility of all users to understand and comply with the Privacy Principles within each Act and the State Library s Privacy Management Plan. 8. Recordkeeping The State Library is required to comply with the State Records Act 1998 including Standards and Disposal Authorities issued under the Act. Corporate records, and the information they contain, must be protected appropriately according to their importance and sensitivity. Corporate records created or received on your device must be registered in the recordkeeping system TRIM. It is the responsibility of all users to understand and comply with the State Library s Records Management Policy, Electronic Document Management Policy, Email Policy and associated procedures. 9. BYOD Policy Breaches Compliance or policy breaches are to be reported to the Director, Digital Library Services and CIO in the first instance for assessment and appropriate action, which may include suspension or termination of access. Appeals to any suspension or termination of access decision may be lodged in writing to the NSW State Librarian and Chief Executive for review and consideration. The Director, Digital Library Services and CIO will report serious breaches requiring suspension or termination of access to the Executive Committees. 10. Approval This policy was approved by the Executive Committee on 07 October 2014. 11. Implementation This policy is implemented on 31 October 2014. 12. History N/A 13. Prepared by: Manager, ICT Services, Digital Library Services 30 September 2014 14. Document History and Version Control Version Date approved Approved by Brief description 1.0 07 October 2014 Executive First Release Bring Your Own Device.docx 5/5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information