The objective of this policy is to define standards, procedures, and restrictions for end users who are connecting a personally-owned device to Company’s organization network for business purposes. This device policy applies, but is not limited to all devices and accompanying media (e.g. USB thumb and external hard drives) that fit the following classifications:
The policy applies to any hardware and related software that is not organizationally owned or supplied, but could be used to access organizational resources. That is, devices that employees have acquired for personal use but also wish to use in the business environment.
The overriding goal of this policy is to protect the integrity of the confidential client and business data that resides within Company’s technology infrastructure. This policy intends to prevent this data from being deliberately or inadvertently stored insecurely on a device or carried over an insecure network where it could potentially be accessed by unsanctioned resources. A breach of this type could result in loss of information, damage to critical applications, loss of revenue, and damage to the company’s public image. Therefore, all users employing a personally-owned device connected to Company’s organizational network, and/or capable of backing up, storing, or otherwise accessing organizational data of any type, must adhere to company-defined processes for doing so.
1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. INTRODUCTION TO POLICY
4. APPROPRIATE USE
5. POLICY STATEMENTS
5.1 GOVERNANCE
5.2 SECURITY CONTROLS
6. ACCESS CONTROL
7. SECURITY
8. ORGANIZATIONAL PROTOCOL
9. EXCEPTIONS
10. FINAL CONSIDERATIONS
10.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
10.2 DOCUMENT REVISION
11. APPENDIX A: FACTORS TO BE CONSIDERED FOR CHOOSING BYOD
12. APPENDIX C: RISK ASSESSMENT
Pages: 16
The purpose of this Business Continuity Plan Procedure is to provide an effective, fit-for-purpose, predefined and documented framework and process to enable the Business Continuity Management of the Company’s Mission Critical Activities and their dependencies.
The Clean Desk Procedure was developed by the Company in order to protect classified information, company's goods and employees’ personal goods, as well as to reduce the risk of fire, incidental floods or any other damaging events.
The Compliance and Auditing Policy defines the approach to be taken to ensure the Company is compliant with legal, statutory, regulatory and contractual obligations related to information security and of ant security requirements, standards and internal policies, guidelines and processes mandated by the Company.
Review Bring Your Own Device Policy.
You must be logged in to post a review.