CORNWALL COUNTY COUNCIL - Cornwall Council

donkeyswarmΚινητά – Ασύρματες Τεχνολογίες

24 Νοε 2013 (πριν από 3 χρόνια και 10 μήνες)

91 εμφανίσεις



CORNWALL COUNCIL

ICT
M
obile Device and Removable Media Policy



1.0 Introduction

T
he use of mobile equipment supports flexible working and minimises unnecessary
travelling
. However,
risks to data
security

are
increase
d

and
appropriate controls

are required
. This policy
attempts
to achieve an acceptable balance between
efficiency, effectiveness and security.

Failure to comply with this policy is likely to
result in disciplinary action.


2.0 Scope

The scope of this policy extends to data held in any format

e
lectronic
.

The policy applies to:



all employees, including those working from home or from other locations
and elected Members



other workers (including casual and agency workers, secondees
, District
staff

and contractors)

who use the Council’s equipment
and networks, or process the Council’s data.

This policy refers collectively to the above as Users.

Separate policies apply to schools and other users, including the public.

If other
external
bodies
, e.g. contractors,

use our
ICT
infrastructure they
must c
omply with our Policies and must have systems in place which
satisfy our rules.

The following list is not exhaustive but indicates the types of equipment covered by
this policy:



Laptops
/tablets/
n
otebooks



P
ersonal
D
igital Assistant (PDA) e.g.
Blackberr
y,

sm
artphone



Mobile phones



USB devices and media including
Memory sticks
, iPods, MP3 players, digital
cameras, external/portable hard drives


IS

must
maintain an Approved List of mobile equipment. Bluetooth and wireless
technology is disabled except for equip
ment/solutions in the Approved List. If you
are unsure whether this policy applies to your equipment ask
IS

for clarification.
All
Users of
mobile and smart
phones must read the
separate policy

relating to phones
.


3.0 Policy Statement

The Council encourag
es effective
and efficient
use of mobile equipment. Such use
must prevent business information being compromised and protect the Council
against the risks of using mobile computing and communications facilities in
unprotected environments.


4.0 Use of
ICT
Mobile

Devices and Removable Media

All Users must read this policy before using mobile equipment.


Users must only purchase

through
IS

and use

approved

equipment
.





Users are responsible for mobile equipment, systems and information in their
possession.



Users are permitted to connect to public networks for remote access for example
hotel wireless networks.


Users working from home must also read the
H
omeworking
P
olicy


4.1 Personal use

Users must not install any personal software on the equipment withou
t permission
from
IS
. For example a valid request would be for software to support course work.

Refer to the Internet, E
-
mail and Computer Access policies regarding personal use
of Council facilities and storage of personal information.


4.2 Inappropriat
e use

Users must not change the configuration of the equipment. Users must not attempt
to connect the equipment to other private organisation’s networks for example the
NHS.


4.3
Security of
Protectively Marked (
‘Personal’

and ‘
Sensitiv
e’
)

information

U
ntil the Government Connect initiative is fully implemented in Cornwall Council the
following rules will apply:

1.

Laptops, tablets and notebooks must be encrypted

2.

PDAs
,
mobile and smart phones that have Outlook Web Access installed
or
are used to store ‘pers
onal’ or ‘sensitive’ information
must have user
access protected by
PINs

3.

Senior management must authorise the holding of ‘personal’ and
‘sensitive’ data on any portable equipment/devices/media and
must maintain a log
o
f

such authorisations for audit purpos
es.
Failure to comply with this policy is likely to result in disciplinary
action.

4.

CDs and DVDs must not be used to store ‘personal’ information or
‘sensitive’ information

5.

If ‘personal’ or ‘sensitive’ information is to be held on a USB memory stick
then
it must be encrypted using the
IS

approved product




4.4 Physical protection of mobile equipment

Mobile equipment must not be left unattended in insecure areas. Equipment must
be stored out of view in a locked place.

In the event of loss
inform
IS

Servic
e Desk
as soon as possible and
follow the
Loss/theft procedure

available on security pages of the intranet
.


4.5 Access Controls

In addition to the
specific
controls above
,

PIN access codes
must

be enabled
on all
devices that offer the functionality.

Instr
uctions on how to do this are available with
the Approved List of equipment.


4.6 Backups

Information must be transferred to appropriate permanent network storage as a
minimum on a
monthly
basis.


4.7 Virus Protection

Where virus protection is installed
(for example Laptops) the equipment must be
connected to the Council’s network at least once a week for a minimum of one hour
to keep firewall protection up to date. However, when uploads are large,
IS

will
make special arrangements. These may include, for

example bringing equipment
into an office and connecting to the network or running a CD.




The Approved List will indicate which equipment is virus protected. For other
devices which are not virus protected contact IS if you believe they have been
infected
.


4.8 Connecting mobile equipment to Council networks

Equipment must only be connected to the network using approved methods.

If the equipment has not been connected to the network for 2 months, contact
IS

before connecting.

The Approved List will explain

how to connect the equipment to the network.

Users must not connect privately owned mobile devices or removable media such
as cameras, iPods and phones to Council IC
T

equipment.


4.9 Use of the facilities in public places (including meeting rooms and
unp
rotected areas)

Users should be wary of unauthorised people overlooking screens.

Users must be careful
conveying

sensitive information in public places.

Users must not leave their equipment unattended.


5.0 Training

IS

will provide training to Users with R
emote Access and a training guide will be
provided.

A survey of remote users will be undertaken annually or
service

desk requests will
be analysed and training or guidance developed as appropriate.

IS

are available for advice.


6.0 Monitoring

A survey of u
se of mobile equipment will be undertaken at regular intervals and the
results will inform future policy.

If a virus is reported the equipment is checked and any issues reported to
Computer Audit.


7.0 Breaches of this policy

The Council’s Information Secu
rity Management Policy sets out the way to deal with
breaches of this policy.


8.0 Officer

responsible for this policy

Chief Executives Head of Policy and Performance