Use of Mobile Devices on Voice and Data Networks Policy

Similar documents
KSU Policy Category: Information Technology Page 1 of 5

Wireless Services Allowance Procedure

Nebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015

Standard mobile phone a mobile device that can make and receive telephone calls, pictures, video, and text messages.

Cell Phone Policy. 1. Purpose: Establish a policy for cell phone use and compensation allowance.

FAQS Guide for Cellular and Other Mobile Computing Devices Employees and Supervisors

CELL PHONE POLICY Page 1 of 5 City of Manteca Administrative Policy and Procedure

Wireless Communication Device Use Policy

Policy: Telephone and Cell Phone

NOTE: The first appearance of terms in bold in the body of this document (except titles) are defined terms please refer to the Definitions section.

I. Policy Statement. University Provided Mobile Device Eligibility Policy Effective Date: October 12, 2018

University of Wyoming Mobile Communication Device Policy Effective January 1, 2013

Network Security Policy

COUNTY OF EL DORADO, CALIFORNIA BOARD OF SUPERVISORS POLICY

Minnesota West Community and Technical College A GUIDE TO APPROVING, ORDERING, AND USING CELLULARAND OTHER MOBILE COMPUTING DEVICES AND SERVICES

Date of Next Review: May Cross References: Electronic Communication Systems- Acceptable Use policy (A.29) Highway Traffic Act

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

SUBJECT: Cellular Phone Policy Effective Date: 7/1/2010. Department: Information Technology Policy No.: IT-1002

BHIG - Mobile Devices Policy Version 1.0

Wireless Communication Stipend Effective Date: 9/1/2008

Responsible Officer Approved by

Policy on the Provision of Mobile Phones

University Community (faculty and staff)

CITY OF DUBUQUE ADMINISTRATIVE POLICY REVISED OCTOBER 24, 2011 RETROACTIVE TO JANUARY 1, 2011

Mobile Communication Devices. 1.0 Purpose. 2.0 Policy NO Virginia Polytechnic Institute and State University

CABINET PLANNING SYSTEM PROCUREMENT

WIRELESS DEVICES: ACCEPTABLE USE AND GUIDELINES

Wireless Communication Device Policy Policy No September 2, Standard. Practice

Cellphone Provision Policy

Laptop, Data Card & ipad Policy V3.1

Policies, Procedures, Guidelines and Protocols. John Snell - Head of Workforce Planning, Systems and Contributors

Apex Information Security Policy

CELLULAR TELEPHONE EQUIPMENT AND SERVICES POLICY

Timber Products Inspection, Inc.

MOTT COMMUNITY COLLEGE. Procedure for Cellular Telephones

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

HIPAA Security and Privacy Policies & Procedures

Data Encryption Policy

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy

THE SOUTHERN BAPTIST THEOLOGICAL SEMINARY PORTABLE ELECTRONIC DEVICE POLICY

WIRELESS DEVICES: ACCEPTABLE USE AND GUIDELINES

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) ITS Responsible Use of Telephone, Telecommunications, and Networking Resources ISUPP 2280

Cell and PDAs Policy

Information Security Controls Policy

Denver Public Schools Procedural Statement DK-R-C: District Cell Phone Procedures

Marshall University Information Technology Council. Procedure ITP-16 IT INFRASTRUCTURE AUTHORIZATION PROCEDURE

Cell Phones PROCEDURE. Procedure Section: Business and Administrative Matters - Purchasing 607-A. Respectfully submitted by:

Bring Your Own Device (BYOD) Policy

Mobile / Smart Phone Policy

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

POLICY 8200 NETWORK SECURITY

Sunstar Americas, Inc.

DATA PROTECTION POLICY THE HOLST GROUP

ICS-ACI Policy Series

HIPAA Compliance Checklist

Overview... Page 2. eform Access... Page 3. eform Portal Navigation... Page 4-7. How to Start a Travel Diary eform... Page 8

THE SOUTHERN BAPTIST THEOLOGICAL SEMINARY PORTABLE ELECTRONIC DEVICE POLICY

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

PTLGateway Data Breach Policy

Employee Security Awareness Training Program

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

TELEPHONE AND MOBILE USE POLICY

UPMC POLICY AND PROCEDURE MANUAL. 1. To establish procedures for obtaining a Voice Comm-issued UPMC corporate cellular phone.

Information Security Policy

Access to University Data Policy

Baruch Cellular Device Policy

Constitution Towson University Sport Clubs Organization Campus Recreation Services. Article I Name. Article II Membership

Service Requestor/User Protection Document

PS 176 Removable Media Policy

Acceptable Use Policy

PCA Staff guide: Information Security Code of Practice (ISCoP)

Change of Ownership or Transfer of Lease Request

Chapter 4 EDGE Approval Protocol for Auditors Version 3.0 June 2017

Corporate Policy. Revision Change Date Originator Description Rev Erick Edstrom Initial

DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY

DEPARTMENT OF NATURAL RESOURCES. EFFECTIVE DATE: December 1, 1999

Travel Management Locomote user Cheat Sheet. Contents

Data Protection Policy

Information Technology Access Control Policy & Procedure

Policy and Procedure: SDM Guidance for HIPAA Business Associates

General Information System Controls Review

Information Technology General Control Review

RULEBOOK ON NUMBER PORTABILITY FOR SERVICES PROVIDED VIA PUBLIC MOBILE COMMUNICATIONS NETWORKS

Lehman College City University of New York Telephone Usage Policy Effective Date: March 1, 2011

Standard for Security of Information Technology Resources

EXHIBIT A. - HIPAA Security Assessment Template -

Frequently Asked Questions About Getting On NCAtrak

ADVANCED CUSTOMER SERVICES ORACLE TRANSITION SERVICE EXHIBIT

Subject: University Information Technology Resource Security Policy: OUTDATED

Bring Your Own Device Policy

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

Testing and Certification Regulations For an SA8000 Applicant Status Certification

Online Expenses User Guide System Provided by Software Europe

ACCEPTABLE USE ISO INFORMATION SECURITY POLICY. Author: Owner: Organisation: Document No: Version No: 1.0 Date: 10 th January 2010

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Jacksonville State University Acceptable Use Policy 1. Overview 2. Purpose 3. Scope

Computer and Internet Use Policy

ATTACHMENT A POLICES AND PROCEDURES REGARDING CELLULAR TELEPHONES AND MOBILE COMMUNICATION DEVICES

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

I. PURPOSE III. PROCEDURE

Transcription:

World Agroforestry Centre Policy Series MG/C/4/2012 Use of Mobile Devices on Voice and Data Networks Policy One of the policies on information security and business continuity which will be audited by the CGIAR Internal Audit Unit for all Centres given (a) their network inter-linkage through Active Directory and (b) the inter-reliance of many Centres for information backup and recovery of hosted outreach sites. Document Revision History Version Date Author(s) Revision Notes 1.0 20/05/2012 Ian Moore First draft circulated to staff 1.1 30/8/2012 Ian Moore, Rosemary Kande Final version Approved by SLT Document Control The Head, ICT of the common services unit providing ICT Services to the World Agroforestry Centre (ICRAF) and the International Livestock Research Institute (ILRI) will maintain control of the document which will be reviewed every two years in conjunction with the ICT Steering Group. Information Security Use of Mobile Devices on External Voice and Data Networks Policy 1

Proposed updates will be presented to the Centres senior management for adoption according to their organizational arrangements for approval of ICT policies. Upon acceptance by the Centres, the update will come into force. Any discretionary controls added by a Centre may be reviewed annually; however updates may occur more frequently if deemed necessary. Purpose The purpose of this document is to communicate the Centre s policy on using mobile devices and external voice (mobile networks) and data (internet) networks. It should be read in conjunction with the document Guidelines on the assignment, cost allocations, security and acceptable use of mobile devices on voice and data lines and external internet connections. The policy is in place to define eligibility on who is entitled to use official mobile services, to clearly indicate the assignment of costs incurred and to outline acceptable use to protect the employee and the Centre. Inappropriate use can expose the Centre to risks at both a technical level (with potential damage being caused to ICT infrastructure) and at operational level (excessive cost or misuse of mobile devices on the internet leading to possible reputational damage to Centres and loss in productivity). The Centre s intentions for publishing a Use of Mobile Devices on External Voice and Data Networks Policy are not to impose restrictions that are contrary to the Centre s established culture of openness, trust and integrity. The Centre is committed to protecting its employees, partners and the organization from illegal or damaging actions by individuals, either knowingly or unknowingly. Effective security is a team effort involving the participation and support of every Centre employee and affiliate who deals with information and/or information systems. It is the responsibility of every user of World Agroforestry mobile voice and data services to know these guidelines, and to conduct their activities accordingly. This policy will be reviewed by the CGIAR Internal Audit Unit (IAU). A shared CGIAR electronic network exists (through the implementation of Active Directory) and which as a result, created an inter-dependency among the Centres with regard to network security. It is therefore important that all Centres are reviewed against a common set of ICT security guidelines. Scope This document covers the eligibility, use and security of employees who use mobile phone services and internet connections (excluding the office or campus internet connections provided by the Centre) for work purposes; using both official or personal mobile devices 1 and services. The three principal areas covered are: Use of mobile devices that contain a SIM card to connect to mobile voice and data networks; Use of fixed internet services provided for home internet connectivity; 1 See mobile device definition on page 5 Information Security Use of Mobile Devices on External Voice and Data Networks Policy 2

Connecting to the internet when on the move: using a mobile device to connect to the internet using wireless or Ethernet cable; using the official CGIAR Travellers Access Service (TAS) to connect to pay for use services; or using computers provided in internet cafés, business centres or partner organizations. 1. Eligibility 1.1. An official mobile voice and data line, home internet connection, or the CGIAR Travellers Access Service (TAS) can be provided to an employee where operational efficiency, quality of service, safety, or either of these are significantly improved. 1.2. In order for an official mobile voice, data line or home internet connection to be provided, the employee should provide justification and seek approval from the supervisor. Where the supervisor is not the budget holder, the supervisor will recommend and seek approval from the budget holder. All approved requests will be submitted to ICT Services (for services in Kenya) and country or regional administrators (country or regional offices) for processing. A valid budget code where official costs resulting from the one-time installation/setup fees and the monthly usage costs of the mobile voice and data line or internet connection will be charged should be provided by the budget holder. 1.3. The service will be obtained through the Centre s corporate account/plan from the mobile network or internet provider. In locations or situations where it is not feasible to use a corporate account/plan the employee will use a personal account and make an expense claim for entitled reimbursement. 1.4. By default voice and data roaming services will NOT be activated on lines in the corporate account. However, with adequate justification the budget manager can authorise ICT Services (for services in Kenya) or the relevant country/regional administrator (country or regional offices) to enable this service. 1.5. ICT Services will provide guidance on a recommended mobile device to use for the functions required. Mobile devices should be obtained as part of a monthly plan or through a loyalty agreement with the mobile service provider wherever possible. In cases where a mobile device is not provided or if a mobile device with different specifications is required, authorization to purchase the device will be given by the budget holder upon receipt of the approved justification either from the staff (where the budget holder is the supervisor), or the supervisor where s/he is not the budget holder. 1.6. Mobile devices owned by the employee may be used as long as all requirements on acceptable use and security mentioned in this and other Centre policies are met. 2. Clearance on employee exit 2.1. The official post-paid mobile line or home internet service will be terminated when the staff leaves the employment of the World Agroforestry Centre (on expiry of an employee s contract, following Information Security Use of Mobile Devices on External Voice and Data Networks Policy 3

resignation or for other reasons including death). An approval to retain the mobile line but on a personal post-paid or prepaid plan may be approved by the responsible director when requested by the employee. The ICT unit will then facilitate the migration to a personal prepaid or post-paid facility as per the exiting employee s preference. 2.2. An employee may keep a Centre-allocated mobile device that has been in use for two years or more. Where the device has been in use for less than two years, s/he may purchase it upon approval by the budget holder and on paying the Centre the value of the phone as assessed by the ICT unit. The value of the mobile device will be determined by its age and utility. 3. Costs 3.1. For all official use of voice and data networks or connections to the internet including Travellers Access Services (TAS) usage, the budget holder must provide a cost centre where the costs will be charged. 3.2. One-time installation or setup/configuration costs for approved mobile voice and data lines or internet at home will be charged to the cost centre provided. Payment will not be made retrospectively for equipment that is already owned by the employee. Where the Centre supports a Bring Your Own Device (BYOD) programme, the employee may receive financial assistance to purchase a personal mobile device in line with the programme s guidelines. 3.3. A maximum unaccountable amount for both mobile line usage and home internet connection monthly costs will be set for each location where World Agroforestry staff are based (duty station). The Senior Leadership Team (SLT) will approve a maximum unaccountable amount for employees based in Kenya. The ICT unit in liaison with the respective regional or country coordinators will make an analysis and recommend an appropriate unaccountable amount for each duty station. The Deputy Director General, Finance and Corporate Services and the Deputy Director General, Partnerships and Impact, will approve the recommended unaccountable amounts for each duty station. A budget manager may request in writing for a lower unaccountable amount to be implemented for mobile voice and data lines or for home internet connections for budgets that they manage. 3.4. Costs in excess of the maximum unaccountable amount are charged to the employee. Costs incurred through justifiable official use can be claimed as an expense with the approval of the direct supervisor and budget holder. The Centre reserves the right to recover amounts in excess of the maximum unaccountable amount from the employee s monthly salary. 3.5. To minimize the risk of excessively high monthly usage costs the Centre will set a maximum monthly limit. Wherever possible the service provider will be asked to immediately block further use of the mobile line or internet connection when the limit is reached. If this is not possible the service provider will alert the employee and ICT services when usage is excessively high or inform the employee how to check the current usage amount. Information Security Use of Mobile Devices on External Voice and Data Networks Policy 4

4. Acceptable use, applications and security 4.1. It is the responsibility of the employee to safeguard the mobile device and the SIM card of official mobile lines. 4.2. In case of loss of the mobile device or SIM card, through any means, the employee is required to immediately report the loss to ICT Services for prompt barring of the mobile line and to change passwords for services that can be used from the mobile device. The employee will be responsible for ALL costs incurred before the loss is reported, if the loss of the device and/or SIM card is NOT reported immediately. 4.3. It is the responsibility of the employee to safeguard the Centre s data stored on a mobile device. ICT Services will provide guidance to ensure all Centre data or information stored on a mobile device is backed up to a secure location. 4.4. ICT Services will support a standard set of applications that can be installed or configured on the mobile device. A secure connection should be used by applications that access Centre business systems. A list of applications that are known to contain malware or cause problems for the standard set of applications will be made available and should NOT be installed on the mobile device. 4.5. Employees should follow the guidelines provided to manage the significantly higher costs for voice and especially data services when roaming. 4.6. When using publicly provided computers or mobile devices (internet café or business centre) or those provided by partners; employees should access Centre business systems over a secure connection and ensure that all information saved to the computing device is deleted when the session is complete and that user names and passwords are never saved on the computer. 4.7. When using the internet from services that are fully or partially paid for by the Centre and where the service is provided through a corporate account employees are reminded to follow the guidelines laid out in the ICT Privacy and Acceptable Use Policy. 5. Related documentation 5.1. ICT Privacy and Acceptable Use Policy 5.2. Guidelines on the Assignment, Cost Allocation, Security and Acceptable Use of Mobile Devices on Voice and Data Lines and External Internet Connections 5.3. Network Infrastructure Security Policy 5.4. Network User Identification and Authentication Policy 5.5. Workstation Security Policy 5.6. Internet and Email Security Policy Information Security Use of Mobile Devices on External Voice and Data Networks Policy 5

6. Compliance and waivers 6.1. Compliance with this policy by users, network administrators, or others responsible for implementation of the policy, is mandatory. Procedures are in place to monitor compliance with this policy. 6.2. Violations of this policy may result in disciplinary action in accordance with the human resources policies of the Centre. 6.3. Requests for waivers of this policy shall be formally submitted to the director responsible in writing. The requests shall set out the justification, duration of the proposed waiver and how the increased risk arising from the waiver will be managed. Requests will be approved by the Director General upon recommendation by the director responsible, in consultation with the Head, ICT and will be documented. 6.4. Approved waivers shall be monitored to ensure that the conditions of the waivers are being observed. Definitions A mobile device: can be a simple mobile phone for voice and basic data communications, a smartphone (Blackberry, iphone, Android, Windows mobile etc.), a tablet or ipad, a netbook, notebook or laptop computer, a 3G (or other) modem or any other device that contains a SIM card. Budget holder: The person responsible for the management of a cost centre s budget. Responsible director: A member of the Senior Leadership Team who has responsibility for the person making the request. TAS (Travellers Access Service): A CGNET service provided through ipass and installed on a Centre-owned laptop or mobile device and that enables employees to connect to paid wireless and dial-up internet connections in locations such as airports, hotels and coffee shops, without providing credit card details or making upfront payments. Information Security Use of Mobile Devices on External Voice and Data Networks Policy 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback