Answer yes if your organisation has a documented Mobile Device Policy that has been reviewed in the last year. Please provide the Mobile Device Policy (as a PDF file) as evidence or reference a section of a previously provided Information Security Policy in the notes.
What is it?
A mobile device policy establishes rules on how an organisation manages mobile devices. Mobile devices are a particular area of risk as they regularly leave most businesses physical as well as network perimeter. Measures must be taken to ensure the security of such devices when they are connected to other networks (anything from a home network or the guest WiFi in a coffee shop) as well as from physical loss or theft, all which could result in the loss of client data. In addition, the compromise of these mobile devices means they could be used as springboards to compromise the broader corporate network.
Why should I have it?
Processing sensitive information on behalf of a client or being granted access to their network to perform any function, even if not specifically processing data, can add a significant amount of risk to the client who may suffer data loss or another form of damaging data breach if a supplier did not take due care in protecting its mobile devices.
As such the mobile device policy provides assurances that you have considered such risks and implemented adequate controls to protect your mobile assets and therefore reduce the risk they pose to the client, and your own business.
A mobile device policy is typically the result of a risk assessment and determination of what controls should be implemented and their cost-effectiveness.
Typically an organisation’s Information Security function can assist, but there are numerous consultancies or individual consultants that will be able to assist in crafting a policy that meets your business and technical requirements.
If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.