Help: Device Compliance Policy

Overview

  1. Purpose: This device compliance policy aims to establish guidelines for managing and securing devices used to access corporate data. This policy applies to all employees, contractors, and third-party vendors who use devices to access corporate data.
  2. Policy Statement: All devices used to access corporate data must be managed and monitored through Our designated Mobile Device Management application. This includes laptops, desktops, and other devices accessing corporate data. Employees are required to comply with the following guidelines.

Policy

  1. Device Enrolment: All devices must be enrolled in Our designated Mobile Device Management application before they can be used to access corporate data. The enrolment process includes installing the Mobile Device Management application app on the device and providing the necessary credentials to connect to the company network.
  2. Device Management: All devices will be managed and monitored through Our designated Mobile Device Management application once enrolled. This includes configuring security settings, pushing software updates, and enforcing compliance policies.
  3. Password Protection: All devices must be protected with a password or PIN code. Passwords must be at least eight characters long and include a combination of upper- and lower-case letters, numbers, and special characters.
  4. Encryption: All corporate data stored on devices must be encrypted. This includes data stored on the device’s local storage and any data transmitted over the network. Encryption must be enabled through Our designated Mobile Device Management application.
  5. Operating System and Software Updates: All devices must be kept up-to-date with the latest operating system and software updates. Our designated Mobile Device Management application will automatically push updates to devices.
  6. Antivirus and Malware Protection: All devices must have installed up-to-date antivirus and malware protection software. Microsoft Defender for Endpoint is the preferred antivirus and malware protection software.
  7. Firewall Protection: All devices must have a firewall enabled to protect against unauthorised access to corporate data. The firewall must be configured to allow only necessary traffic.
  8. Reporting Non-Compliance: Employees must immediately report any suspected non-compliance with this policy to their manager and IT. Failure to comply with this policy may result in disciplinary action up to and including termination.

Review & Update

  1. Review Policy: This policy will be reviewed periodically and updated as necessary to reflect changes in technology and business needs. By following these guidelines, we can ensure that devices used to access corporate data are secure and protected from unauthorised access.