This policy provides direction to ensure that the appropriate level of mobile device control is applied to protect the information from unauthorized access, modification, disclosure or destruction to ensure that information remains accurate, confidential, and is available when required.
This Policy and Procedures apply to all the applications, personnel, systems, and facilities of
(CTO) along with Information Security Manager (ISM) is responsible to execute and implement physical and logical access control procedures mentioned in this document.
4.1. All mobile devices whether the employees owned or owned by the company inclusive of smartphones and tablets that have access to corporate networks data and systems are governed by the mobile devices policy. A policy and supporting security measures shall be adopted to manage the risks introduced by using mobile devices.
4.2. Where there is a business that is exempted from this policy, a risk authorized by the security management must be conducted.
4.3. Devices should use the following operating systems Android 2.2 or later, ios 4.x or later
4.4. Devices must use a secure password that complies with the password policy and should not be the same password as used in any other company credentials.
4.5. Only devices managed by IT are allowed to access the internal corporate network and are subject to compliance rules with encryption, password management, etc
4.6. Users must immediately report any lost or stolen devices and any suspected access to company resources and information
4.7. Devices must not be "jailbroken” or have any software installed to give unintended access to the user
4.8. Applications are only to be installed by authorised personnel in the company
4.9. The user is responsible to back up their own data and the company does not hold responsibility for the loss of data or files due to a non-compliant device being wiped for security reasons.
4.10. Data may be wiped from a device if it is suspected of being jailbroken or has a security vulnerability in an application or is reported lost or the user has exceeded the number of failed password attempts.
5.1. Exceptions shall not be universal but shall be agreed upon on a case-to-case basis, upon official request made by the information owner. These may arise, for example, because of local circumstances, conditions, or legal reasons existing at any point in time.
5.2. All exception requests shall be submitted to (CTO). These shall be submitted through an email and to be approved by (CTO)
6.1. reserves all rights and is the exclusive owner of all intellectual property rights over this Policy document. This document shall not, either in part or in full, be reproduced, published, copied, displayed, distributed, transferred, or stored in any media (such as hard disks, USB Drives, Pen Drives, Memory Cards, CDs, DVDs), and/or captured or transmitted through by any means (such as electronic, digital, mechanical, photocopying, recordings, video and film or photographs and otherwise) by any person without prior consent from the ISM. This Policy and procedure document is made available with ISM and/or any other forum as decided by the management of . Anything not specifically stated in this Policy and procedure document shall not be considered as implied in any manner.
6.2. For any clarifications related to this Compliance Policy and procedure document with respect to its interpretation, applicability, and implementation, please write to the ISMS team at dpo@.com
7.1. This policy and procedure is applicable to all the employees of the company who have access to and use the information assets and IT assets as listed in the Information Asset register which has been created for
7.2. Anyone found to have violated this policy will be subject to a process that will determine if the violation is just a process non-compliance issue that requires addressing or also includes ethical violations In the event of only the former, non-compliance could be issued by an internal auditor which would require corrective/preventive actions.
7.3. In the event of the latter, the ethical/regulatory concern process will be invoked to decide whether an ethical/security violation has occurred and to decide on appropriate disciplinary actions as per the Disciplinary procedure of
Management’s interpretation of the clauses in this procedure shall be final and binding. Management reserves the right to alter or amend any clause in this document at any time as per its discretion.