Test.com Mobile Device Security Policy: Acceptable Use, Devices, and Security Measures, Assignments of Computer science

Download Test.com Mobile Device Security Policy: Acceptable Use, Devices, and Security Measures and more Assignments Computer science in PDF only on Docsity!

[SECURITY POLICY – TEST.COM]

This document specifies a security policy for use with MDM service

Test.comTest.com

Contents

January 1, 2021 2 DEVICES AND SUPPORT Smartphones and tablets that are not on the company’s list of supported devices are not allowed to connect to the network. Smartphones, tablets and laptops belonging to employees that are for personal use only are allowed to connect to the network. 2.1 Smartphone Support The following Smartphones are supported:  iOS versions 10 and higher o iPhone (including the iPhone 5s, iPhone 6, iPhone 6s, and newer) o iPad (including iPad, iPad 2, iPad (3rd generation), iPad (4th generation), iPad Air and iPad mini and newer)  Android (ARM) versions 2.2 and higher  Blackberry 5 – 7, 10^1  Nokia Symbian^2  Windows Phone 7.5.x, 8 , 8.1. Devices that are not included in this list are not to be connected to the Test.com’s network without explicit permission. 2.2 Connectivity Connectivity issues are supported by IT; employees should contact the device manufacturer or their carrier for operating system or hardware-related issues. 2.3 Mobile Device Management Before devices are connected to Test.com’s network the device must have an MS InTune application (or agent) installed and configured. To do this the device must be presented to IT for configuration or use supplied self-service processes to install and configure the agent. 2.4 Loss or Damage of a Device If the device is lost or damaged the employee is responsible for the purchase of a replacement device. A lower specification device will be available from the Test.com whilst the replacement is purchased but will be lent for no longer than 2 weeks. 1 Managed through the Blackberry Management Extender, MDM license and access to Blackberry Server required. Blackberry OS 10 and above are supported via Exchange/Notes server integration with Cloud Extender. 2 MS InTune Cloud Extender integrates with Exchange ActiveSync and Lotus Traveler to discover Symbian devices and policies, and to provide visibility and action support.

January 1, 2021 3 MOBILE DEVICE SECURITY The company security policy will be applied to all mobile devices. This will enforce the following policy: 3.1 Policy Name What is the name of this default security policy that will be applied? Test.com default iOS/Android Security 3.2 Passcode  Require Passcode [Y]  A minimum password length of 6 characters  Require an alphanumeric value [N]  The device must lock itself with a password or PIN if it is idle for 2 minutes.  The device will be disabled after 10 failed login attempts  The new password can’t be one of 5 previous passwords  Passwords will be rotated every 90 days 3.3 Rooted or Jail broken Phones Rooted (Android) or jailbroken (iOS) devices are strictly forbidden from accessing the network. 3.4 Restrictions 3.4.1 Browser Devices’ browser capabilities are allowed. 3.4.2 Cameras Devices’ camera and/or video capabilities are allowed. 3.4.3 YouTube The use of YouTube on the devices is allowed. 3.4.4 Siri The use of Siri on iOS devices is allowed. 3.4.5 Cloud Backup The use of iCloud (iOS) or Google Servers (Android) to backup data to the cloud is not allowed. 3.4.6 Data Roaming Data Roaming of cellular data whilst abroad is allowed. Voice Roaming whilst abroad is allowed. 3.5 Device Location The device location will not be tracked.

January 1, 2021  Email  Calendars  Contacts  Documents This must only be accessed through the MS InTune Secure Microsoft Applications. 3.9 Remote Wipe of the Device The employee’s device may be remotely wiped if

1. The device is lost
2. The employee terminates his or her employment
3. IT detects a data or policy breach, a virus or similar threat to the security of the company’s data and technology infrastructure While the Test.com will take every precaution to prevent the employee’s personal data from being lost in the event it must remote wipe a device, it is the employee’s responsibility to take additional precautions, such as backing up email, contacts, etc.

January 1, 2021 4 RISKS/LIABILITIES/DISCLAIMERS 4.1 Risks and Liabilities The employee bears the following risks and liabilities: i. The company reserves the right to disconnect devices or disable services without notification. ii. Lost or stolen devices must be reported to the company within 24 hours. Employees are responsible for notifying their mobile carrier immediately upon loss of a device. iii. The employee is expected to use his or her devices in an ethical manner at all times and adhere to the company’s acceptable use policy as outlined above. iv. The employee is personally liable for all costs associated with his or her device. v. The employee assumes full liability for risks including, but not limited to, the partial or complete loss of company and personal data due to an operating system crash, errors, bugs, viruses, malware, and/or other software or hardware failures, or programming errors that render the device unusable. vi. Test.com reserves the right to take appropriate disciplinary action up to and including termination for noncompliance with this policy. 4.2 Asset Register All employee owned devices that are enrolled in this scheme will regularly update details on the asset register. This information collected will differ depending on the type of device. These details are required to allow devices to be identified, secured and configured. i. Hardware Information - The details collected will differ depending on the device type, but will at a minimum contain the following:  Manufacturer  Model  Serial Number  Operating System  Operating System Patch Level  Device Ownership ii. Installed Software Information - The detail collected will differ depending on the device type, but at a minimum will contain the following:  Application name  Application version iii. Access to Asset Register - The following departments will have access to the details stored on the asset register  IT Support  IT Security iv. Employee Data Requests - An employee has the right to request a copy of the data that is being held on their personal device that is registered with the scheme. A written request must be made to [email protected] , data will be provided within 28 days. v. Removal of data from asset register - When a devices is removed from the scheme the data stored on the Company Asset Register will be removed within 28 days. 4.3 Disclaimers i. While the Test.com will take every precaution to prevent the employee’s personal data from being lost in the event it must remote wipe a device, it is the employee’s responsibility to take additional precautions, such as backing up email, contacts, etc.

January 1, 2021 5 USER ACKNOWLEDGMENT AND AGREEMENT It is the Test.com right to restrict or rescind computing privileges, or take other administrative or legal action due to failure to comply with the above referenced Policy and Rules of Behaviour. Violation of these rules may be grounds for disciplinary action up to and including removal. I acknowledge, understand and will comply with the above referenced security policy and rules of behaviour, as applicable to my usage of the Test.com services. Should I later decide to discontinue my participation in the Program, I will allow the Test.com to remove and disable any company provided third-party software and services from my personal device, Employee Name: __________________________________________________________ Device(s): __________________________________________________________ IMEI Number: __________________________________________________________ Phone Number (if appropriate): ____________________________________________________ Employee Signature: ____________________________________ Date: ___________ Effective Date: [DATE] Responsible Office: [OFFICE NAME] -----------------------------End of Document-----------------------------

Page