Professional Documents
Culture Documents
Mobile Devices and Remote Working Policy
Mobile Devices and Remote Working Policy
Policy
Version: 2.0
Date: March 2016
Version Control
1 Introduction ............................................................................................................................... 4
2 Policy Statement ....................................................................................................................... 4
3 Scope ....................................................................................................................................... 4
4 Mobile Device ........................................................................................................................... 5
5 Working Remotely .................................................................................................................... 5
6 Responsibilities ......................................................................................................................... 6
Information Management Group (IMG) ......................................................................................... 6
Business IT .................................................................................................................................. 6
Line Managers ............................................................................................................................. 7
Employees ................................................................................................................................... 7
7 Review and Governance ........................................................................................................... 7
8 Policy Compliance .................................................................................................................... 7
2 Policy Statement
2.1 The Council provides Employees with the facilities and opportunities to work remotely as
appropriate. The will ensure that all Employees who work remotely are aware of the
acceptable use of mobile devices and remote working opportunities.
2.2 The Council recognises that there are risks associated with Employees accessing and
handling information in order to conduct official Council business.
2.3 This Policy aims to mitigate the following risks:
Increased risk of equipment damage, loss or theft.
Accidental or deliberate overlooking by unauthorised individuals.
Unauthorised access to sensitive information.
Introduction of malicious software and viruses.
Potential sanctions against the Council or individuals imposed by the Information
Commissioner’s Office as a result of information loss or misuse.
Potential legal action against the Council or individuals as a result of information loss or
misuse.
Council reputational damage as a result of information loss or misuse
3 Scope
3.1 This Policy applies to all Employees and third parties working for or on behalf of the Council
with any form of access to a Council mobile device and any Council information when
working away from Council premises (i.e. working remotely). For the purpose of this Policy
the term ‘Employee’ refers to all full-time and part-time employees, temporary employees,
agency workers, contractors and consultants.
3.2 This Policy should be read in conjunction with the Code of Conduct, the Council
Comprehensive Equality Policy and other associated relevant policies, procedures and
guidance as contained within the Information Management Framework.
5 Working Remotely
5.1 The Lone Working section of the Health and Safety Procedures Manual must be complied
with, ensuring an awareness of the physical security dangers and risks associated with
working remotely.
5.2 When removing anything from Council buildings, including mobile devices and paper
documentation, the following points must be adhered to:
Hard copies of data must be kept out of sight, i.e. in a bag or briefcase.
Data should be saved to a network drive, unless approval has been obtained from
Business IT.
Laptops must be completely shut down and turned off to ensure that data is encrypted.
If documents and mobile devices containing sensitive data are removed from site,
appropriate controls should be put in place to provide an audit trail; e.g. signing in/out of
hard copy files, provision of locked storage boxes, specific management approval etc.
If transporting mobile devices / data by car, the bag / briefcase must be placed in the
locked boot of the vehicle.
If the vehicle is left unattended for any reason, the bag / briefcase must be removed and
remain with the individual at all times.
5.3 In the home it must also be located out of sight of the casual visitor and when not in use.
Access Controls
5.7 The access controls as documented within the ICT Security Policy must be complied with at
all times.
5.8 Dual-factor authentication methods should be used when accessing the Council network
remotely.
5.9 Access to the Internet from Council owned ICT equipment that connects to the Council’s
network is only allowed via onward connection to Council provided Proxy Servers and not
directly to the Internet.
6 Responsibilities
Information Management Group (IMG)
6.1 The role of the Information Management Group (IMG) is to co-ordinate the approach to
every aspect of Information Management, and not just compliance with DPA 1998.
6.2 The group is made up of Departmental Information Management Representatives who are
senior managers in each Department and are responsible for a multi-disciplinary approach
to the management of information throughout their Departments.
6.3 The IMG is responsible for the overarching governance and implementation of the Policy
throughout the Council.
6.4 The IMG is responsible for ensuring that all Employees are fully aware of Council policy and
process, and have received appropriate training.
6.5 The IMG is also responsible for the development and monitoring of the adherence to the
Policy.
Business IT
6.6 Business IT has overall responsibility for the issue, management and maintenance of
Council mobile devices.
6.7 Business IT are responsible for setting up and patching devices in accordance with
approved end-point protection.
Line Managers
6.9 Line Managers are responsible for ensuring all Employees in their operational area adhere
to the Policy and have undertaken all relevant training.
6.10 Line Managers should be aware of the physical security dangers and risks associated with
Employees working within any remote office or mobile working location.
6.11 Line Managers should have documented risk assessments and operation procedures to
support Employees to protect data and devices.
Employees
6.12 Employees should ensure that mobile devices are used in line with this Policy.
6.13 Employees are responsible for ensuring that access to all sensitive information is controlled.
6.14 Employees who work remotely must ensure that their mobile devices are connected to the
Council network at least once every two weeks.
6.15 Employees shall ensure that appropriate security measures are taken to stop unauthorised
access to the mobiles device and any sensitive information.
6.16 Employees must ensure that access/authentication tokens and personal identification
numbers are kept in a separate location to the mobile device at all times.
6.17 Employees should ensure compliance with the Lone Working section of the Health and
Safety Procedures Manual, relevant risk assessments and internal procedures.
8 Policy Compliance
8.1 If you are found to have breached this Policy, the matter will be considered and investigated
under the Council’s disciplinary procedure.
8.2 Serious breaches of this policy may constitute gross misconduct and lead to summary
dismissal. Breaches, where applicable, may also result in civil action and/or criminal
charges.