BETMAKERS INFORMATION

MANAGEMENT POLICY

PORTABLE DEVICE

INTERNAL
Relevant to Australia and Sri Lanka only

Portable Device Policy

1
 INTERNAL

Name Position Signature

Document owner Alex Teseo Cyber Security Manager

Reviewed By Alex Teseo Cyber Security Manager

Revision History

Version Approval Date Author Signature

2 19/08/2022 Alan Pedley

3 01/08/2023 Alex Teseo

Policy Review Frequency Annually

Portable Device Policy

2
 INTERNAL

Contents
1. Introduction 4
2. Purpose 4
3. Scope 4
4. Policy Statement 4
5. Portable Devices 5
5.1 Personal Devices 5
6. Working Remotely 5
7. Confidential Information 6
8. Information Transfer 6
8.1 Telephone/Mobile Phone 6
8.2 Electronic memory, (CD, DVD, USB drive, Memory Card) 6

Portable Device Policy

3
 INTERNAL

1. Introduction
BetMakers recognises the importance of technologies which enable users to carry out their day
to day business effectively. Good communication is vital to the running of BetMakers and its
services. Portable devices such as laptops, ipads and mobile phones, are relied on and widely
used.

As with any other IT related equipment and resources, BetMakers needs to ensure that the use
of corporate portable devices is organised and controlled in a manner which will be beneficial to
the safety, integrity and reputation of BetMakers. BetMakers also allows limited use of personal
portable devices for accessing BetMakers resources such as Slack, email, video calls and
associated documents.

To ensure a consistent approach is adopted across all departments, procedures exist for the
provision, ordering, reporting lost or stolen and disposal of corporate portable devices. This
policy covers all portable devices and related equipment, whether these are issued to an
individual or as part of a departmental pool.

2. Purpose
The purpose of this policy is to ensure users are aware of the controls and methods BetMakers
has put in place to manage and secure portable devices. Users are expected to comply with the
policy to ensure that devices and data are protected, and the BetMakers’ ICT computer network
and devices are appropriately secured from unauthorised access and compromise.

3. Scope
This policy applies to the use and configuration of all portable devices that have been provided
by BetMakers (corporate) and personal devices which are used for accessing BetMakers
systems. The policy covers all employees, elected members, contractors, volunteers,
apprenticeships, student/work experience placements and partner agencies who have access to
these devices, described as “users” within this document. All corporate portable devices
including smartphones, non-smartphones, dongles, tablets with SIMs, SIMs and MiFi devices
are also covered by the policy.

4. Policy Statement
All portable devices issued by BetMakers, must only be used in accordance with BetMakers
relevant policies.
Portable devices supplied by BetMakers, are not to be loaned or given out to anyone else,
unless in exceptional circumstances where appropriate management authorisation has been
granted and a record is kept.

Portable Device Policy

4
 INTERNAL

5. Portable Devices
Information contained on portable devices (e.g. laptops, tablets, smartphones, cameras, audio
recorders, USBs) is especially vulnerable and special care must be taken to ensure that those
items are secure. Sensitive information in portable devices should be protected by the use of
encryption or other access control mechanisms.

● Portable devices on BetMakers premises left unattended outside of working hours, must
be stored out of sight in a drawer or cabinet when not in use.

● Portable devices left unattended in any location, must be secured using suitable
password protection and data encryption on drive storage.

● Portable devices left unattended outside of BetMakers premises, including when in

transit, must be out of sight and/or within locked storage with suitable password
protection and data encryption on drive storage.

● All portable devices that contain BetMakers information must be physically protected
from loss or damage.

● All portable devices that contain BetMakers information must comply with the security
configuration. This includes installation of a corporate security solution, PIN-code and/or
password enforcement and the ability to remotely disable or wipe the device.

● All portable devices that contain BetMakers information must not be "jailbroken"
(reconfigured to allow customised interface and non-approved applications usage) or
otherwise have their configuration changed in a way which is not supported by the
device manufacturer.

5.1 Personal Devices

If BetMakers employees and contractors personal devices have BetMakers information or
services (e.g. Email, Slack, AWS or GCP) they must have PIN-code and/or password
enforcement or the ability to remotely disable or wipe the device.

6. Working Remotely
All staff or contractors working away from BetMakers locations, including those travelling,
working from home or working from a third-party location must comply with the following security
requirements:

● Only BetMakers allocated devices are to be used when working remotely unless prior
approval is given.

● Do not leave any information or devices unattended in locations where they might be
accessed by unauthorised persons, including any public locations.

● All portable devices used to store and transmit BetMakers information must be
encrypted. No attempts must be made to disable encryption or transfer information onto
unencrypted devices.

Portable Device Policy

5
 INTERNAL

● Always keep documents, laptops and other portable devices with you when flying.
Always have them as carry-on/hand luggage. Do not check them into the hold of the
aircraft, unless it is legally required to do this.

● When travelling in a vehicle, keep documents, laptops and other portable devices out of
sight, ideally locked in the luggage compartment of the vehicle. Do not leave these items
on car seats or foot-wells.

● Additional Information Security precautions are required for travelling to countries where
the risk of information being compromised is higher.

Employees should check with the BetMakers Security team before travelling. Please refer to the
Remote working policy for more information

7. Confidential Information
All users of BetMakers technology have agreed to keep BetMakers information confidential via
their employment agreement, their independent contractor agreement or their agreement with a
BetMakers supplier, under which they provide services to BetMakers. Under these agreements,
employees must not sell or transfer BetMakers software, documentation or any type of
BetMakers information to any party outside BetMakers unless the sale or transfer is authorised
by the designated BetMakers owner. It is recommended that documents are not stored on the
computer desktop and should instead be moved and stored in a shared cloud drive.

BetMakers employees must perform the following:

● Lock their computer screens when their workspace is unattended.

● Laptops must be stored out of sight at the end of the workday unless they are being
retained under the direct physical control of the authorised user. Any instances of lost/
stolen laptops must be reported immediately to the BetMakers Security team so that the
device can be locked down remotely.

● Passwords must not be posted on or under a computer or in any other accessible

location.

8. Information Transfer
8.1 Telephone/Mobile Phone
As phone calls may be monitored, overheard or intercepted either deliberately or accidentally,
care must be taken as follows:

● Transferred information must be kept to a minimum.

● Personal or confidential information must not be transferred over the telephone unless
the identity and authorisation of the receiver has been appropriately confirmed.

8.2 Electronic memory, (CD, DVD, USB drive, Memory Card)

Information must be enclosed in a file and encrypted using a product approved by the company.
Minimum standard for encryption is AES (256 bit).

Portable Device Policy

6
 INTERNAL

● Any password must be to BetMakers standard (as outlined in the Access Control and
Password Management Policy.)

● Any password to open the attached file must be transferred to the recipient using a
different method than e-mail, e.g. Slack, Text Message, phone call etc.

● An accompanying message should contain clear instructions on the recipient’s

responsibilities, and instructions on what to do if they are not the correct recipient.

● An accompanying message and the filename must not reveal the contents of the
encrypted file.

● The sender must check at an appropriate time that the transfer has been successful, and
immediately report any issues to their manager.

Portable Device Policy

7