Mobile Device Policy

Mobile Device Policy

Overview & Purpose

[Company Name] recognizes that mobile devices are essential tools for a modern remote workforce. This policy establishes guidelines for the secure use of mobile phones, tablets, and other portable devices that access company systems, data, or communications. The goal is to reduce risk and protect company and client information from unauthorized access or loss.

Scope

This policy applies to all employees, contractors, and vendors who use a mobile device—whether company-issued or personally owned—to access [Company Name] systems, email, cloud services, or confidential data.

Policy

1. Approved Devices

Employees may use personally owned mobile devices (Bring Your Own Device – BYOD) or company-issued devices if they meet the following conditions:

• The device is password- or biometric-protected
• The operating system is up to date
• The device has not been “jailbroken” or rooted

2. Access to Company Data

Only approved applications and secure methods (e.g., VPN, SSO) may be used to access company systems. Email and file access must be configured to use secure protocols (e.g., TLS) and may require two-factor authentication (2FA).

3. Security Requirements

• Devices must have screen locks enabled (PIN, fingerprint, or facial recognition)
• Automatic locking must be set to activate after a short period of inactivity (5 minutes or less)
• Device encryption must be enabled if supported by the operating system
• Antivirus software is recommended when available
• Public Wi-Fi should be avoided or used only with a secure VPN

4. Lost or Stolen Devices

Employees must report lost or stolen devices immediately to the [Company Name] security or IT team. In such cases:

• Company data must be remotely wiped if possible
• Device access to company systems will be revoked

5. Acceptable Use

Mobile devices must not be used to:

• Store unencrypted company data
• Share credentials or sensitive data via unapproved apps
• Download or install unapproved software or apps that could compromise data security

Use of company-issued devices must comply with all other [Company Name] policies, including the Acceptable Use Policy.

6. Monitoring and Management

[Company Name] reserves the right to:

• Require enrollment in a Mobile Device Management (MDM) system
• Audit access logs or device compliance as needed
• Remove or limit access to company resources on non-compliant devices

7. Offboarding

Before an employee leaves the company or changes roles:

• Access to company accounts must be revoked
• Devices must be returned or wiped of company data
• Company-issued devices must be inspected and cleared by IT or security staff

Compliance

All employees and contractors are required to comply with this policy. Non-compliance may result in disciplinary action, including removal of access or termination of employment. Company data security is a shared responsibility.

Review History