ISO 27001 Mobile and Teleworking Policy Template for ISO 27001. An ISO 27001 template.

Mobile and Teleworking Policy

The ISO 27001 Mobile Policy and Teleworking Policy is to manage the risks introduced by using mobile devices and to protect information accessed, processed and stored at teleworking sites. Mobile device registration, assigned owner responsibilities, Mobile Firewalls, Remote Wipe and Back up are covered in this policy.

Mobile and Remote Working Policy
Mobile and Remote Working Policy

Purpose

To manage the risks introduced by using mobile devices and to protect information accessed, processed and stored at teleworking sites.

Scope


All company employees and external party users.
All company mobile devices.
All personal devices used to access, process or store company information.

Mobile and Teleworking Policy Principle

Mobile devices and remote sites are to have adequate protection of company information.

Overview

The policy includes the popular Bring Your Own Device Policy, often abbreviated to BYOD. There are considerations for data protection and GDPR. The policy is not designed to prevent employees from flexible working, rather it is intended to protect the information assets of the business in a practical and pragmatic way. Where possible it would be good practice for mobile devices that connect to confidential business data to be provided by, and managed by, the business. These would be managed by the asset management process and covered by the asset management policy.

Contents Extract

Document Contents
Purpose
Scope
Mobile and Teleworking Policy
Principle
Mobile Policy
Mobile Device Registration
Mobile Device Assigned Owner Responsibilities
Mobile Device Firewall
Mobile Remote Wipe
Mobile Back Up
Teleworking / Remote Working Policy
Bring Your Own Device Policy ( BYOD )
Policy Compliance
Compliance Measurement
Exceptions
Non-Compliance
Continual Improvement

Remote Working FAQ

Can I use my own device at work?

Yes. Technically this is possible. It is about risk mitigation. Restricting access to confidential and sensitive data based on role based access in addition to having technical controls on the device will reduce the risk.

Is BYOD, Bring Your Own Device and the Mobile and Teleworking Policy the same thing?

Yes. They all cover the same topics.

My manager wants an iPad in breach of policy. Is that allowed?

A policy is a statement of what you do. A policy is flexible enough to cover exceptions. By using compensating controls this can be perfectly fine. You would record the exception and authorise it via the Management Review Team meeting. Examples of compensating controls include: role based access, signing a waiver and acceptance, additional technical controls, regular device audit.

Scroll to Top