The ITAM Review

News, reviews and resources for worldwide ITAM, SAM and Licensing professionals.

What to Include in a Mobile Device Policy?

If you want to develop a policy for the management of mobile devices in your organization – what should be included? What is in scope?

I’m assuming that a mobile device policy is an extension of a general IT or acceptable use policy and is likely to include, phones, smart phones, PDAs, scanners, tablets and other mobile devices.

I have included some ideas below – is there anything I’ve missed here?

Business Justification

  • Requirement – when do staff get issued a phone or mobile device? Which circumstances? What justification?
  • Jurisdiction  – Is it a company-supplied device with company contract, a company-financed device with personal contract or outright personal device?
  • Sharing – Is it a shared or pooled device or allocated to one individual?
  • Device Choice – Do different types exist depending on circumstances e.g. smart phone or regular phone?
  • Internal Costing – How will the cost be internally charged? What happens if the device is surrendered before the end of the minimum contract term?

Mobile Asset Lifecycle

  • Security Register – Will the device be logged on a third party security register in the event of loss?
  • Device Recovery – How is a device recovered when a member of staff leave or no longer require a device?
  • Damaged Handsets – How are they handled, how are replacements managed? Insurance?
  • Device Asset Register – Phone Number, Device, International Mobile Equipment Identity (IMEI), Owner etc.
  • Loss or Theft
  • Handset Recycling / Sustainability

Acceptable Usage

  • Data Allowance, Data Roaming and Management Thereof
  • International calls and international data
  • How is usage monitored?
  • Call Barring
  • Personal Calls /Usage
  • Data Storage – e.g. MP3 storage? data backup?

IT Governance

  • User Privacy
  • Configuration Settings (e.g. should internet be routed through a corporate proxy)
  • Signature file
  • Dropbox or other other corporate data / Intellectual property controls
  • Skype policy
  • Usage whilst Driving or otherwise occupied
  • Health Advice
  • Social media policy
  • Email use
  • Server / network access policy
  • Auto-Lock policy
  • Apps – purchase of, use of, ownership, data usage, privacy settings etc.

Is there anything else to add here? Please leave a comment below or contact me directly. Thanks.

About Martin Thompson

Martin is owner and founder of The ITAM Review, an online resource for worldwide ITAM professionals. The ITAM Review is best known for its weekly newsletter of all the latest industry updates, LISA training platform, Excellence Awards and conferences in UK, USA and Australia.

Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.

He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.

Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).

When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.

Connect with Martin on LinkedIn.

One Comment

  1. Additional feedback from a reader:

    “Under business justification I’d add reimbursement considerations and under IT Governance I’d add Policy Violations and Security considerations”

    LinkedIn Discussion Here:

Leave a Comment