Purpose and Scope
This policy defines best practices to reduce the risk of data loss/exposure through workstations. This policy applies to all employees and contractors. Workstation is defined as the collection of all company-owned and personal devices containing company data.
Policy
-
Workstation devices must meet the following criteria:
- Operating system must be no more than one generation older than current
- Device must be encrypted at rest
- Device must be locked when not in use or when employee leaves the workstation
- Workstations must be used for authorized business purposes only
- Loss or destruction of devices should be reported immediately
- Laptops and desktop devices should run the latest version of antivirus software that has been approved by IT
-
Desktop & laptop devices
- Employees will be issued a desktop, laptop, or both by the company, based on their job duties. Contractors will provide their own laptops.
- Desktops and laptops must operate on macOS, Linux or Windows.
-
Mobile devices
- Mobile devices must be operated as defined in the Removable Media Policy, Cloud Storage, and Bring Your Own Device Policy.
- Mobile devices must operate on iOS or Android.
-
Removable media
- Removable media must be operated as defined in the Removable Media Policy, Cloud Storage, and Bring Your Own Device Policy.
- Removable media is permitted on approved devices as long as it does not conflict with other policies.
Last updated: 2nd November 2021