A Mobile Acceptable Use Policy (MAUP) is a formal agreement between an organization and the employees from that organization. This document sets out the acceptable rules for mobile device usage. Also this document will review any penalties that could be applied resulting from the rule violation from incorrect use of mobile devices.
The purpose of this policy is to define procedures, standards, and corporate impacts for end users that use a mobile device for access to corporate data. This device policy applies to, but is not limited to, any device that is used for corporate access. The device types, noted in this section, primarily are focused on Bring Your Own Device (BYOD) to work, but also can impact any mobile device provided by the company. These devices can include:
Smartphone (of any type)
Mobile phones
Any style of tablet computers
PCs
Notebook or Laptop (or any device that has access to the corporate network)
Portable media devices, netbooks, or PDAs
This policy was created to protect corporate data and the corporation's reputation. It is imperative that each person manages their mobile devices to make sure that the corporate network and data is safe and secure. Every employee must sign this agreement and must follow all the corporate rules. This policy will apply to all employees, contractors, vendors, and/or anyone that will connect to the corporate network.
The following example rules can be used in your BYOD template. Each rule must be evaluated to make sure it fits your corporate environment:
These rules include BYOD devices that all must be registered with the corporate Mobile Device Management (MDM) system or manager. This is an automated process and must be completed by all users. Before a device can be connected to the corporate network, the employee must obtain an approval from their manager. Management can terminate a device connection at any time for any reason.
The corporation may install virus and/or protection software on this device any time. End users must accept the corporate network software or they will lose access to the network.
Access and use of the device that connects to the corporate network will be tracked as needed by the corporation.
If a device is deemed "compromised" then it will be blocked from accessing the corporate network.
The end user will be responsible for notifying the company if a device is stolen within one business day.
If the device is lost and/or stolen then all the data, personal and business, will be wiped from the device if the device goes online and the device will be blocked from accessing the corporate network.
Since this is a BYOD device, the owner is responsible for replacing the physical device if the device is lost, stolen, or damaged.
The company will enforce security on the device and will force a password change down to each device that will expire every 90 days. Passwords are never shared with anyone at any time.
The end user will not jailbreak devices or execute any rooting on the Android devices.
Data that is hosted on the mobile device (for example, corporate applications or e-mail) is never transferred or copied to a non-approved corporate application. Refer to
https://corporate.mobile.example.comfor more information.Sharing corporate data on any non-corporate site (for example, shared social sites) is a violation of the company policies and is grounds for termination.
The user will keep the software on the mobile devices up-to-date with the latest version.
The user will only install apps from trusted locations.
It will be the end user's responsibility to make sure that people are not shoulder reading their material. In some cases, a glare screen can be purchased that can help with this issue.
A Mobile Acceptable Use Policy (MAUP) is a formal agreement between an organization and the employees from that organization. This document sets out the acceptable rules for mobile device usage. Also, this document will review any penalties that could be applied resulting from the rule violation from incorrect use of mobile devices.
This specific policy will focus primarily on devices that are provided to the employee by the corporation. These devices can include:
Smartphone (of any type)
Mobile Phones
Any style of table computers
PCs
Notebook or Laptop
All corporate devices must be registered with the corporate Mobile Device Management (MDM) system. This is an automated process and must be completed by all users.
Before a device can be connected to the corporate network, the employee must obtain an approval from their manager.
The following example rules can be used when a corporate device is provided to you by the end user. Each rule must be evaluated to make sure it fits your corporate environment:
Management can terminate a device connection any time, for any reason, to the corporate network.
The corporation will install virus and/or protection software on corporate owned phone/devices. End users must accept corporate network software or they will lose access to the device and the corporate network.
Access and use of the device will be tracked as needed by the corporation.
If a device is deemed "compromised", then it will be blocked from accessing the corporate network. (This can happen without notification to the end user)
The end user will be responsible for notifying the company if a device is stolen within one business day. All the data will be wiped from the device if the device goes online, and the device will be blocked from accessing the corporate network.
If the device is lost and/or stolen then all the data, personal and business, will be wiped from the device if the device goes online, and the device will be blocked from accessing the corporate network.
Since this device is a corporate device, end users may not use the device for personal use.
The end users may only use the corporate provided device for business use only. The device may not be used to run a personal business and/or for any personal use.
Since this is a corporate owned device, the corporation is responsible for device support, maintenance, and if the device is lost or damaged.
The company will enforce security on the device and will force a password change down to each device that will expire every 90 days. Passwords are never shared with anyone anytime.
The end user will not jailbreak the device or execute any rooting on the Android devices.
The user will keep the software on the mobile devices up-to-date with the latest version.
The user will only install apps from trusted locations.
It will be the end user's responsibility to make sure that people are not shoulder reading their material. In some cases, a glare screen can be purchased that can help with this issue.
Data that is hosted on the mobile device (for example, corporate applications or e-mail) is never transferred or copied to a non-approved corporate application. Refer to
https://corporate.mobile.example.comfor more information.Sharing corporate data on any non-corporate site (for example, shared social sites) is a violation of the company policies and are grounds for termination.
The owner will not execute any illegal actions on the device.