Ref. No.: CPP-IT-0203_V1_Teleworking and Mobile Device Policy.doc 

Prepared	W. Cundangan		09/21/2015
Approved	R. Tan		09/22/2015

4.1 For teleworking and mobile working, access to Infinit-O information and applications (including email) can be attained via use of Infinit-O commissioned devices. This is composed but not limited to Computers, Laptops, Mobile Devices, Tablets 

4.2 Team members entrusted with a company laptops and mobile devices are responsible for ensuring that it is regularly connected to the company network for automatic upgrade of anti-virus software and other software. 

4.3 Mobile devices distributed by the Company should only be used by authorized parties in accordance with the Company Acceptable Use Policy and associated security policies. 

4.4 All users accessing Infinit-O resources via teleworking and mobile devices (company owned or not) must abide by the company security policies. 

4.5 Active equipment that is unlocked and in use should not be left unattended at any time. 

4.6 A password should be set up and used on all equipment that can be locked by use of a password. For example, ipad devices can be set locked using a password and this facility should not be disabled by the user. 

4.7 Users must not alter or disable any element of the configuration of devices, including data encryption and anti-virus software 

4.8 Connection to the Infinit-O’s network should only be attempted using the credentials which team members are issued with. Connection using network infrastructure that does not belong to the Company may enable traffic to be viewed, altered or deleted by an attacker 

4.9 Users conducting teleworking/mobile working should not allow or give permission for unauthorised users (including family and friends) to use that PC/mobile device. 

4.10 Any information concerning passwords, usernames, network credentials or requirements/ability used to access the Company information and systems by teleworking/mobile working must not be shared with other team members, unauthorised users, third party vendors, family, friends or members of the public 

4.11 During short periods of time when devices are not being used (e.g. when on the phone) users must lock PCs and devices to prevent screens being overlooked. For example, on PCs/laptops this can normally be achieved by holding down the ctrl-altdel keys together and choosing the ‘lock computer’ option or by holding down the Windows (flag) key and hitting the L key. 

4.12 Users should ensure that all applications are properly closed/logged off, browsers are closed and internet sessions are logged off, prior to network connections being logged off and closed. 

4.13 On completion of work, teleworkers/mobile workers should fully power down or log off remote devices like laptops and thin clients. Devices should not be suspended but fully powered down. 

4.14 Transfer of personal or restricted information must take place through a secure, encrypted channel (identified by the https address prefix and padlock symbol) using suitable software/applications. 

4.15 Person identifiable information and/or business data should not be stored on the PC/mobile device. If possible data should be accessed from and be stored on company servers or on password protected and encrypted portable/removable media. 

4.16 Person identifiable information and data should only be sent using official channels, authorised software/applications and official equipment deemed fit for the purpose. For example, messages containing person identifiable information and data should not be sent via SMS/TXT. 

4.17 Users should always be aware of the potential for other people (including family, friends, colleagues and intruders) to overlook screens and keyboards and view personal, confidential information or passwords. Users should check that this is not taking place during processing of data. 

4.18 It is possible to access Infinit-O email from a remote location (such as home) using non-wireless or wireless technology. This should only be attempted using a web browser via https://mail.google.com . Team members must ensure when using this service that https is displayed at the start of the address line and the padlock symbol is displayed on the browser window. At the end of using this email service staff must logoff webmail and close the browser window. Failure to do so can leave the account accessible to hackers. 

4.19 Extra care should be taken to properly close all applications, network connections and web browsers when using PCs, mobile devices and software not officially provided by the company. Passwords, logon credentials and sensitive files can be left behind on un-trusted devices, making them readily available to subsequent users. 

4.20 Team members should only use a home Wi-Fi system as a last resort but if this becomes necessary they must ensure that the network is a secure as possible. Team members must connect via Wi-Fi through WPA2 standard (as minimum) and that they adhere to the Infinit-O password provisions. (See accompanying information concerning ‘Wi-Fi security’ at the end of this policy) 

4.21 In the event that a user becomes aware of an information or data breach or accidental disclosure, this matter must be reported immediately via the Company Incident Reporting Procedures (QMMS).