Mobile Device Security Policy
Requirements for using mobile devices to access organizational data including company-owned and personal devices
Mobile Device Security Policy
| Field | Value |
|---|---|
| Document ID | POL-015 |
| Classification | Internal |
| Owner | CTO (interim CISO) |
| Effective Date | April 2026 |
| Review Cycle | Annual |
1. Purpose
This policy defines the requirements for using mobile devices to access organizational data. Both company-owned and personal devices may be used for work purposes, subject to compliance with this policy. Non-compliance may result in revocation of access to organizational systems.
2. Scope
This policy applies to all laptops, smartphones, tablets, and other mobile devices used to access organizational data through Google Workspace and Google Workspace Mobile & Endpoints (Endpoint Management).
3. Policy
3.1 Acceptable Use
- Devices accessing organizational data must be secured with screen lock protection
- Operating systems and applications must be kept up to date
- Only authorized Google Workspace accounts may be used for work access
- Organizational data must be accessed only through approved applications
- Unauthorized sharing or storage of business data is prohibited
3.2 Device Security Requirements
- Devices must have password, PIN, or biometric protection enabled
- Device encryption must be enabled where supported
- Devices must run supported OS versions
- Loss or theft of device must be reported immediately
- Local storage of business data should be minimized
3.3 Google Workspace Mobile & Endpoints Enrollment
- Devices accessing organizational data must be enrolled in Google Workspace Mobile & Endpoints
- Only compliant enrolled devices are permitted to access company email and documents
- Device compliance is monitored through Google Workspace Admin Console
- Non-compliant devices may be blocked automatically
- Access to organizational resources may be restricted to managed devices only
3.4 Data Containerization
- Organizational data is accessed through Google Workspace applications (Gmail, Drive, Docs, etc.)
- Data remains within managed Google Workspace environment
- Access to organizational data is restricted to authenticated users
- Google Workspace Mobile & Endpoints controls access to organizational data on enrolled devices
- Downloading or storing data outside approved applications should be avoided
- Access sessions can be revoked for non-compliant or compromised devices
3.5 Laptops (macOS / Windows)
- Must be password protected
- Must be updated with latest OS patches
- Must access data through Google Workspace applications
- Security settings must not be disabled
- Device access may be controlled through Google Workspace Mobile & Endpoints policies
3.6 Smartphones and Tablets
- Must be enrolled in Google Workspace Mobile & Endpoints
- Must use device lock protection
- Must run supported OS versions
- Access limited to approved Google Workspace apps
- Non-compliant or unmanaged devices may be automatically blocked from accessing Google Workspace services
3.7 Audits
Periodic checks may be performed to verify compliance of devices enrolled in Google Workspace Mobile & Endpoints.
4. Enforcement
Non-compliance may result in:
- Revocation of device access
- Removal of organizational account access
- Session termination
- Device access restriction
- Disciplinary action as per company policy