Personal Communication Devices and Voicemail Policy

1.0 Purpose
This document describes Information Security's requirements for Personal Communication Devices and Voicemail for Richmond Investments.

2.0 Scope
This policy applies to any use of Personal Communication Devices and Richmond Investments Voicemail issued by Richmond Investments or used for Richmond Investments’ business.

3.0 Policy
3.1 Issuing Policy
Personal Communication Devices (PCDs) will be issued only to Richmond Investments personnel with duties that require them to be in immediate and frequent contact when they are away from their normal work locations. For the purpose of this policy, PCDs are defined to include handheld wireless devices, cellular telephones and laptop wireless cards. Effective distribution of the various technological devices must be limited to persons for whom the productivity gained is appropriate in relation to the costs incurred.

Handheld wireless devices may be issued, for operational efficiency, to Richmond Investments personnel who need to conduct immediate, critical Richmond Investments business. These individuals generally are at the executive and management level. In addition to verbal contact, it is necessary that they have the capability to review and have documented responses to critical issues.

3.2 Bluetooth
Hands-free enabling devices, such as the Bluetooth, may be issued to authorized Richmond Investments personnel who have received approval. Care must be taken to avoid being recorded when peering Bluetooth adapters, Bluetooth 2.0 Class 1 devices have a range of 330 feet.

3.3 Voicemail
Voicemail boxes may be issued to Richmond Investments personnel who require a method for others to leave messages when they are not available. Voicemail boxes must be protected by a PIN which must never be the same as the last four digits of the telephone number of the voicemail box.

3.4 Loss and Theft
Files containing confidential or sensitive data may not be stored in PCDs unless protected by approved encryption. Confidential or sensitive data shall never be stored on a personal PCD. Charges for repair due to misuse of equipment or misuse of services may be the responsibility of the employee, as determined on a case-by-case basis. The cost of any item beyond the standard authorized equipment is also the responsibility of the employee. Lost or stolen equipment must immediately be reported.

3.5 Personal Use
PCDs and voicemail are issued for Richmond Investments’ business. Personal use should be limited to minimal and incidental use.

3.6 PCD Safety
Conducting telephone calls or utilizing PCDs while driving can be a safety hazard. Drivers should use PCDs while parked or out of the vehicle. If employees must use a PCD while driving, Richmond Investments requires the use of hands-free enabling devices.

4.0 Enforcement
Any employee found to have violated this policy may be subject to disciplinary action that leads to being ineligible for continued use of PCDs. Extreme cases could lead to additional discipline, up to and including termination of employment.

5.0 Definitions
Term Definition
Bluetooth Bluetooth is an industrial specification for wireless personal area networks (PANs), also known as IEEE 802.15.1. Bluetooth provides a way to connect and exchange information between devices such as personal digital assistants (PDAs), and mobile phones via a secure, globally unlicensed short-range radio frequency. Source: Wikipedia

Confidential or sensitive data All data that is not approved for public release shall be considered confidential or sensitive.

6.0 Revision History
Revised on 05/15/2012.
Revision by Shawn Andreas, IT Director, Richmond Investments, Phoenix, AZ branch.

Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
© SANS Institute 2006 All Rights Reserved