Device Management

Introduction

Catalyst supports device usage to achieve business goals. Though they enable our business and our lives, it is important to recognize that computing devices also represent a serious security risk. Unauthorized access to data and IT infrastructure can subsequently lead to data breaches and system vulnerability.

Scope

Any individual computing apparatus outside the production infrastructure that accesses company resources are subject to this policy. These devices include, but are not limited to, desktops, laptops, smartphones, tablets, etc.

Policy

Device Requirements

  • Device operating systems should be updated regularly, and users should not delay any available update more than two months.
  • Jailbroken devices are strictly forbidden.
  • Devices may not be used as a gateway, and devices must be accounted for singularly.
  • No device should threaten Catalyst system integrity.
  • Devices must be capable of supporting an adequate security function.

Software on Devices

  • Approved devices will require the ability to run a Catalyst agent.
  • All devices require an activated lock screen.
  • Any device must contain an approved up-to-date anti-malware system.
  • Applications ("apps") should only be installed from manufacture approved sources.
  • Devices must not run illegal or pirated software.
  • Any commercial software on the device must be properly licensed.

Compliance

Failure to comply with the requirements set forth in this document will result in the disconnection of the device from Catalyst Systems. Catalyst reserves the right to retire devices and/or remove access from any device at any time. Catalyst is not responsible for any data loss in the event of a selective or full wipe of any system connected device.

Violations of the policy will be met with corrective action and carry the possibility of disciplinary action up to, and including, termination.

Exceptions

If there is a reason for a device to be exempted from this policy, then a risk assessment must be conducted by the company's IT department. The exception must be documented and approved by the SCC.

Colophon

Owner: Security and Compliance Committee

$Date: 2018-07-18 08:18:26 -0600 (Wed, 18 Jul 2018) $

$Revision: 468886 $

results matching ""

    No results matching ""