Catalyst supports device usage to achieve business goals. Though they enable our business and our lives, it is important to recognize that computing devices also represent a serious security risk. Unauthorized access to data and IT infrastructure can subsequently lead to data breaches and system vulnerability.
Any individual computing apparatus outside the production infrastructure that accesses company resources are subject to this policy. These devices include, but are not limited to, desktops, laptops, smartphones, tablets, etc.
Catalyst will provide all necessary desktop computing devices to complete job duties as they are defined for each employee.
Non-Employees will need to negotiate use of Catalyst resources as part of their agreement with Catalyst. If Catalyst computing devices are not used, then the devices will be treated as personal.
- Device operating systems should be updated regularly, and users should not delay any available update more than two months without a specific reason.
- Jailbroken devices are strictly forbidden.
- Devices may not be used as a gateway, and devices should be accounted for singularly.
- No device should threaten Catalyst system integrity.
- Devices must be capable of supporting an adequate security function.
Software on Devices
- Approved devices will require the ability to run a Catalyst agent.
- All devices require an activated lock screen.
- Any device must contain an approved up-to-date anti-malware system.
- Applications ("apps") should only be installed from manufacture approved sources.
- Devices must not run illegal or pirated software.
- Any commercial software on the device must be properly licensed.
- Catalyst is not responsible for any data loss in the event of a selective or full wipe of any system-connected-device.
Failure to comply with the requirements set forth in this document will result in the disconnection of the device from Catalyst Systems. Catalyst reserves the right to retire devices and/or remove access from any device at any time. Catalyst is not responsible for any data loss in the event of a selective or full wipe of any system connected device.
Violations of the policy will be met with corrective action and carry the possibility of disciplinary action up to, and including, termination.
Owner: Security and Compliance Committee
$Date: 2018-12-13 12:29:08 -0700 (Thu, 13 Dec 2018) $
$Revision: 472629 $