Professional Documents
Culture Documents
Aug 2021
G Elliott
G Elliott (Oct 4, 2021 14:11 GMT+1)
Oct 4, 2021
Document Owner: CEO
Table of Contents
Revision History .......................................................................................................................... 2
1 Introduction .......................................................................................................................... 3
2 Policy ..................................................................................................................................... 3
2.1 Remote wipe................................................................................................................... 3
2.2 Review and Support ...................................................................................................... 3
2.3 Risks/ Liabilities/ Disclaimers ........................................................................................ 3
3 Compliance with Data Protection Obligations .................................................................... 4
4 Effect of non-compliance ..................................................................................................... 4
Annexure 1: Standard for Securing Personal Devices ............................................................. 5
1. Updates .......................................................................................................................... 5
2. Passwords and Secure Login ........................................................................................ 5
3. Software and Applications ............................................................................................ 5
4. Security Settings ........................................................................................................... 5
Annexure 2: User Confirmation .................................................................................................. 6
Declaration................................................................................................................................... 7
Revision History
VERSION NO. DATE ISSUED BRIEF SUMMARY OF CHANGE APPROVED BY
V1.0 05 July 2019 Document first issued Gary Elliot
V1.1. 11 Feb 2020 Information updated
V1.2 27 Mar 2020 Contact numbers changed
V2.0 19 Aug 2021 Annual Review and update with Gary Elliot
RightCue
Responsibility Matrix
Policy Role ATI Role Title / Organisation
Chief Information Security Officer Chief Operating Officer
Data Protection Compliance Manager Chief Technology Officer
IT Systems Manager IT Systems Manager
IT Administrator / IT Helpdesk Response IT
1 Introduction
This policy applies to all ATI directors, employees, independent contractors, including
suppliers and other third parties working for or on behalf of ATI who have access to ATI
systems, including network and related equipment, cloud services, documents, data and
information (“user”).
You may use laptops, PCs, smartphones, and tablets of their choosing at work for your
convenience. ATI can only continue with this arrangement should you abide by the policies and
procedures outlined below.
This policy is intended to protect the security and integrity of ATI’s data and technology
infrastructure and that of its customers. Limited exceptions to the policy may occur due to
variations in devices and platforms. All exceptions will need to be approved by the IT Systems
Manager.
2 Policy
• Use of personal devices to access company resources and information is allowed if the
devices meet the security requirements set out in the Annexure ‘Standard for Securing
Personal Devices’ to this policy. It is the responsibility of the users to ensure that their
personal devices always meet these requirements.
• Providing access to personal devices is at the discretion of the IT Systems Manager.
2.1 Remote wipe
You will allow the company data to be wiped remotely if:
• The device is lost.
• The engagement is terminated.
• We detect a data or policy breach, a virus or similar threat to the security of the
company’s data and technology infrastructure.
2.2 Review and Support
• ATI reserves the right to request an audit of your devices to review the configuration of
standard apps, such as browsers, office productivity software and security tools. This
audit would be carried out by the IT Administrator. It may involve a remote session
where the engineer will review your security setting and installed software.
• Before contacting the device manufacturer/ their carrier/the original retailer for
operating system or hardware-related issues, such issues should be first referred to the
IT Administrator so that the device can be disconnected from ATI services and ATI
related data removed. Connectivity, security, and software issues should also be
referred to the IT Administrator.
2.3 Risks/ Liabilities/ Disclaimers
• It is your responsibility to take precautions against data loss such as backing up
documents, email, contacts, etc., and you assume full liability for data loss for any
reason.
• Lost or stolen devices must be reported to ATI immediately, via the IT Helpdesk, IT
Systems Manager and Chief Operating Officer and in no event later than 24 hours after
discovery. You are responsible for notifying your mobile carrier immediately upon
discovery of the loss of a device. You should report any theft or burglary of devices to
the local law enforcement agency and obtain a crime reference number.
• You are expected to use your devices ethically at all times and adhere to ATI’s
Acceptable Use Policy as outlined above.
• You are personally liable for all costs associated with your device unless otherwise
contractually agreed.
• You assume full liability for risks including, but not limited to, the partial or complete
loss of company and personal data due to an operating system crash, errors, bugs,
viruses, malware, and other software or hardware failures, or programming errors that
render the device unusable.
4 Effect of non-compliance
ATI reserves the right to take appropriate disciplinary action up to and including termination of
consultant/contractor status or appropriate disciplinary action in case of employees for non-
compliance with this policy
Do your devices (e.g. laptops, mobile phones, tablets) that will be used for
business purpose comply with ATI’s BYOD policy?
Are each of your devices protected with a strong password? Please refer to
Annexure 2 for password guidelines.
Are all defaults passwords on your user and administrator account disabled?
Have you enabled your device to lock itself after five incorrect login attempts?
Use of software
Malware Protection
Do you install all your applications from App-store, Play Store or Store (Apple,
Android, and Windows users respectively?)
Do you use a unique password and username when accessing your user account
on your device?
Do you use a unique password and username when accessing your admin
account on your device? (This applies to all users with administrative accounts)
Encryption
Declaration
I_____________________________________________________ declare that I have read, understood and
will comply with ATI’s BYOD Policy.
Name
Signature
Date