Workstation Policy
Purpose and Scope
This policy defines best practices to reduce the risk of data loss/exposure through workstations. This policy applies to all employees and contractors. Workstation is defined as the collection of all company-owned and personal devices containing company data.
Policy
-
Workstation devices must meet the following criteria:
-
Operating system must be no more than one generation older than current
-
Device must be encrypted at rest
-
Device must be locked when not in use or when employee leaves the workstation
-
Workstations must be used for authorized business purposes only
-
Loss or destruction of devices should be reported immediately
-
Laptops and desktop devices should run the latest version of antivirus software that has been approved by IT
-
Desktop & laptop devices
-
Employees will be issued a desktop, laptop, or both by the company, based on their job duties. Contractors will provide their own laptops.
-
Desktops and laptops must operate on macOS, Linux or Windows.
-
Mobile devices
-
Mobile devices must be operated as defined in the Removable Media Policy, Cloud Storage, and Bring Your Own Device Policy.
-
Mobile devices must operate on iOS or Android.
-
Removable media
-
Removable media must be operated as defined in the Removable Media Policy, Cloud Storage, and Bring Your Own Device Policy.
-
Removable media is permitted on approved devices as long as it does not conflict with other policies.