Laptop, Desktop, and Mobile Device Security Policy

This Rules/Policy document is provided to you and your organization as a starting point or maturity checkpoint for existing rules/policies. It is brought to you on behalf of Jim McConnell, Principal Owner, and Ask McConnell, LLC — A Converged Security Services Provider. The content is not meant to cover every circumstance, industry, law, regulation, contractual requirement, threat, environment, or risk, but it provides an easy, defendable, highly accountable starting point for any organization. Please consult with your legal counsel and insurance provider about added requirements. If you know of peers that you think would find value in these resources, please have them contact us. These will be updated on our website regularly. We are not legally protecting these documents; we just ask for credit, shout-outs, and referrals if you find them helpful. If you have recommended updates, we are all ears. And if you need Converged Security Consulting and Training, please reach out, we would be honored to serve you and your organization.

Jim McConnell  |  info@askmcconnell.com  |  askmcconnell.com

Laptop, Desktop, and Mobile Device Security Policy

Updated: 6 April 2025

Protecting human lives is the highest requirement of our entire organization, whether they are employees, customers, volunteers, visitors, or part of our supply chain while under some nexus to our organization. Many times things we do online will impact people’s lives physically, financially, and emotionally.

  • I will report security incidents, concerns, vulnerabilities, and threats to my supervisor or the organization’s Ethics Hotline as soon as possible and safe. If they are not available and I feel unsafe, I will contact law enforcement.
  • I will report any loss or misplacement of any organization-issued device immediately upon discovery.
  • I will not use my personal laptop, desktop, or mobile device for organizational activities unless specifically approved in writing by my supervisor, security, and Legal.
  • I will use organization-issued laptops, desktops, and mobile devices for organizational activities only — not for personal activities.
  • I will keep my assigned laptop, desktop, and mobile devices up to date with the latest software, patches, and secure configuration — or will verify that the team responsible for these updates is maintaining these devices at least monthly.
  • I will keep strong passwords in place for all laptops, desktops, and mobile devices assigned to me.
  • I will surrender my organization-issued laptop, desktop, or mobile devices immediately upon request by my supervisor, security, or Legal.
  • I will physically secure my organization-issued laptop, desktop, and mobile devices using a cable lock or safe when they are not in my possession.
  • I will use a privacy screen on my organization-issued laptop and mobile device when using the device in the presence of anyone who is not an employee, regardless of location.
  • I will not plug any accessories into my organization-issued laptop, desktop, or mobile device without prior written approval from security and the appropriate technology support team (e.g., IT).
  • I will not connect to any wireless networks or devices (e.g., keyboard, Bluetooth, Wi-Fi) without confirming with my technology and security team that the network or device is not malicious.
  • I will use the biometric security features of organization-issued devices where technically available.
  • I will not install any software on my organization-issued laptop, desktop, or mobile device without written approval from my supervisor, technology support team, and security.
  • I will make sure all software and patches are up to date with the latest from the manufacturer for all laptops, desktops, and mobile devices under my management.
  • I will dispose of any organization-issued laptops, desktops, and mobile devices in accordance with legal retention requirements, data protection requirements, and environmental standards — including confirming all data, information, and software is wiped to NIST standards before physically disposing of, recycling, or donating the device.

Signature Note: I am a huge fan of wet signatures on these types of documents for accountability and investigation reasons. You can add the signature lines below to each rule/policy document, or have a collective wet signature with references in the Security Commitment Agreement document available on the One-Pager library page. Organizational preference.

________________________
Print Full Legal Name

________________________
(Blue Ink) Full Legal Signature
Style of signature must closely match Driver’s License

________________________
Date

🖶 To save or print this policy, use your browser’s Print function (Ctrl+P / Cmd+P) and select “Save as PDF” if needed.