1
0
mirror of https://github.com/strongdm/comply synced 2024-11-14 03:44:55 +00:00
comply/themes/comply-soc2/policies/workstation.md
2018-05-17 18:28:39 -07:00

1.7 KiB

name: Workstation Policy acronym: WP satisfies: TSC: - CC6.8 majorRevisions:

  • date: Jun 1 2018 comment: Initial document

Purpose and Scope

a. This policy defines best practices to reduce the risk of data loss/exposure through workstations.

a. This policy applies to all employees and contractors. Workstation is defined as the collection of all company-owned and personal devices containing company data.

Policy

a. Workstation devices must meet the following criteria:

i. Operating system must be no more than one generation older than current

i. Device must be encrypted at rest

i. Device must be locked when not in use or when employee leaves the workstation 

i. Workstations must be used for authorized business purposes only 

i. Loss or destruction of devices should be reported immediately 

i. Laptops and desktop devices should run the latest version of antivirus software that has been approved by IT 

a. Desktop & laptop devices

i. Employees will be issued a desktop, laptop, or both by the company, based on their job duties. Contractors will provide their own laptops. 

  i. Desktops and laptops must operate on macOS or Windows.

a. Mobile devices

i. Mobile devices must be operated as defined in the Removable Media Policy, Cloud Storage, and Bring Your Own Device Policy. 

i. Mobile devices must operate on iOS or Android.

i. Company data may only be accessed on mobile devices with Slack and Gmail. 

a. Removable media

i. Removable media must be operated as defined in the Removable Media Policy, Cloud Storage, and Bring Your Own Device Policy. 

i. Removable media is permitted on approved devices as long as it does not conflict with other policies.