Endpoint / Mobile Security

Endpoint Security Policy

1. Users shall shutdown, logout or lock workstations when leaving them for any length of time.

2. It is recommended that workstations and laptops be restarted at minimum once every two weeks. 15.3. Workstations and laptops shall adhere to Virus and Malware Protection Policy

3. Define and implement endpoint build standards that include, at a minimum, the following:

   1. Defined configurations based on industry best practice.

   2. Authorized software

   3. Anti-virus/anti-malware

   4. Web Filtering/Cloud Access Security Broker (CASB)

   5. Workstation access to the Internet shall be controlled based on assigned or departmental role.

Mobile Computing Policy

1. Ensure appropriate controls are in place to mitigate risks to protected information from mobile computing and remote working environments.

2. Data loss prevention processes and tools shall be implemented to identify and/or prevent data loss.

3. InnoSpark.ai data shall be removed from employee owned mobile devices within the timelines defined in termination policies.

4. Use of personally owned devices shall comply to acceptable use and information security policies if used to access Personal Data, PII or SCI data.

5. Devices owned by personnel shall never be used to access customer data, unless appropriate monitored controls, approved by Information Security, have been implemented.

6. Devices owned by personnel or authorized parties are not allowed to connect to corporate or production networks.

7. Employee owned mobile devices shall have the ability to connect to a network separate from the guest network, where feasible.