Mobile Device and Remote Work Policy

Version: 1.1
Status: Approved
Last modified: April 2025
Next Review Date: October 2025

ISO Statement

oboloo is actively aligning with ISO/IEC 27001:2022 and has implemented this Mobile Device and Remote Work Policy to address Annex A controls related to secure mobile access (A.6.2) and teleworking (A.6.3).

Purpose

To define the security requirements for employees and contractors using mobile devices and remote connections to access oboloo systems and data.

Scope

This policy applies to all personnel accessing oboloo data or services using:

  • Laptops, smartphones, or tablets

  • Remote connections from home, coworking spaces, or public networks

  • Any non-oboloo-managed device used to interact with corporate systems

Mobile Device Requirements

  • Devices must use full-disk encryption

  • Device auto-lock must be enabled (5 min max idle timeout)

  • Screen lock PIN/password is required

  • Mobile operating systems must be kept up to date

  • Antivirus or endpoint protection must be installed where supported

Remote Work Requirements

  • Remote access to client data, servers and internal systems must be through a VPN or secure tunnel

  • MFA is required to access oboloo systems

  • Public Wi-Fi use must be protected via VPN

  • No sensitive data may be downloaded to personal devices

  • Users must not share devices with unauthorised individuals

Device Ownership and BYOD

  • Personally-owned devices may only be used with approval and must meet the same security requirements

  • Company-managed devices are pre-configured with endpoint protections and MDM policies

Enforcement

Non-compliance may result in access revocation or disciplinary action. Devices found to be non-compliant may be remotely wiped in the event of theft, loss, or termination.

ISO/IEC 27001 Annex A Mapping

Policy Section ISO/IEC 27001 Control Ref Description
Mobile Device Security
A.6.2
Controls for mobile device use
Teleworking
A.6.3
Remote working security guidelines

Review and Update of the Methodology

Bi-Annual Review: This policy is reviewed every six months to reflect changes in mobile platforms, remote access tools, and regulatory expectations.

Document Control

Version: 1.1
Date: April 2025
Description: New policy aligned to ISO/IEC 27001 Annex A.6.2 and A.6.3