VIVA XPRESS LOGISTICS (Belgium) SA/NV - Mobile device Security Policy

1. Introduction

Mobile devices, such as smartphones and tablet computers, are important tools for the organization and their use is supported to achieve business goals.

However mobile devices also represent a significant risk to information security and data security as, if the appropriate security applications and procedures are not applied, they can be a conduit for unauthorised access to the organization’s data and IT infrastructure. This can subsequently lead to data leakage and system infection.

VIVA XPRESS LOGISTICS (Belgium) SA/NV has a requirement to protect its information assets in order to safeguard its customers, intellectual property and reputation. This document outlines a set of practices and requirements for the safe use of mobile devices.

2. Scope

All mobile devices (whether owned by VIVA XPRESS LOGISTICS (Belgium) SA/NV, owned by its employees or by its agents and/or its sub-contractors) that have access to corporate networks, data and systems, not including corporate IT-managed laptops. This includes smartphones and tablet computers.

Exemptions: Where there is a business need to be exempted from this policy (too costly, too complex, adversely impacting other business requirements) a risk assessment must be conducted being authorized by the security management of VIVA XPRESS LOGISTICS (Belgium) SA/NV.

3. Policy

3.1. Technical Requirements

- Devices must use the following Operating Systems: Android 2.2 or later;

- Devices must store all user-saved passwords in an encrypted password store;

- Devices must be configured with a secure password that complies with the password policy of VIVA XPRESS LOGISTICS (Belgium) SA/NV. This password must not be the same as any other credentials used within the organization.

With the exception of those devices managed by VIVA XPRESS LOGISTICS (Belgium) SA/NV, devices are not allowed to be connected directly to the internal corporate network.

3.2. User Requirements

- User must only load data essential to their role onto their mobile device(s);

- User must report immediately any lost or stolen devices to VIVA XPRESS LOGISTICS (Belgium) SA/NV;

- If a user suspects that unauthorized access to company data has taken place via a mobile device, the user must report the incident in alignment with the incident handling process of VIVA XPRESS LOGISTICS (Belgium) SA/NV

- Devices must not be jailbroken (To jailbreak a mobile device is to remove the limitations imposed by the manufacturer. This gives access to the operating system, thereby unlocking all its features and enabling the installation of unauthorised software) or have any software / firmware installed which is designed to gain access to functionality not intended to be exposed to the user.

- User must not load pirated software or illegal content onto their device.

- Applications must only be installed from official platform-owner approved sources. Installation of code from untrusted sources is forbidden. If the user is unsure if an application is from an approved source he should contact VIVA XPRESS LOGISTICS (Belgium) SA/NV.

- Devices must be kept up to date with manufacturer or network provided patches. As a minimum patches should be checked for weekly and applied at least once a month.

- Devices must not be connected to a computer which does not have up-to-date and enabled anti-malware protection and which does not comply with the corporate policy of VIVA XPRESS LOGISTICS (Belgium) SA/NV.

- Devices must be encrypted in line with the compliance standards of VIVA XPRESS LOGISTICS (Belgium) SA/NV.

- User must be cautious about the merging of personal and work email accounts on their devices. The user must take particular care to ensure that company data of of VIVA XPRESS LOGISTICS (Belgium) SA/NV is only sent through the corporate email system. If a user suspects that company data has been sent from a personal email account, either in body text or as an attachment, he must notify VIVA XPRESS LOGISTICS (Belgium) SA/NV immediately.

- The user accepts that the use of the application “ORBITRAX.MOB” and ONLY when this application is in used, allows VIVA XPRESS LOGISTICS (Belgium) SA/NV to know his geo-location and some information from the smartphone to be used only for business purposes.