Devices: Computers Policy
Last updated : January 14, 2022
This policy is will be effective from Monday 17 January 2022
To see prior version, please click here.
Estimate Reading Time : 4 minutes
This policy defines acceptable methods for disaster recovery planning, preparedness, management, and mitigation of IT systems and services of any information system on behalf of PT. Mandiri Tunggal Sejahtera Berkarya/ MTS Group Holding, LLC. (“Company“, “We“, “Our“, “Us“).
Reason for Policy
To provide our customers information detailing the ITS on devices.
Entities Affected by this Policy
PT. Mandiri Tunggal Sejahtera Berkarya/ MTS Group Holding, LLC.
Who Should Read this Policy
All individuals responsible for configuring, maintaining, and monitoring information systems on the Company. Individuals may include Company department, staff, vendors, contractors, or managed service providers.
Web Address of this Policy
1. Supported computers
Supported computers are devices used by an individual (e.g., laptop, desktop, etc.) that are inventoried (“tagged”) by ITS in order to connect to the Company network.
1.01 Security for Supported Computers
Given the amount of data that can be stored on an individual’s computer, security and management of the computer is paramount. ITS has developed a set of common standards and practices that must be adhered to when connecting any computer to the Company network.
1.02 Minimum Security Requirements
Supported computers on the Company network must adhere to the following minimum security requirements:
- Installation of the ITS computer management software
- Installation of the ITS encryption software (in accordance with ITS policy 1.06 – Device Encryption)
- Installation of the ITS anti-virus/anti-malware software
- Use of a Company PSAID when logging-in to a Windows computer
- Use of a strong, complex password when logging-in to a Mac OS computer (in accordance with ITS policy 1.15 – Password Policy and Guidelines)
- Installation of critical security updates released by Microsoft or Apple
- Use of applications which still receive security updates released by the vendor
- Local administrator accounts will be renamed, disabled, or secured with a strong, complex password
- Services typically found on a server should not be installed on an individual’s computer (e.g., web hosting services, routing or networking, etc.)
1.03 Administrative Access
Individuals with administrative access to their computers significantly increases the risk of infection from malware. Unless absolutely necessary, users should have ‘standard’ or non-privileged access to their computers.
2. Non-supported Computers
Non-supported computers are devices used by an individual (e.g., laptop, desktop, etc.) that are not inventoried (“un-tagged”) and not managed by ITS that may be used to connect to the Company network or store Company data.
2.01 Security for Non-supported Computers
Non-supported computers must meet similar security requirements as tagged and managed computers. Given the amount of data that can be stored on an individual’s computer and the risk an unmanaged device can pose to the Company network, security of the computer is paramount. The following set of common standards and best practices must be adhered to for non-supported computers.
2.02 Minimum Security Requirements
Non-supported computers on the WCM network must adhere to the following minimum security requirements:
- Use of a modern operating system that regularly receive security updates from the manufacturer (e.g., no Windows XP, Windows 7, Windows 8, macOS Sierra, OS X El Capitan, OS X Yosemite, etc.)
- Installation of an anti-virus or anti-malware product that is current with definition or software updates
- Windows 10 users may enable the built-in virus and threat protection in Windows Security
- Many third-party products are available such as Norton, McAfee, or Sophos, among others. Your internet service provider may even provide these products at low or no additional cost.
- Installation of a host-based firewall product that is enabled and blocking uncommon connections
- Windows 10 users may enable the built-in firewall in Windows Security
- macOS users may enable the built-in firewall in System Preferences
- User accounts must be unique to the individual affiliated with Company and configured with a strong password or passphrase
- Individuals in a household that share the same computer must not have access to Company data, applications, or services
- Critical security updates released by Microsoft or Apple must be installed
2.03 User Responsibilities
Individuals using a non-supported computer to access the Company network are expected to comply with the above requirements and also complete the High Risk Attestation annually. Devices being used for long-term work purposes—including long-term storage of Company data—should be tagged and encrypted by ITS in accordance with ITS policy 1.06 – Device Encryption.
2.04 Long-term Support for Non-supported Computers
ITS continually evaluates the risk of allowing non-supported computers to connect to the campus network and is balancing this need based on the availability of critical services and applications. In the future, non-supported computers may be limited in their ability to connect to the Company network using remote access services such as VPN.
3. Non-standard Operating Systems
Computers connected to the Company network that are not running an ITS standard operating system must adhere to the minimum security requirements identified above to the extent possible. Individuals with Linux-based devices, including Chromebooks, should limit access to web-based applications and services, only.