INSERT YOUR LOGO HERE
The Use of Portable Computer Devices, Mobile Phones and
Removable Media
Introduction
The Practice recognises that the use of portable computer devices and removable media
which help staff in the performance of their duties is becoming more widespread. This
guidance aims to support staff who use these devices by ensuring they are aware of
information and security issues.
Definitions:
Portable Computer Devices – this includes Practice supported laptops, notebooks, tablet
computers, PDA’s (personal digital assistants) and mobile phones.
Removable Data Storage Media – this includes any physical item that can be used to store
and/ or move information and requires another device to access it. For example, CD, DVD,
floppy disc, tape, or digital storage devices (flash memory cards, USB disc keys, and
portable hard drives). Essentially anything you can copy, save and/or write data to which can
then be taken away and restored on another computer.
Practice supported – this includes portable computer devices and removable data storage
media purchased or authorised by [Insert Practice name]. It does not include any devices
brought into the Practice from a previous organisation or anything bought without prior
authorisation by IT services.
Scope
This guidance applies to all Practice staff including temporary staff and volunteers.
Only authorised staff should have access to portable computer devices and digital storage
devices such as flash cards, USB disc keys and portable hard drives.
Any member of staff allowing access to any unauthorised person deliberately or
inadvertently may be subject to disciplinary action.
Staff should not use their own (or unauthorised) portable device or digital storage device for
Practice business.
Users should also be aware of the Home working and Remote Access guidelines.
Use of Portable Computer Devices
DO …



Complete an asset control form (see Appendix A) for portable devices received.
Store portable equipment securely when not in use on site
Store portable equipment securely when not in use off site
Computer devices and removable media
Page 1 of 5
Version 1.0 Jan 2007
INSERT YOUR LOGO HERE

















Security mark portable equipment with a UV pen
Install a BIOS password, where possible
Ensure files containing personal or confidential data are adequately protected e.g.
encrypted
Ensure that PDA’s are configured so that they lock after a maximum period of 5 minutes
inactivity. Once locked the PDA should be set to require password authentication to
resume use.
Install password protected screensavers on laptops
Use anti-virus software
Regularly update anti-virus software
Virus check floppy disks prior to use
Regular backups of the data stored on the portable equipment
Ensure a nominated person is responsible for each portable equipment
Maintain a register where portable equipment is used in a pool to enable identification of
current user
Obtain authorisation prior to the removal of portable equipment from the premises
Be aware that software and any data files created by staff on Practice portable computer
devices are the property of the Practice
Report immediately any stolen portable equipment to the police and line manager
(failure to report a stolen mobile phone could result in significant charges)
Be aware that the security of your portable computer device is your responsibility and
you should check your home and car insurance policies to ensure they cover for
business use
Ensure that when portable devices are required to be disposed of / re-issued the
disposal procedures in Appendix B are followed.
Ensure that portable devices are returned to the Practice if you are leaving employment
DO NOT …












Use your own portable computer device or digital storage device such as flash cards,
USB sticks and portable hard drives) for Practice business unless authorised by IT
Services.
Leave portable equipment in places where a thief can easily steal them
Leave portable equipment visible in the car when traveling between locations
Leave portable equipment in an unattended car
Leave portable equipment unattended in a public place
Install unauthorised software or download software / data from the internet
Disable the virus protection software
Use portable computer devices outside the Practice premises without authorisation
Allow unauthorised personnel/friends/relatives to use portable equipment in your charge
Delay in reporting lost or stolen equipment,
Attach unauthorised equipment to the network
Remove person identifiable information off site without authorisation from your Line
Manager
Computer devices and removable media
Page 2 of 5
Version 1.0 Jan 2007
INSERT YOUR LOGO HERE
Appendix A:
Portable Equipment - Asset control
Asset Control
This is an auditable record of portable equipment currently on the
(Practice Name)………………………………….assets register.
Short description of asset: ……………………………………………………………..
Asset number: …………………………….… Mobile Number ………………………
Date entered register: …………..................
Indelibly marked to indicate property of PCT/ Practice:
YES
/
NO
Allocated to: (Named person)…………………………….………………………….
Located at: ……………………………………………………………..………………..
DECLARATION
I (print)………………………………………………………….. agreed and understood
the Physical & Environmental Security – User Procedures and the Use of
Portable Computer Devices, Mobile Phones & Removable Media Guidelines.
I understand that it is my responsibility to report immediately any theft, loss,
damage or misuse of the above asset.
Failure to do so could incur disciplinary action or financial penalties.
Signed: ……………………………………….. Dated: …………………………..
Computer devices and removable media
Page 3 of 5
Version 1.0 Jan 2007
INSERT YOUR LOGO HERE
Appendix B – Disposal / Re-issue of Practice Owned Portable Devices
When an item requires disposal or is no longer required i.e. a person is leaving employment
then the following procedures should be followed:
Floppy Disks/ CD-Rom/ Tapes
These items should be re-used/ destroyed locally. If the items contain sensitive or
confidential information this must be removed before re-issue or if requiring disposal they
should be shredded / incinerated.
Laptops, USB sticks, PDA’s etc:
These items can be re-issued within a Practice but the asset register must be updated
accordingly and any sensitive / confidential information removed. If the item is no longer
required then it should be disposed of correctly and a ‘Disposal of Portable Asset’ form
should be completed- see Appendix C. (Please do not send items through the post).
Computer devices and removable media
Page 4 of 5
Version 1.0 Jan 2007
INSERT YOUR LOGO HERE
Appendix C: Disposal of Portable Asset
DISPOSAL OF PORTABLE ASSET FROM REGISTER
This is an auditable record of portable equipment to be removed from
(Practice name):
……………………..……………………………………….….… assets register.
Short description of asset: ……………………………………………..
Asset number: …………………………….… Mobile Number ………………………
Date entered register: …………..................
Removed from register date: ………………….
Indelibly marked to indicate property of PCT/ Practice:
YES
/
NO
Allocated to: (Named person): …………………………….………………………….
Located at: ……………………………………………………………..………………..
DECLARATION
The above asset has been removed from the asset register and has been disposed of
in accordance with the Practice procedures
Signed: ……………………………………….. Dated: …………………….…………..
Print Name: ……………………………………Based at ……………………….……..
Computer devices and removable media
Page 5 of 5
Version 1.0 Jan 2007