Mobile devices and laptops

Mobile devices are widely used by users in the normal course of performing their job functions. The mandatory information security controls that need to be implemented when using a mobile device to access Altus Group’s systems and information are pre-defined by Altus Group. The controls include technological tools and directives that are put in place in order to maintain the security of Altus Group’s systems and information, including Altus Group’s customers’ data, when accessed from mobile devices. 

All Altus Group users that are using a mobile device to access Altus Group systems and information are required to adhere to our mobile device security standard. Many of the mandatory controls detailed in this standard are enforced using technological solutions with minimal or no need for the user to implement discretion. 

The IT Operations teams implement the technological controls to enable the secure and efficient use of mobile devices for business purposes. This includes the implementation of the necessary tools, services, and processes for the day-to-day operations of the IT infrastructure required for mobile device management. 

Altus Group has technical solutions for managing mobile devices that are capable of implementing and enforcing the technical controls as specified in the Altus Group mobile device security standard. Any mobile device used to access Altus Group systems and information that are not publicly accessible is managed by an Altus Group Mobile Device Management (MDM) solution. 

The Altus Group MDM solution can remotely erase the Altus Group information from a device. If the device is an Enterprise Mobile Device, it is completely wiped and restored to its factory default configuration 

Mobile devices that have their operating system or software altered in a way that the device provider does not support are not be permitted to be onboarded on to Altus Group’s MDM solution or to gain access to Altus Group systems and information. This applies to devices that have been “jailbroken” (for iOS devices), “rooted” (for Android devices) or are running custom firmware (“mods”). 

It is the responsibility of users to protect their devices at all times and not leave them unattended in public areas. If the mobile device needs to be left unattended it must be in a locked container such as a drawer or cabinet. 

Any network access from a mobile device to Altus Group systems and information is encrypted using industry standard approved encryption algorithms and protocols. Approved encryption algorithms and protocols are defined in Altus Group’s Information Security Standard. 

Mobile devices are not connected to Altus Group’s internal network, including any Altus Group wireless network that is directly connected to the Altus Group internal network. If mobile devices require access to resources accessible only on Altus Group’s internal network, it is done using an encrypted and authenticated VPN connection and limited to the required resources only. 

Lost or stolen mobile devices are reported to Altus Group’s IT Service Desk as soon as the user learns of that fact – and before notifying the mobile service provider if possible. The IT Support help desk will attempt to remotely erase all business information and applications from the device and immediately disable its access to Altus Group systems.