Employment Home
Equal Employment Opportunity
Examination and Certification
Pre-Employment Reviews
Drug-Free Workplace
Appointment
Compensation
Employee Benefits and Insurance
Leave Administration
Work Schedules
Training
Travel/Relocation
Employee Recognition
Employee Relations
Retirement
Layoff
Position Control and Employee Files
Risk Mgt/Health and Safety

Information Technology Home
IT Management
Data Management
Web
Security

Finance Home
Cash and Deposits
Receivables and Revenues
Fixed Assets
Relief of Accountability
Payables and Expenses
Other Liabilities/Debt
Fund Balance/Retained Earnings
Budget and Appropriations
Miscellaneous

Other Home

Mobile Device Security Policy Information

Section:

Information Technology

Subsection:

Security

Authorized By
Navdeep S. Gill, County Executive

Revision History

Revised: 08/2018
Established: 08/2008

Contact

Policy and Compliance Administrator
Department of Personnel Services
Email: AskDPS@saccounty.gov

7-3300: Mobile Device Security

Purpose

The use of mobile devices, such as laptops, tablets, and smart phones, has a positive effect on many County services but increases security risk to the County. The County could suffer severe consequences if a laptop or other mobile device containing confidential, sensitive, or personal information, as defined in the Sacramento County Electronic Data Access Policy, is lost or stolen.

This policy defines the responsibilities of the County of Sacramento departments and agencies for equipping their mobile devices with a level of security that minimizes the risk of confidential, sensitive, or personal data being disclosed through the loss or theft of a device.

Authority

Chief Information Officer

Scope

This policy applies to all County-owned mobile devices including, without limitation laptops, notebooks, tablets, and smart phones.

Policy

A. All County-owned laptops and notebooks must have automatic full disk encryption that does not require user intervention nor allow a user choice to bypass the encryption requirement.

B. Encryption must meet Department of Technology approved encryption standards documented in the Countywide IT Standards.

C. All County owned tablets and smart phones must have the County standard mobile device management system installed so that all of its data can be remotely erased if it lost, stolen, or no longer in use.

D. County-owned mobile devices must be configured to lock automatically if unattended for more than the department-specified network timeout period or after 15 minutes if the department does not have a specified network timeout period.

E. Departments who in the course of County business must place confidential, sensitive, or personal information on County-owned mobile devices implicitly accept the risks involved and impact to the affected persons/entities in the event of actual or suspected loss or disclosure of the information.

F. Any actual or suspected disclosure of confidential, sensitive, or personal information from a lost or stolen mobile device must be reported immediately as a security incident to the County IT Service Desk.

References

Electronic Data Access Policy

Section 1: Introduction

Section 2: Employee Code of Conduct

Section 3: Emergency Operations

Section 4: Clerk of the Board

Section 5: Employment

Section 6: Information Technology

Section 7: Finance

Section 8: General Services

Section 9: Other