IT Governance Infrastructure StrategyUser and Device Approval Matrix

Process for User and Device Approval Use is mandatory to meet compliance mandates for privacy, security, and protection of proprietary data

With the extensive use of BYOD devices, Internet access to proprietary and confidential data, rules need to be established for how users access data. "World Class" organization have a defined approval process. Even with that there are limitations that need to be understood.

Below is a table that has been extracted from one of Janco's Infrastructure offerings. This matrix can be used as starting point in creating the rules that are applied within a company.

Set the rules for user and device usage across the organization


Device / Location

Approved

Limitations

Enterprise Device

Use the enterprise device to conduct enterprise business. This allows for the device to be backup, comply with the records management retention and destruction policy and to be included in all DRP and BCP processes.  This also meets all security and mandated government and industry requirements.

Do not use for any personal or non-business related purpose.  All data that resides on enterprise devices is (and becomes) the property of the enterprise.  All information is confidential and sensitive and should not be distributed outside of the enterprise with the expressed authorization of the enterprise.

Enterprise
approved
BYOD

Use the enterprise device to conduct enterprise business. This allows for the device to be backup, comply with the records management retention and destruction policy and to be included in all DRP and BCP processes.  This also meets all security and mandated government and industry requirements. This also means the BYOD meets all security and mandated government and industry requirements.

Limit access to BYOD device to only authorized and approved users.  No games or installation of applications which could be the device and the data contained on it at risk.

Enterprise
e-mail

Use the enterprise email account to conduct enterprise business. This allows for the device to be backup, comply with the records management retention and destruction policy and to be included in all DRP and BCP processes.  This also meets all security and mandated government and industry requirements.

Do not conduct any personal business on the enterprise email account.  Never open unknown attachment or reply to anyone unknown to you.

Enterprise
Cloud Storage

Use enterprise cloud storage to access enterprise information

Do not store personal information on enterprise cloud storage.

Personal
Cloud Storage

For personal use only

Never store enterprise information on personal cloud storage

© Copyright - Janco Associates, Inc. - ALL RIGHTS RESERVED

This matrix can be helping to implement the IT Governance process for an enterprise.

Read on IT Governance Infrastructure StrategyOrderIT Governance Infrastructure StrategyDownload Selected PagesIT Governance Infrastructure Strategy