THIS IS A SAMPLE! Feel free to use or modify it for your own use! Want a Policies and Procedures Wiki like this? Sign up for a Staff.Wiki trial by clicking here.

Internet of Things

Definitions

Internet of Things (IoT): Refers to network or Internet connected devices such as appliances, thermostats, monitors, sensors, and portable items that can measure, store, and transmit information. The IoT connects billions of devices to the Internet and involves the use of billions of data points, all of which need to be secured.

Data points: A discrete unit of information. Any single fact is a data point. 

Overview 

IoT devices may be business oriented, consumer based, or a hybrid of both. The devices may be company provided or employee owned, such as through a BYOD policy. 

Purpose 

The purpose of this policy is to establish a defined IoT structure to ensure that data and operations are properly secured. IoT devices continue making inroads in the business world; therefore, it is necessary for (^Company^) to have this structure in place. 

Policy Detail 

IoT Device Procurement

IoT devices that are to be used for company operations should be purchased and installed by IT personnel.

Employee-owned IoT devices used for business purposes must be used in accordance with Policy 16, Personal Device Acceptable Use and Security (BYOD).

The use of all IoT devices, whether company provided, or employee owned, should be requested via Addendum A, IoT Device Usage Request Form and submitted to the IT department for approval. Only manager level employees and above may request the usage and/or procurement of IoT devices.

The IT department is responsible for identifying compatible platforms, purchasing equipment, and supporting organization provided and authorized IoT devices.

Cybersecurity Risks and Privacy Risk Considerations

It is important for (^Company^) to understand the use of IoT because many IoT devices affect cybersecurity and privacy risks differently than IT devices do. Being aware of the existing IoT usage and possible future usage will assist (^Company^) in understanding how the characteristics of IoT affect managing cybersecurity and privacy risks, especially in terms of risk response.

It is important for (^Company^) to manage cybersecurity and privacy risk for IoT devices versus conventional IT devices, determining how those risk considerations might impact risk management in general, risk response and particularly mitigation, and identifying basic cybersecurity and privacy controls (^Company^) may want to consider, adapt, and potentially include in requirements when acquiring IoT devices. The IoT Risk 

Management Guide contains insight as to the differences in risk between conventional IT devices and IoT devices. This document resides in the IT document storage area.

Want a Policies & Procedures Wiki like this? Sign up and try Staff.Wiki by clicking here.

Next Topic:
© Copyright 2024 WorkflowFirst Software LLC
v6.0.0.14094
Up Since 5/7/2024 10:53:17 PM