1.1 This policy defines the terms and conditions governing the issuance, acceptable use, security requirements, maintenance responsibilities, and return procedures for company-provided mobile devices, including smartphones and tablets, issued to eligible employees. The Organization provides mobile devices to employees whose roles require regular access to Organization systems, email, or communications while away from their primary workstation. This policy ensures that company-issued devices are used responsibly, securely, and in compliance with the Organization's information security standards and applicable data protection legislation.

1.2 This policy applies to all employees who have been issued a company mobile device, regardless of their role, level, or location. Eligibility for a company mobile device is determined by the employee's manager and approved by the IT department based on the business need for mobile access. Limited personal use of company devices is permitted within reasonable limits as defined in this policy, provided that personal use does not interfere with work responsibilities, does not compromise device security, and does not incur significant additional costs to the Organization.

2.1 All company-issued mobile devices shall be enrolled in the Organization's Mobile Device Management (MDM) platform before they are issued to employees. The MDM platform shall enforce mandatory security policies including device encryption, a minimum 6-digit passcode or biometric authentication, automatic screen lock after 2 minutes of inactivity, remote locate and wipe capability, automatic installation of security patches and software updates, and restrictions on installing unapproved applications. Employees shall not attempt to bypass, disable, or circumvent any security controls enforced by the MDM platform. Any attempt to jailbreak or root a company device is strictly prohibited and constitutes a violation of this policy.

2.2 Employees are responsible for the reasonable care and safekeeping of company-issued mobile devices at all times. This includes protecting devices from physical damage, exposure to extreme temperatures, moisture, and environmental hazards, keeping devices in a secure location when not in use, not lending devices to family members, friends, or other unauthorised persons, using a protective case and screen protector if provided by the Organization, and being aware of surroundings when using devices in public to prevent theft. Any loss, theft, or damage to a company device shall be reported to the IT department within 4 hours of discovery. In the case of theft, the employee shall also file a police report and provide the report number to the IT department.

3.1 Employees shall not use company-issued mobile devices for any purpose while operating a motor vehicle unless a hands-free system such as Bluetooth or a vehicle-integrated system is in use for voice calls only. Texting, emailing, browsing, or any other activity that requires visual attention to the device screen while driving is strictly prohibited, regardless of whether the device is company-issued or personal. Employees who receive calls while driving should allow the call to go to voicemail and return it when safely stopped. Violations of this provision may result in disciplinary action and personal legal liability.

3.2 Company-issued mobile devices remain the property of the Organization and shall be returned to the IT department in good working condition upon the employee's separation from employment, whether voluntary or involuntary, transfer to a role that does not require a company device, request to transition to a personal device under the BYOD policy, or when the device reaches end of life and is being replaced. Devices shall be returned within the employee's last working day in the case of separation, or within 5 business days in the case of role changes. The IT department shall wipe the device of all Organization data before issuing it to a new user or disposing of it. Employees shall be given the opportunity to remove personal data from the device before returning it, provided this is done under IT supervision.

4.1 This policy shall be reviewed at least annually by the IT department in consultation with the HR department, legal counsel, and the information security team. The review shall consider changes in mobile device technology and security capabilities, emerging mobile security threats and vulnerabilities, changes to data protection and privacy legislation, the Organization's mobile device fleet composition and management practices, employee feedback on device use guidelines and restrictions, and industry best practices in mobile device management and security. Proposed amendments shall be approved by the IT Director, HR Director, and Chief Information Security Officer.