:Approved by

<date of approval > Abdulltatif Galadari

Information Technology Director
Document review and approval
Revision history
Version Author Date Revision
1.0 Somaya AlWejdani th
24 April 2014 Document Created
Reviewed the document and formatted the
1.1 Somaya AlWejdani 5th May 2014 template
Review and Update the document with IT
1.2 Somaya AlWejdani 18th June 2014 team at FEWA
1.3 Somaya AlWejdani 21st July 2014 Review and Update
Abhinav Reviewed & Updated
1.4 Srinivasaraghavan 23rd Nov 2014
1.5 Sreelakshmi Nasaka 02 Feb 2015 Reviewed & Updated
Abhinav Reviewed & Updated
1.6 Srinivasaraghavan 2nd Feb 2015
Abhinav Reviewed & Updated
1.7 Srinivasaraghavan 5th Feb 2015
Abhinav Revised
1.8 Srinivasaraghavan 1st March 2015
Abhinav Final
1.9 Srinivasaraghavan th
16 May 2015
1.10 Huda Al Hammadi 16th- June-2016 Revised and Final

This document has been approved by

Version Name Signature Date reviewed
1.10 16th- June-2016
Abdulltatif Galadari

Internal FEWA
Version 1.10
2
Table of Contents
1 PURPOSE.................................................................................................................................... 4
2 SCOPE........................................................................................................................................ 4
3 DEFINITIONS & ABBREVIATIONS................................................................................................. 4
4 ROLES AND RESPONSIBILITIES..................................................................................................... 4
5 POLICY....................................................................................................................................... 5
5.1 ACCEPTABLE USE & REIMBURSEMENT...................................................................................................5
5.2 DEVICES AND SUPPORT.......................................................................................................................5
5.3 SECURITY......................................................................................................................................... 6
5.4 RISKS/LIABILITIES/DISCLAIMERS............................................................................................................6
6 COMPLIANCE............................................................................................................................. 7
7 RELATED DOCUMENTS................................................................................................................ 7

1 Purpose

FEWA grants its employees the privilege of using smartphones and tablets of their choosing at
work for their convenience to process FEWAs information resources. FEWA reserves the right
to revoke this privilege if users do not abide by the policies and procedures outlined below.

This policy is intended to protect the security and integrity of FEWAs data and technology
infrastructure and services offered to the end users on their personal mobile devices.

FEWA employees must agree to the terms and conditions set forth in this policy in order to be
able to connect their devices to the company network and process FEWAs information
resources.

Internal FEWA
Version 1.10
3
2 Scope

This policy applies to all FEWA employees, contractors, consultants and temporary staff
hereafter referred to as users.

3 Definitions & Abbreviations

Term Definition
Antivirus Software that is designed to detect and destroy computer viruses
A jail broken device will allow you to run third party programs and
Jail other code, and to do things like tether your iOS phone or use it as a
broken/rooted Wi-Fi hotspot for Internet access on your laptop or other devices. For
Android devices, jail breaking is commonly referred to as rooting
Reimburse Repay
When a mobile phone moves out of its network region and attaches to
Roaming
different networks in order to resume service
Unauthorized Viewing private accounts, messages, files or resources when one has
Access not been given permission from the owner to do so.

4 Roles and Responsibilities

Role Responsibilities
Ensure the complete implementation and enforcement of this policy
CISO
on the users
IT Support Ensure following up user requests and provide necessary support
User/FEWA
Comply to this policy
Employee

5 Policy

5.1 Acceptable Use & Reimbursement

5.1.1. FEWA defines acceptable business use as activities that directly or indirectly support the
business of FEWA.
5.1.2. Employees should register their personally owned mobiles devices with the IT
department before accessing FEWA corporate network. FEWA must have a process in
place to enable registration of mobile devices. The following security measures should
be implemented:

Internal FEWA
Version 1.10
4
 a) Separation of personal and business use of the devices, including using software to
support such separation and protect business data on the personal device;
b) Providing access to business information only after users have signed an end user
agreement acknowledging their duties (physical protection, software updating, etc.),
waiving ownership of business data, allowing remote wiping of data by FEWA in case of
theft or loss of the device or when the user is no longer authorized to use the service.
5.1.3. Employees may use their mobile devices to access the following FEWA-owned
resources:
a) FEWA E-mail
b) Calendar
c) Contacts
5.1.4. FEWA will not reimburse the employee for the following charges: roaming, plan
overages, etc.
5.1.5. As per the Acceptable Use Policy, employees shall not store any of FEWAs information
on private media without prior authorization.

5.2 Devices and Support

5.2.1. Users with smartphones and tablets supporting different operating systems such as and
not limited to: Android, iOS, Windows, Blackberry etc. will be able to benefit from the
services provided by FEWA service.
5.2.2. Connectivity issues are purely managed and maintained by users; users should contact
the device manufacturer or their carrier for operating system or hardware-related
issues.
5.2.3. All devices shall be tested by the IT Support in FEWA before allowing employees to run
FEWA services on them to ensure the following controls and measures are in place:

Internal FEWA
Version 1.10
5
 a) Antivirus application/software is installed, activated and updated on the device. If not
the user must ensure to have an approved by IT Support antivirus application/software
downloaded and installed on the device.

b) Complex password and screen lock facility is activated on the device as per the
guidelines explained in the User Password Policy and Acceptable Use Policy.

c) Ensure that the device is not jail broken or rooted.

5.2.4. FEWA has the right to hold employee devices running FEWA services as evidence for
digital forensic analysis/requirements as required..

5.3 Security

5.3.1. In order to prevent unauthorized access, devices must be password protected using the
features of the device and a strong password is required to access FEWAs network and
services. Passwords shall be activated as per the User Password Policy.
5.3.2. Restrict Cconnection to FEWA information services via mobile devices shall be provided
on a need to know basis.
5.3.3. Rooted or jail broken devices are strictly forbidden from accessing the network or any of
FEWA services.
5.3.4. IT will not support or fix smartphones and tablets that are not supporting the operation
of FEWA services.
5.3.5. Employees FEWA services accounts may be disabled if:
a) device is lost;
b) an employee voliate or breach the FEWA information security policies.
c) anthe employee terminates his or her employment.
d) an employee reported absconding by HR Department.

Internal FEWA
Version 1.10
6
5.3.6. Employees shall follow precautions included in Teleworking Policy in FEWA while using
FEWA services from home or while travelling.

5.4 Risks/Liabilities/Disclaimers

5.4.1. It is the employees responsibility to back up their data processed within the FEWA
services in order to take precautions and prevent their data from being lost or leaked.
5.4.2. FEWA reserves the right to disconnect devices or disable services of the FEWA services
without notification.
5.4.3. FEWA is not responsible of the lost or stolen devices that operate the FEWA services.
5.4.4. The employee is expected to use his or her devices in an ethical manner at all times and
adhere to the companys Acceptable Use Policy and this Policy.
5.4.5. The employee is personally liable for all costs associated with his/her device.
5.4.6. The employee assumes full liability for risks including, but not limited to, the partial or
complete loss of FEWA and personal data due to an operating system crash, errors,
bugs, viruses, malware, and/or other software or hardware failures, or programming
errors that render the device unusable.
5.4.7. No FEWA services shall be activated on any device unless an updated and approved
antivirus application/software is activated on that device. It is the responsibility of the IT
Support representative to ensure the same as per 5.2.3 a) in this policy.

6 Compliance

All users shall comply with this policy. In case of breach/violation to this policy, the user shall be
subjected to investigation and disciplinary action supervised by HR. HR disciplinary actions and
procedures apply. Violations shall be notified directly to IT Support and HR.
Strict confidentiality shall be maintained on all notified violations.

7 Related Documents

FEWA_ISMS_Acceptable Use Policy

FEWA_ISMS_User Password Policy
FEWA_ISMS_Teleworking Policy

Internal FEWA
Version 1.10
7