S 2.190 Setting up a mobile phone pool

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

Setting up a mobile phone pool

If numerous mobile phones are used in a government agency and/or company and if the users change frequently, it may be appropriate to store the temporarily unused mobile phones in a pooled storage facility (pool).

For all mobile phones, power supply must be ensured so that the rechargeable batteries of these devices allow immediate use. Here, it must be taken into account that a rechargeable battery discharges over the course of time if it is not used. If the mobile phones are frequently used over extended periods of time, additional backup rechargeable batteries should be held available.

Note: The chargers should be assigned unambiguously to the mobile phones in an easily discernible manner. The chargers resemble each other very much, but unfortunately are not interchangeable in most cases.

Additionally, the return and issue of the mobile phones must be documented so that it can be tracked at any time which devices are used by whom. Every user should be documented in the issue journal with the name, the organisation unit, the data, and the time.

The following items must be taken into consideration additionally when issuing and retrieving mobile phones:

Issue:

• The new user is provided with all necessary PINs and passwords for using the mobile phone. If these are changed to self-defined values, the new values must be documented when returning the device.
• Furthermore, the new user is provided with the telephone number of the mobile phone.
• The new user is provided with a leaflet regarding the secure handling of the mobile phone. The user should furthermore be provided with the operating instructions of the mobile phone. Along with normal telephone operations, the user should above all be able to interpret possible warnings (such as pictograms on the display).
• The mobile phone should be issued in a charged condition and together with the matching charger. If the mobile phone is to be used for extended periods of time, a charged backup rechargeable battery should also be issued.

Retrieval and/or forwarding:

• The user discloses the most recently used PINs and passwords. It must be checked whether these are correct. They must be documented (and stored securely).
• The completeness of the device, the accessories, and the documentation must be verified. The device should be checked for faults.
• The user must ensure that all data still required by the user is transferred to data media accessible to him/her (e.g. his/her PC) before returning the device. Furthermore, the user must ensure that all data he/she generated (e.g. telephone numbers) is deleted.
• The most recently called telephone numbers are stored to the telephone numbers memory of the mobile phone. The telephone numbers of the most recent callers are also stored if the calling line identification protocol is available and enabled. These should be deleted before changing user. Furthermore, telephone books both on the mobile phone and on the SIM card may contain telephone numbers. Personal telephone numbers should also be deleted before forwarding the device. The telephone numbers important for official communication should be continuously available to all users.
• Furthermore, short messages, faxes, or emails may be stored to the mobile phone and/or on the SIM card. These should be deleted before forwarding as well.