S 6.72 Precautions relating to mobile phone failures
Initiation responsibility: Head of IT, IT Security Officer
Implementation responsibility: User
A mobile phone may fail or be disturbed in its functionality for different reasons. This is of course particularly annoying if the device is urgently required or it results in a loss of data. Therefore, corresponding precautions should be taken from the first in order to prevent a failure and/or minimise the problems.
The state of charge and the functionality of the mobile phone's rechargeable battery should be checked regularly (see also S 4.115 Safeguarding the power supply of mobile phones).
All data stored on the mobile phone such as telephone book entries, messages, etc. should be backed up to another medium at regular intervals so that it can be recovered if need be. There are several possibilities:
- The most important settings such as PINs and the configuration of security mechanisms should be documented in writing and kept securely in accordance with their protection requirements.
- All data stored on the SIM card, i.e. telephone books, for example, can be read into a PC using a SIM card reader and the corresponding software and administrated on that PC. Furthermore, this provides the advantage of easier maintenance of the address data on the PC and easier synchronisation of the address data with other address databases. Especially when using several mobile phones (see also S 2.190 Setting up a mobile phone pool), synchronising the telephone books this way makes sense. If only the data contained on the SIM card is backed up, all users must be made aware that they should only store telephone numbers and such like on the SIM card.
- The mobile phone may also be connected to another IT system, e.g. a notebook or an organiser, and the data to be backed up can be exchanged this way (see also S 5.81 Secure transmission of data over mobile phones). Here, both the data stored on the SIM card and the data stored in the device can be backed up.
If a mobile phone must be available continuously, a backup mobile phone, but at least a backup rechargeable battery should be taken along.
If mobile phones are used within the framework of alarm processes, i.e. if the intrusion detection system issues alarm messages using GSM or if emergency personnel is to be notified using mobile phones, a fallback procedure must always be provided for.
Repair
With a mobile phone, the entire device or only individual components may be faulty. The repair should only be performed by trustworthy specialised companies. For this reason, there should be an overview of corresponding specialised companies.
Many dealers offer replacement devices for the duration of the repair work. For fast-paced devices such as mobile phones, repair is often not worthwhile, and so an alternate device sometimes is offered. Since a mobile phone especially should be available continuously, only mobile phones and/or dealers offering such services should be selected.
Before the mobile phone is handed over for repair, all personal data should be deleted from the device, i.e. the list of incoming and outgoing calls, stored emails, and the telephone book (see also S 2.4 Maintenance / repair regulations), to the extent this is still possible. The data should be backed up in advance, of course. Furthermore, the SIM card should be removed.
Review questions:
- Is the data stored on mobile phones backed up to another medium at regular intervals?
- Is all confidential data deleted from the mobile phone before any repair work (and backed up in advance)?