S 2.36 Orderly issue and retrieval of a portable (laptop) PC

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrator, IT users

When issuing and recovering a portable PC, the following points must be borne in mind:

Issue:

• The requirement for using a portable PC for professional purposes should be verified beforehand.

• A new user will, at the time of issue, be immediately requested to change the previous password of the portable PC or to alter the standard password.

• A new user will be provided with a leaflet on the secure handling of a laptop PC (optional).

• The name, organisational unit, telephone number, operational requirement of the new user will be entered in the issue/retrieval daybook.

Retrieval or passing-on

• The user will communicate his last password, or will set up a standard password such as "LAPTOP".

• The completeness of the equipment, accessories and documentation is to be ensured.

• Before hand-over, users must ensure that the data still required by them are transferred to data media accessible by them (e.g. personal PC). In addition, users must ensure that all files and data generated by them are deleted (preferably physically).

• The recipient must check the laptop PC for infection by computer viruses by means of an up-to-date virus detection program.

• Return of the laptop PC, including the findings of the virus scan, must be documented.

• Returned floppy disks must be re-formatted. When formatting DOS data media, it should be ensured that the parameter /U is used (contained in DOS 6.2 so that the formatting cannot be undone using the command unformat.

Additional controls:

• Is passing-on of laptop PCs to colleagues being documented?

• Are the pertinent security measures being complied with?