Portable and Mobile Devices

Yes, in the procedure "Using IT Resources by Users".

Yes. The use of private mobile devices is regulated, described, documented and implemented in PBI's internal instructions - 04 Use of IT resources by users. The organization maintains a strict policy against the use of personal portable devices (PPDs).

Yes, according to the implemented procedures for mobile devices used by employees. Mobile devices are configured with access control, and are protected by anti-malware and antivirus software. The software and its updates are centrally managed.

Yes, there is a hardware register maintained.

Data entrusted for processing are processed exclusively within the IT system and are not transmitted outside of it.

Yes, we have a documented and implemented Procedure for Managing Security and Cryptographic Keys, which also relates to the security of using mobile devices.

According to our Procedure for the Use of IT Resources by Users, there is a total prohibition on using external information media. External drives may only be used by selected IT department employees and system administrators, with prior consent from the Data Protection Officer (DPO) and the Information Security Officer (ISO). They are subject to detailed guidelines, their number is strictly defined, they are registered, encrypted, and undergo annual reviews. No personal data may be stored on them. Data entrusted for processing are processed exclusively within the IT system and are not transmitted outside of it.

Yes. Everything is conducted in accordance with the documented and implemented Data Retention Procedure of VERCOM and the Instruction for Managing the Information System, tailored to the data category.