Does anyone have a PDA policy that they are willing to share or talk about? Our bank currently provides support for synchronizing Palm and Windows PDA devices for a few users, but we do not have a written PDA policy in place. With this technology rapidly being accepted, we need to put something in place. Some questions I have been considering are:

What types of devices are supported?
What type of information can be transferred to the device?
What security measures need to be utilized on the device?
Should the bank purchase PDAs for employees or let them use their own?

If anyone has been down this road already, I would be curious to know some of your answers to the above questions.

Thanks.

Run... Fast... but seriously you should consider them as you do a laptop at the minimum. Does your bank allow employees to bring in their home laptops or computers and plug them into the bank's network?... hopefully not, so PDAs should fall into that category too.

You should allow ONLY bank owned and issued mobile computing devices, this way you have some form of control over the device and what is allowed to be installed or transferred to it. You really need to push that with management, else your network will quickly become an uncontrolled free for all.

http://www.google.com/search?q=mobile+device+encryption+employee+use+policy

You can easily argue that it will greatly improve the security and management of PDA / mobile device use if the bank owns the devices to begin with. You can then settle in on a standard device made by manufacturer X so you are only dealing with the one type. Don't forget the encryption too...

Nicholas is on target. As a officer in a small bank, I'd hate to have lived by the rules I think need to be in place. But if there will be data that you do not want to print and leave in the "take-one" brochure racks there needs to be security, control and encryption. The first question is, is it necessary, or just cool? It will be a lot of work to do it right. But with security being such a hot button, this isn't something to take lightly. Because it will be a lot of work outside that users office, there should be some real justification needed to warrant the efforts.

I agree with Andy and Nicholas. I've done some application development for the Palm PDAs and can tell you that these seemingly innocent devices can be programmed to do more than a laptop. Programming packages are very sophisticated and the developer has several ways to communicate with LANs, the Internet, the phone system, and other PDA users (wirelessly) anywhere within IR, bluetooth, or wi-fi range.