❓ A WA parliamentary question on notice addresses mobile device security and disposal policies across various government departments and agencies, revealing varying levels of security measures and disposal practices.
AnsweredQoN 3176Legislative Assembly
Asked
12 June 2018
Member
Portfolio
Water; Fisheries; Forestry; Innovation and ICT; Science
QuestionView source ↗
In respect of the Minister’s portfolio responsibilities for any of their departments, agencies, government trading enterprises or boards, I ask: (a) Are there any policies or procedures in place for restricting unauthorised access to mobile devices (mobile phones, tablets and laptops): (i) If so, what are they; and (ii) If not, why not; (b) How many mobile devices have been disposed of in the following financial years and what was their disposal method (i.e. at auction): (i) 2015-16; (ii) 2016-17; and (iii) 2017-18; and (c) Were any of the mobile devices in (b)(i)-(iii) used to store sensitive or confidential information: (i) If so, what type of sensitive or confidential information; and (ii) If so, what measures are put in place to ensure this information is not retained on the hard-drive of the device upon it's disposal?
AnswerView source ↗
Answered
21 August 2018
Responded by
Minister for Water; Fisheries; Forestry; Innovation and ICT; Science
Response time
12 days
Aqwest (a) Yes. (i) All Apple iPhones require a four (4) digit code to access. IPads also require a four (4) digit code to access. Laptops and Windows based tablets require a current username and password in order to log in and are locked to the Aqwest domain. Aqwest can lock down all Apple devices using the inbuilt PIN code security system. Security functionality for android mobile phones has not been utilised on all relevant devices. Aqwest has the ability to remotely wipe all mobile phones and iPads to factory settings using Microsoft’s remote exchange management. (ii) Aqwest are currently fully implementing suitable security arrangements on all android mobile phones. (b) (i) 0 (ii) 22 via tender, however no tenders were received so phones were destroyed. (iii) 0 (c) Yes (i) Corporate emails (ii) Mobile devices are factory reset and laptop hard drives are wiped before they are subject to disposal via a tender process.
Busselton Water (a) Yes (i) P8.PR01 – Information Technology P8.PR05 - Use of mobile phones and other mobile technology (ii) Not applicable (b) (i) 0 (ii) 0 (iii) 0 (c) Not applicable (no devices disposed of). (i)-(ii) Not applicable
ChemCentre (a) Yes (i) Policies and procedures Addressing Mobile Device Security: - Information Security Policy and Procedures - Notebook Usage and Security - Email Policy (ii) Not applicable (b) (i) No phones were disposed of in 2015-16 (ii) 8 Mobile Devices. Sold to Staff in competitive EOI Process (iii) 2 Mobile Devices, Sold to Staff in competitive EOI Process (c) Yes (i) Commercial in Confidence Client Scientific Analytical Data/Reports Human Resources Personnel data (ii) Disk Encryption (where supported), Multi-Pass Disk Wipe and where possible factory reset
Department of Primary Industries and Regional Development (a) Yes. (i) Policy – Physical Security Policy, Acceptable Use Policy, Password Standard, Information Security Framework, Telecommunications Policy, Disposal and Reuse Policy, Department of Fisheries ICT Mobile Computing Policy. (ii) Not applicable. (b)(i) 6 laptops destroyed. (ii) 0 (iii) Please refer to Legislative Assembly Question on Notice 3187 (c) Please refer to Legislative Assembly Question on Notice 3187
Department of Water and Environmental Regulation (a) Yes (i) Two policies – IM600 Corporate Security and IM401 Mobile Phone Usage, which cover the use of all mobile devices including mobile phones, tablets and laptops. (ii) Not applicable (b) Mobile phones and tablets are reset to factory settings to wipe all data before they are sent to recycling. Laptops are offered to schools and community groups. (i) 43 (ii) 40 (iii) 12 (c) In a broad definition these devices may have been used to store sensitive or confidential information. Laptops with hard-drives (mobile phones and tablets do not have hard-drives) are wiped before being provided to schools or community groups. (i)-(ii) Not applicable
Forest Products Commission (a) Yes. (i) Code of conduct Procedure 94 – Information security Procedure 3 – Mobile communications Procedure 32 – Password management (ii) Not applicable. (b) Yes, eWaste disposal under common use arrangement for Waste Disposal and Recycling Services (CUAWAS2016) (i) 0 (ii) 19 (iii) 32 (c) Yes (i) Corporate emails and documents. (ii) Secure data destruction report is received for all hard-drive destruction.
Department of Jobs, Tourism, Science and Innovation Please refer to Legislative Assembly Question on Notice 3192
Office of Digital Government (a)(i)-(ii) Please refer to Legislative Assembly Question on Notice 3192 (b) (i)-(iii) Nil (c) Not applicable
Water Corporation (a) Yes. (i) PCY355 Information Technology - Mobile Device Policy S503 Information Systems Security - Assets Disposal and Loss Prevention (ii) Not applicable. (b) All laptops, faulty or working, are put out to tender for companies to bid. This is only done once the whole disk encryption and data wipe is performed. Prior to faulty devices being sold, their storage media is removed for destruction. Tablets and mobile phones are not sold, they are kept in a secure location for destruction. (i) 2015-16: 97 laptops sold through tender process (ii) 2016-17: 280 laptops sold through tender process (iii) 2017-18: 154 laptops sold through tender process (c) Yes. (i) Dependent on the user’s role and the corporate applications they had access. It should be noted that the majority of information stored is regarded as sensitive or confidential. (ii) All laptops have whole disk encryption (Bitlocker) and are securely wiped (Department of Defence standard 5220.22-M) upon disposal. If the hard drive has malfunctioned and is not readable, the drive is physically destroyed to prevent reassembly.
Busselton Water (a) Yes (i) P8.PR01 – Information Technology P8.PR05 - Use of mobile phones and other mobile technology (ii) Not applicable (b) (i) 0 (ii) 0 (iii) 0 (c) Not applicable (no devices disposed of). (i)-(ii) Not applicable
ChemCentre (a) Yes (i) Policies and procedures Addressing Mobile Device Security: - Information Security Policy and Procedures - Notebook Usage and Security - Email Policy (ii) Not applicable (b) (i) No phones were disposed of in 2015-16 (ii) 8 Mobile Devices. Sold to Staff in competitive EOI Process (iii) 2 Mobile Devices, Sold to Staff in competitive EOI Process (c) Yes (i) Commercial in Confidence Client Scientific Analytical Data/Reports Human Resources Personnel data (ii) Disk Encryption (where supported), Multi-Pass Disk Wipe and where possible factory reset
Department of Primary Industries and Regional Development (a) Yes. (i) Policy – Physical Security Policy, Acceptable Use Policy, Password Standard, Information Security Framework, Telecommunications Policy, Disposal and Reuse Policy, Department of Fisheries ICT Mobile Computing Policy. (ii) Not applicable. (b)(i) 6 laptops destroyed. (ii) 0 (iii) Please refer to Legislative Assembly Question on Notice 3187 (c) Please refer to Legislative Assembly Question on Notice 3187
Department of Water and Environmental Regulation (a) Yes (i) Two policies – IM600 Corporate Security and IM401 Mobile Phone Usage, which cover the use of all mobile devices including mobile phones, tablets and laptops. (ii) Not applicable (b) Mobile phones and tablets are reset to factory settings to wipe all data before they are sent to recycling. Laptops are offered to schools and community groups. (i) 43 (ii) 40 (iii) 12 (c) In a broad definition these devices may have been used to store sensitive or confidential information. Laptops with hard-drives (mobile phones and tablets do not have hard-drives) are wiped before being provided to schools or community groups. (i)-(ii) Not applicable
Forest Products Commission (a) Yes. (i) Code of conduct Procedure 94 – Information security Procedure 3 – Mobile communications Procedure 32 – Password management (ii) Not applicable. (b) Yes, eWaste disposal under common use arrangement for Waste Disposal and Recycling Services (CUAWAS2016) (i) 0 (ii) 19 (iii) 32 (c) Yes (i) Corporate emails and documents. (ii) Secure data destruction report is received for all hard-drive destruction.
Department of Jobs, Tourism, Science and Innovation Please refer to Legislative Assembly Question on Notice 3192
Office of Digital Government (a)(i)-(ii) Please refer to Legislative Assembly Question on Notice 3192 (b) (i)-(iii) Nil (c) Not applicable
Water Corporation (a) Yes. (i) PCY355 Information Technology - Mobile Device Policy S503 Information Systems Security - Assets Disposal and Loss Prevention (ii) Not applicable. (b) All laptops, faulty or working, are put out to tender for companies to bid. This is only done once the whole disk encryption and data wipe is performed. Prior to faulty devices being sold, their storage media is removed for destruction. Tablets and mobile phones are not sold, they are kept in a secure location for destruction. (i) 2015-16: 97 laptops sold through tender process (ii) 2016-17: 280 laptops sold through tender process (iii) 2017-18: 154 laptops sold through tender process (c) Yes. (i) Dependent on the user’s role and the corporate applications they had access. It should be noted that the majority of information stored is regarded as sensitive or confidential. (ii) All laptops have whole disk encryption (Bitlocker) and are securely wiped (Department of Defence standard 5220.22-M) upon disposal. If the hard drive has malfunctioned and is not readable, the drive is physically destroyed to prevent reassembly.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.