❓ A WA parliamentary question on notice regarding policies and procedures for restricting unauthorised access to mobile devices and their disposal within Goldcorp, Lotterywest, Premier and Cabinet, Public Sector Commission, and Salaries and Allowances Tribunal.
AnsweredQoN 3192Legislative Assembly
Asked
12 June 2018
Member
Portfolio
Premier; Minister for Public Sector Management; State Development, Jobs and Trade; Federal-State Relations
QuestionView source ↗
In respect of the Minister’s portfolio responsibilities for any of their departments, agencies, government trading enterprises or boards, I ask: (a) Are there any policies or procedures in place for restricting unauthorised access to mobile devices (mobile phones, tablets and laptops): (i) If so, what are they; and (ii) If not, why not; (b) How many mobile devices have been disposed of in the following financial years and what was their disposal method (i.e. at auction): (i) 2015-16; (ii) 2016-17; and (iii) 2017-18; and (c) Were any of the mobile devices in (b)(i)-(iii) used to store sensitive or confidential information: (i) If so, what type of sensitive or confidential information; and (ii) If so, what measures are put in place to ensure this information is not retained on the hard-drive of the device upon it's disposal?
AnswerView source ↗
Answered
14 August 2018
Response time
9 days
Goldcorp
(a)(i) Mobile devices are protected by a Mobile Device Management solution. The solution allows device specific security controls to be implemented and enforced (passcodes and passwords). Digital Certificate technology is used to validate the identity of the device and provide access to sensitive data.
(b)(i) 0
(ii) 0
(iii) 0
Lotterywest
(a)(i) Lotterywest uses BitLocker Drive Encryption to restrict unauthorised access to laptops and AirWatch Mobile Device Management to restrict unauthorised access to mobile phones and tablet devices.
(b) Not applicable.
(i) In 2015/16 Lotterywest disposed of 76 mobiles devices. The following breakdown of disposal method was used:
66 - Auction
7 - Destroyed
2 - Stolen
1 - Lost
(ii) In 2016/17 Lotterywest disposed of 158 mobiles devices. The following breakdown of disposal method was used:
155 - Destroyed
3 - Lost
(iii) In 2017/18 Lotterywest disposed of 22 mobiles devices. The following breakdown of disposal method was used:
19 - Destroyed
2 - Sold to departing employee at market value
1 - Stolen
(c)(i) The mobile devices in (b)(i)-(iii) had Lotterywest user email installed on these devices.
(ii) All devices to be sold or destroyed are reset by Lotterywest to their factory resettings. Devices lost or stolen are reset remotely and email data deleted through the AirWatch Mobile Device Management application.
Premier and Cabinet
(a) Yes.
(i) Department laptops require logon’s to be Authenticated against the departments Identity and Access Management (IAM) systems. Departmentally managed mobile phones and tablets are configured against the standards set by the Australian Signals Directorate (ASD) iOS hardening guide for content that would be categorised under the Australian Government – Security Classification System (SCS) at the Classified - Protected level. These devices are configured utilising a market leading Enterprise Mobility Management solution which enforces:
1. Complex Passcodes,
2. Device Encryption,
3. Certificate and credential based IAM authentication,
4. Remote enterprise wipe and device wipe capabilities,
5. Data loss prevention utilising containerisation and restricting the ability of device holders to copy corporate information to unmanaged locations.
(ii) Not applicable.
(b) All mobile devices are disposed utilising the Government common use contract (CUAWAS2016 – Category E).
(i) 6 mobile phones, 2 tablets and 25 laptops.
(ii) 59 mobile phones, 55 tablets and 13 laptops.
(iii) 86 mobile phones, 34 tablets and 19 laptops.
(c)(i-ii) The Department completes data sanitisation on all mobile devices prior to disposal. Data sanitisation procedures undertaken by the Department are aligned, at a minimum, to the ASD Information Security Manual (ISM) guidelines for the disposal of electronic storage media for content that would be categorised under the SCS at a Classified – Protected level.
Public Sector Commission
(a) Please refer to the Department of Premier and Cabinet Response, as they are the service provider to the Commission.
(b) Yes. The disposal of mobile devices, once sanitised/reset to factory default, is to use the Government disposal common use contract (CUA).
(i) 2015-16: 13 mobile phones and 7 laptops
(ii) 2016-17: 10 laptops
(iii) 2017-18: 3 tablets.
(c) Please refer to the Department of Premier and Cabinet Response, as they are the service provider to the Commission.
Salaries and Allowances Tribunal
(a) Please refer to the response provided by the Department of Premier and Cabinet, which is the service provider to the Tribunal
(b)(i) Nil
(ii) Nil
(iii) One device disposed of through trade in, in accordance with the State Supply Commission's “Disposal of Goods Policy”.
(c) Please refer to the response provided by the Department of Premier and Cabinet, which is the service provider to the Tribunal.
Department of Jobs, Tourism, Science and Innovation
(a) Yes.
(i) Acceptable Use of ICT Policy.
(ii) Not applicable.
(b) One end of life iPad.
(i) 0.
(ii) 0.
(iii) One iPad – sold.
(c) No.
(i) Not applicable.
(ii) Not applicable.
(a)(i) Mobile devices are protected by a Mobile Device Management solution. The solution allows device specific security controls to be implemented and enforced (passcodes and passwords). Digital Certificate technology is used to validate the identity of the device and provide access to sensitive data.
(b)(i) 0
(ii) 0
(iii) 0
Lotterywest
(a)(i) Lotterywest uses BitLocker Drive Encryption to restrict unauthorised access to laptops and AirWatch Mobile Device Management to restrict unauthorised access to mobile phones and tablet devices.
(b) Not applicable.
(i) In 2015/16 Lotterywest disposed of 76 mobiles devices. The following breakdown of disposal method was used:
66 - Auction
7 - Destroyed
2 - Stolen
1 - Lost
(ii) In 2016/17 Lotterywest disposed of 158 mobiles devices. The following breakdown of disposal method was used:
155 - Destroyed
3 - Lost
(iii) In 2017/18 Lotterywest disposed of 22 mobiles devices. The following breakdown of disposal method was used:
19 - Destroyed
2 - Sold to departing employee at market value
1 - Stolen
(c)(i) The mobile devices in (b)(i)-(iii) had Lotterywest user email installed on these devices.
(ii) All devices to be sold or destroyed are reset by Lotterywest to their factory resettings. Devices lost or stolen are reset remotely and email data deleted through the AirWatch Mobile Device Management application.
Premier and Cabinet
(a) Yes.
(i) Department laptops require logon’s to be Authenticated against the departments Identity and Access Management (IAM) systems. Departmentally managed mobile phones and tablets are configured against the standards set by the Australian Signals Directorate (ASD) iOS hardening guide for content that would be categorised under the Australian Government – Security Classification System (SCS) at the Classified - Protected level. These devices are configured utilising a market leading Enterprise Mobility Management solution which enforces:
1. Complex Passcodes,
2. Device Encryption,
3. Certificate and credential based IAM authentication,
4. Remote enterprise wipe and device wipe capabilities,
5. Data loss prevention utilising containerisation and restricting the ability of device holders to copy corporate information to unmanaged locations.
(ii) Not applicable.
(b) All mobile devices are disposed utilising the Government common use contract (CUAWAS2016 – Category E).
(i) 6 mobile phones, 2 tablets and 25 laptops.
(ii) 59 mobile phones, 55 tablets and 13 laptops.
(iii) 86 mobile phones, 34 tablets and 19 laptops.
(c)(i-ii) The Department completes data sanitisation on all mobile devices prior to disposal. Data sanitisation procedures undertaken by the Department are aligned, at a minimum, to the ASD Information Security Manual (ISM) guidelines for the disposal of electronic storage media for content that would be categorised under the SCS at a Classified – Protected level.
Public Sector Commission
(a) Please refer to the Department of Premier and Cabinet Response, as they are the service provider to the Commission.
(b) Yes. The disposal of mobile devices, once sanitised/reset to factory default, is to use the Government disposal common use contract (CUA).
(i) 2015-16: 13 mobile phones and 7 laptops
(ii) 2016-17: 10 laptops
(iii) 2017-18: 3 tablets.
(c) Please refer to the Department of Premier and Cabinet Response, as they are the service provider to the Commission.
Salaries and Allowances Tribunal
(a) Please refer to the response provided by the Department of Premier and Cabinet, which is the service provider to the Tribunal
(b)(i) Nil
(ii) Nil
(iii) One device disposed of through trade in, in accordance with the State Supply Commission's “Disposal of Goods Policy”.
(c) Please refer to the response provided by the Department of Premier and Cabinet, which is the service provider to the Tribunal.
Department of Jobs, Tourism, Science and Innovation
(a) Yes.
(i) Acceptable Use of ICT Policy.
(ii) Not applicable.
(b) One end of life iPad.
(i) 0.
(ii) 0.
(iii) One iPad – sold.
(c) No.
(i) Not applicable.
(ii) Not applicable.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.