About
Contact Us
    Managed Mobility Services
    Overview Let us solve your toughest business challenges across every mobile lifecycle stage - planning, procurement, operations and disposal.   Procure and Provision Place and manage all equipment orders and MACD service changes with total control and confidence. Deploy Ensure employees get to work quickly with forward and reverse logistics services for your mobile fleet. Maintain Centralize and optimize the management of your mobile assets, expenses and services. Save up to 40% on your wireless bills.
    Secure Protect all your endpoints and end users with advanced technology and expert managed services. Plan and Support Save time and money with guidance, workflow automation and an all-in-one end user service desk. Go Global Increase visibility and extend your enterprise mobility management across continents and carriers.
    Laptop Lifecycle Services Take expert care of your employee laptops with comprehensive lifecycle management. WWAN Optimization and Lifecycle Management Get a true picture of your SD-WAN environment and reduce your business costs. Sustainability Go green with services and strategies designed to reduce the impact of IT assets like smartphones, tablets and laptops.
    Mobility Platform
    Integrations and Automation Integrate, automate and innovate so you can focus on what matters outside mobility. OnePortalSM One mobility platform to reduce your mobile costs, increase productivity and improve visibility. Onboarding Streamlined approaches to implementation, worry-free migrations and training for a smooth start.
    Pricing
    Pricing and Engagement Make informed decisions with clear and simple pricing for best-in-class mobility management from vMOX.
    Benefits By Role
    Learn
    Blog Keep up with the world of business wireless with insights and articles from the experts. Client Stories Read inspiring stories of success and mobile victories from real clients in different sectors. Podcast Listen to industry leaders, get advice and track trends with the Road to Mobile Victory podcast. Resource Library Discover resources to expand your skills, solve wireless challenges and unlock value.
    FAQs Get answers to frequently asked questions about vMOX and the work we do in enterprise mobility. Why Choose vMOX Make your vendor selection with confidence. Find out what's unique about vMOX and why more enterprises are making the move. Outsourcing vs. Insourcing On fence about managed mobility services? Learn how IT outsourcing benefits your team and bottom line. See How vMOX Compares Wondering how vMOX stacks up? Explore what makes us different from other legacy solutions.
    Get started free
      Get started free
      security and technology policies

      Policies ensuring the protection and confidentiality of all client data

      Explore vMOX's major security and technology policies put in place for our internal and cloud environments.

      Learn more

      Protecting all data is of the utmost importance at vMOX. Our information security management program (ISMP) is specifically designed to ensure the security of all of our systems and the confidentiality of all client information.

      We accomplish this by continually evaluating risks to our operations and improving the security, confidentiality, integrity, and availability of our vMOX environment. We regularly review and update security policies, perform application and network security testing of our environment, and monitor compliance with security policies.

      Below is a list and short description of our major Security and Technology policies that vMOX has put in place for our internal and cloud environments.

      Policy, Risk, and Governance

      This policy sets out the general principles and guidelines for managing Security at vMOX.

      • We will manage access to company information and customer information based on business need and in line with our Company Values.

      • vMOX will implement a set of controls to manage the implementation of security in line with this policy.

      • vMOX will periodically review risks and the effectiveness of controls intended to manage those risks.

      Access Management

      This policy sets out the general principles and guidelines for Access Management. vMOX will maintain an Access Control policy outlining how to manage access to systems:

      • User accounts and passwords will be used to manage access.

      • All users have responsibility to manage access to their systems.

      • Systems will be logged and monitored for potential inappropriate access.

      • Remote access will be managed by multi-factor authentication.

      Asset Management

      This policy sets out the general principles and guidelines for management of vMOX’s IT assets and how those assets should be handled.

      • vMOX will maintain an inventory of assets.

      • Assets maintained in an asset management database will have identified owners.

      • Acceptable use of assets will be identified, documented and implemented.

      • Assets will be returned to vMOX if employment is terminated.

      Business Continuity and Disaster Recovery

      This policy sets out the general principles that establish our approach toward resilience, availability and continuity of processes, systems and services at vMOX. It defines requirements around business continuity, disaster recovery and crisis management processes.

      • Mission critical system, process or Service Owners must ensure proper Business Continuity and/or Disaster Recovery that is inline with the tolerance for disruption in case of disaster.

      • Continuity plans must include appropriate "last stand" environment, that provides core functionality (at the minimum), and a plan to fail to that environment. Considerations for business-as-usual resumption must also be included.

      • No mission critical system, process or function could be deployed in production without appropriate continuity plan.

      • Plans must be tested quarterly and issues identified and addressed.

      • Maximum time for recovery (RTO) starts from event detection until the core functionality is operational. Services are grouped into Tiers that define maximum RTO and RPO.

      Communications Security

      This policy sets out the general principles and guidelines for managing the security of our communications and our networks.

      • Network access should be controlled.

      • Network access is supplied and all users should be familiar with the Global - Electronic System and Communications Policy.

      • Networks should be segregated based on criticality.

      Crypto and Encryption

      This policy sets out the general principles to ensure that vMOX implements appropriate encryption & cryptography to ensure confidentiality of critical data. vMOX deploys cryptographic mechanisms to mitigate the risks involved in storing sensitive information and transmitting it over networks, including those that are publicly accessible (such as the internet). 

      vMOX will ensure:

      • Sensitive data is encrypted appropriately.

      • Strength of selected encryption corresponds with information classification.

      • Cryptographic keys will be securely managed.

      • Only approved cryptographic algorithms will be used.

      Data Security and Information Lifecycle Management

      The Data Security Classification Policy establishes overall requirements on how to handle customer data. Examples for how to handle different types of data can be found below. All employees should consider how to handle both internal as well as customer data.

      All employees share in the responsibility for ensuring that our information receives an appropriate level of protection by observing this Information Classification policy:

      • Information should be classified in terms of legal requirements, value and criticality to vMOX.

      • Information should be labeled to ensure appropriate handling.

      • Manage all removable media with the same handling guidelines as below.

      • Media being disposed of should be securely deleted.

      • Media containing company information should be protected against unauthorized access, misuse or corruption during transport.

      Mobile and Bring Your Own Device (BYOD)

      This Policy sets out the general principles and guidelines for the use of personal devices with vMOX networks and environments.

      • This Bring Your Own Device Policy (BYOD) intends to be as unobtrusive and flexible as possible with regard to BYOD usage to maintain the autonomy of vMOX employees whilst ensuring we have the ability to protect our customer and corporate data.

      • The primary focus will be on configuration / posture checking and monitoring of compliance of devices, with the least restrictive principles that reasonably achieve the required security objectives, rather than enforcement of restrictions. Where restrictions do need to be applied, this will be done selectively depending on the data that can be accessed.

      • This Policy covers both our current and our anticipated future needs. Some of the capabilities outlined may not be implemented immediately.

      Operations

      This policy sets out the general principles and guidelines for technology operational practices at vMOX.

      • vMOX procedures should be documented for operational activities.

      • Our backups should be taken regularly and the backups tested.

      • All changes should be managed and evaluated by multiple people.

      • Capacity should be evaluated and planned for.

      • Software installation should be limited and unnecessary software should be restricted.

      • Logs must be configured and forwarded to the centralized logging platform.

      • Any operational incidents should be managed according to our standard Incident process.

      Personnel Security

      This policy sets out our security considerations for securing people.

      • Security responsibilities will be outlined in job definitions.

      • All employees and users will regularly attend security awareness training.

      • All employees and contractors have a duty to report security incidents or weaknesses.

      • Upon employee termination, access and return of assets will occur in a reasonable time frame.

      Physical and Environmental Security

      This policy sets out the general principles and guidelines for securing our buildings, our offices and securing our equipment.

      • vMOX will provide for secure areas to work.

      • We will secure our IT equipment wherever it may be.

      • We will restrict access to our buildings and offices to appropriate personnel.

      Privacy

      This policy sets out the general principles for managing customer-related data privacy.

      • Managing controls around collecting customer data.

      • Reviewing customer data should be kept to support and service delivery purposes only.

      • The only scenarios where customer data may be cloned is for backup or support purposes.

      Security Incident Management

      This policy sets out the general principles and guidelines to ensure that vMOX reacts appropriately to any actual or suspected security incidents. vMOX has a responsibility to monitor for incidents that occur within the organization that may breach confidentiality, integrity or availability of information or information systems. All suspected incidents must be reported and evaluated. 

      The vMOX Security Team will:

      • Anticipate security incidents and prepare response plans accordingly.

      • Contain, eradicate and recover from an incident.

      • We will invest in our people, processes and technologies to ensure we have the capability to detect and analyze an incident when it occurs.

      • When responding to an incident, will put the protection of customer data as our top priority.

      • Learn from and improve the security incident management function.

      Supplier and Third-Party Data Management

      This policy sets out the general principles and guidelines for select, engage, and oversee vendor access to vMOX data. vMOX will ensure that:

      • We are purposeful in managing our vendor selection process.

      • The business owner requesting the vendor relationship is responsible for utilizing standard vMOX contracts.

      • We perform oversight of the relationship to ensure it meets our vMOX standards.

      • We reserve the right to terminate the contract with any vendor when the service is no longer required.

      System Acquisition, Development, and Maintenance

      This policy sets out the general principles and guidelines for development of applications, both internally and customer-facing, as well as creating limitations on how to manage pre-production environment and incorporating open source software into any of our products.

      • Security requirements will be included and incorporated to any environment or application development or acquisition.

      • Product development will follow our internal quality assurance process, which includes integration of security checks.

      • Production data will be anonymized or masked when being used in pre-production environments.

      • Integration of any open source frameworks or libraries will follow our internal guidelines.

      Threat and Vulnerability Management

      This policy sets out the general principles and guidelines for managing security threats and vulnerabilities both in our environment and in our products. vMOX will ensure that:

      • We manage security vulnerabilities in our products and services, including issuing updates, patches or advisories.

      • We will manage security threats and vulnerabilities throughout our environment, both internal and hosted environments.

      • We will manage the threat of malware in the environment.

      Audit and Compliance Management

      This policy sets out the general principles and guidelines for managing the audit and compliance program to validate implementation of the vMOX Controls Framework. vMOX will ensure that:

      • We implement technology-focused operations, security and privacy controls to ensure they comply with relevant internal policies, regulations and external industry standards.

      • Audits are coordinated and delivered as appropriate to achieve high level of confidence in our control environment, as well as to achieve internal or external certification.

      • vMOX seeks external validation of the implementation of our operational, security, privacy and other controls.

      • vMOX maintains a consolidated view of all its relevant control objectives, activities and tests (vMOX Controls Framework - VCF).