Physical Device Security Checklist
Version: 1.0 | Last Updated: November 11, 2025
Purpose: This checklist ensures staff, volunteers, and partners secure physical devices (e.g., laptops, mobiles, USBs) handling personal data (e.g., student records) in emergency contexts. Complies with Kenya DPA Section 25 (security obligations), UoN BYOD Policy, and ICRC Handbook (Ch. 2.8: Mobile Devices in Humanitarian Settings). Use before fieldwork; review quarterly.
Mark Yes/No/N/A; report issues to DPO (dataprotection@aheen.net).
Device Details: [Insert e.g., Laptop - Dell XPS for Field Enrollment]
User: [Name/Role]
Date: [DD/MM/YYYY]
1. Registration & Approval
| Item | Assessment | Notes/Evidence |
|---|---|---|
| Device registered with AHEEN IT/UoN (e.g., serial # logged)? | [Yes | No | N/A] | [e.g., Approval email attached]. |
| Approved for AHEEN use only (no personal data on unapproved devices)? | [Yes | No | N/A] | |
| DPIA completed for high-risk use (e.g., biometrics app)? | [Yes | No | N/A] | [Reference DPIA ID]. |
2. Basic Security Setup
| Item | Assessment | Notes/Evidence |
|---|---|---|
| Full-disk encryption enabled (e.g., BitLocker/FileVault, AES-256)? | [Yes | No | N/A] | [Test: Can access without key?]. |
| Multi-factor authentication (MFA) set up for all logins? | [Yes | No | N/A] | [e.g., App-based, not SMS]. |
| Auto-lock after 5 minutes idle; strong password (12+ chars)? | [Yes | No | N/A] | |
| Antivirus/malware protection installed & updated (e.g., Windows Defender)? Not allowed due to data leaks: AVG, AVAST, Norton | [Yes | No | N/A] | [Last scan date]. |
3. Data Handling & Storage
| Item | Assessment | Notes/Evidence |
|---|---|---|
| Minimal data stored locally (prefer encrypted cloud sync)? | [Yes | No | N/A] | [e.g., No sensitive files >24hrs]. |
| No use of personal email/cloud (e.g., Gmail) for AHEEN data? | [Yes | No | N/A] | |
| VPN required for public Wi-Fi (e.g., UoN-approved tool)? | [Yes | No | N/A] | [Test connection]. |
| Backups to secure server (e.g., Azure); no unencrypted USBs? | [Yes | No | N/A] | [Last backup date]. |
4. Physical & Emergency Protections
| Item | Assessment | Notes/Evidence |
|---|---|---|
| Remote wipe capability enabled (e.g., Find My Device)? | [Yes | No | N/A] | [Test wipe function]. |
| Physical locks/cases used in camps (e.g., cable lock)? | [Yes | No | N/A] | [For fieldwork]. |
| Incident plan: Report loss to DPO within 1 hour? | [Yes | No | N/A] | [Contact tested]. |
| Battery/charging managed (e.g., no drain revealing use in hiding)? | [Yes | No | N/A] | [ICRC Ch. 2.8.4: Volatile areas]. |
5. Maintenance & Training
| Item | Assessment | Notes/Evidence |
|---|---|---|
| OS/apps updated (e.g., auto-updates enabled)? | [Yes | No | N/A] | [Last update]. |
| Annual training completed (e.g., BYOD module)? | [Yes | No | N/A] | [Certificate #]. |
| Disposal plan: Secure wipe/shred on end-of-life? | [Yes | No | N/A] |
Overall Compliance: Non-Compliant
Actions Needed: [e.g., Enable MFA; re-scan for updates].
Signature: ____________________ Date: __________
Tips: For mobiles: Use Signal for comms. Prohibit unencrypted storage of sensitive data. In emergencies, prioritize offline modes. Full Handbook Section 7: https://knowledgebase.aheen.net/books/aheen-data-protection.
No comments to display
No comments to display