Personal Device Policy

Effective Date: April 2025

This policy outlines the rules and responsibilities for VDC.cloud consultants who use their own personal devices while engaged in client projects. The aim is to protect data security, client confidentiality, and system integrity across all work environments.

1. Purpose

To ensure the secure use of personal laptops, smartphones, or tablets for accessing client or VDC.cloud systems and information during consultancy engagements.

2. Scope

This policy applies to all independent consultants, contractors, and temporary staff engaged by VDC.cloud who may use personal devices to perform work-related tasks for VDC.cloud or its clients.

3. Acceptable Use

Personal devices may be used only when:

  • A secure, VDC.cloud- or client-approved communication and collaboration platform is in use
  • Multi-factor authentication (MFA) is enabled for all work accounts
  • Data encryption is enabled on the device (e.g., BitLocker, File Vault)
  • The device has up-to-date antivirus and firewall protection
  • The consultant has agreed to and signed this policy

4. Security and Privacy Requirements

Devices must meet the following requirements:

  • Devices must be password-protected and locked when unattended
  • Access to sensitive client or VDC.cloud systems or data must only be done via secure networks (e.g., no public Wi-Fi without a VPN)
  • Consultants must not store sensitive or confidential data locally on a personal device unless encrypted and authorised
  • Regular operating system and application security updates must be installed

5. Prohibited Activities

The following activities are prohibited:

  • Use of personal devices to access or store unapproved copies of client data
  • Sharing devices with unauthorised individuals (e.g., family members)
  • Installing unauthorised or pirated software
  • Circumventing client security policies or VDC.cloud safeguards

6. Monitoring and Audit

VDC.cloud reserves the right to request confirmation of compliance through device configuration checks. Consultants may be required to provide device screenshots or compliance confirmations during project audits.

7. Incident Reporting

Any loss, theft, or compromise of a personal device used for work purposes must be reported immediately via the Policy Enquiry form:

The report must include:

  • Time and location of the incident
  • A description of the device and data potentially impacted
  • Steps taken to mitigate the issue

8. Enforcement and Consequences

Non-compliance with this policy may result in:

  • Revocation of access to systems or data
  • Termination of project involvement
  • Possible legal liability if client or company data is compromised

9. Review

This policy is subject to annual review and updates in line with industry best practices and client-specific security requirements.

10. Contact

For clarification or questions regarding this policy, contact (depending on your location):

VDC.cloud Security Team

  • VDC.cloud Professional Services Ltd (London, United Kingdom)
  • VDC.cloud Professional Services Asia Pte. Ltd. (Singapore)

Submit a policy enquiry:

Website: https://vdc.cloud

By following this policy, VDC.cloud consultants help ensure the security, integrity, and trust expected in all cloud consultancy engagements.