Policy or procedure designed to secure and protect mobile devices and make sure employees/vendors are using them correctly in order to mitigate the risk of exposing an organization’s data and information.