Skip to site content
U.S. Department of Health and Human Services
Indian Health Manual

Chapter 17 - Agency-Issued Cellular/Wireless and Satellite Services and Associated Service Enabling Devices

Part 8 - Information Resources Management


Exhibit Description
Manual Exhibit 8-17-A, "Mobile Devices Justification and User Agreement"

8-17.1  INTRODUCTION

    1. Purpose.  This chapter establishes the Indian Health Service (IHS)-specific policy and procedures for issuance and use of Agency-issued mobile devices including cellular telephones, smartphones, and tablet devices to IHS users for the purpose of performing IHS work-related duties.  It also addresses the process for addressing the misuse of these devices.
    2. Background.  The IHS Enterprise Mobile Service Program (EMSP) is responsible for implementing the objectives of the Office of Management and Budget Memorandum M-16-20, “Category Management Policy 16-3: Improving the Acquisition and Management of Common Information Technology: Mobile Devices and Services”, as part of the Federal Information Technology Acquisition Reform Act (FITARA). To support using economies-of-scale to reduce contracting costs, Federal mandates require the IHS to consolidate all cellular/wireless service requirements to no more than one contract per carrier utilizing a Government-wide acquisition contract that may include more than one ordering solution. The IHS EMSP establishes enterprise contracts with service providers capable of satisfying the geographically diverse requirements of all IHS Federal facilities.
    3. Scope.  This chapter applies to all IHS employees, United States Public Health Service Commissioned Corps Officers, interns, externs, and other non-governmental employees, including consultants, temporary staff, and business representatives (hereinafter, collectively referred to as IHS "users") who:
      1. Have been issued a mobile device by the IHS.
      2. Are authorized to approve or terminate Agency user accounts for mobile devices.
      3. Control the distribution of and payment for services related to the use of mobile devices.
      4. Control the accountable property processing requirements for mobile devices.
      5. IHS program representatives are responsible for notifying their contracting officers of any requirement to issue IHS IT resources, which includes all mobile services and devices, so that contracting officers can include all necessary contract language required for enforcement of this policy, and all other IHS property management policies.

      NOTE: Tribal Health Programs are not included in the scope of this chapter.

    4. Authorities and Guidance (as amended).
      1. Public Laws (P.L.).
        1. National Defense Authorization Act for Fiscal Year 2015, P.L. 113–291, Title VIII, Subtitle D—Federal Information Technology Acquisition Reform (FITARA), December 19, 2014
        2. E-Government Act of 2002, P.L. 107-347, December 17, 2002
        3. Authority to Acquire and Manage Information Technology, 40 United States Code § 11314(a)(3), August 21, 2002
        4. Making Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act of 2016, P.L. 114–210, July 29, 2016
      2. National Institute of Standards and Technology (NIST).
        1. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-124, Revision 2, “Guidelines for Managing the Security of Mobile Devices in the Enterprise,” May 17, 2023
        2. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-163 Revision 1, "Vetting the Security of Mobile Applications," April 19, 2019
        3. National Institute of Standards and Technology (NIST) Special Publication 800-79-2, “Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI),” July 30, 2015
      3. Office of Management and Budget (OMB).
        1. OMB M-13-02, “Improving Acquisition through Strategic Sourcing,” December 5, 2012
        2. OMB M-16-20, Category Management Policy 16-3: “Improving the Acquisition and Management of Common Information Technology: Mobile Devices and Services,” August 4, 2016
        3. OMB M-19-13, “Category Management: Making Smarter Use of Common Contract Solutions and Practice,” March 20, 2019
      4. Department of Health and Human Services (HHS). If the following links cannot be accessed, please contact IHSmobileservices@ihs.gov for copies of the policies.
        1. HHS Policy for Information Technology Asset Management (ITAM), HHS-OCIO-OCPO-2020-08-008, August 19, 2020
        2. HHS Policy for Mobile Devices and Removable Media, HHS-OCIO-OIS-2019-09-0005, August 27, 2019
        3. HHS Rules of Behavior for the Use of HHS Information and IT Resources Policy, HHS-OCIO-OIS-2019-05-004, June 7, 2019
    5. Acronyms and Definitions.
      (1) CAN - Common Accounting Number
      (2) COR - Contracting Officer's Representative
      (3) EMSP- Enterprise Mobile Services Program
      (4) FITARA - Federal Information Technology Acquisition Reform Act
      (5) HQ - Headquarters
      (6) HHS - Department of Health and Human Services
      (7) IHM - Indian Health Manual
      (8) IHS - Indian Health Service
      (9) IT - Information Technology
      (10) ISSO - Information System Security Officer
      (11) iPadOS - iPad Operating System
      (12) iOS - Information Technology
      (13) MDM - Mobile Device Management
      (14) MMS - Multimedia Messaging Service
      (14) OIT - Office of Information Technology
      (16) OMB - Office of Management and Budget
      (17) PIN - Personal Identification Number
      (18) P.L. - Public Law
      (19) SED - Service Enabling Device
      (20) SMS - Short Message Service
    6. Definitions.
      1. Jailbreak. Removing software restrictions that are intentionally put in place by the device manufacturer, IHS, or through other federally mandated restrictions.
      2. Mobile Device.  A portable computing device that:
        1. Has a small form factor such that it can easily be carried by a single individual;
        2. Is designed to operate without a physical connection (e.g., wirelessly transmit or receive information);
        3. Possesses local, non-removable or removable data storage; and
        4. Includes a self-contained power source.  Mobile devices may also include voice communication capabilities, on-board sensors that allow the devices to capture information, and/or built-in features for synchronizing local data with remote locations.  Examples include smartphones, tablets, and E-readers.
      3. Mobile Device Management.  A device-centric business solution that enables securely provisioning mobile devices by applying processes, software, and security policies onto mobile devices to protect IHS data assets.  All IHS mobile devices are enrolled in the IHS Mobile Device Management (MDM) solution to ensure the operating systems are kept up to date and to provide remote wipe capability in the event of a data breach, or a device is lost or stolen.
      4. Mobile Hotspot. A mobile hotspot or portable router converts cellular radio signals to Wi-Fi and vice versa to provide Internet access for email, websites, and other data transfers.
      5. Mobile Phone.  A phone that can make and receive telephone calls over a radio link while moving around a wide geographic area (also known as a cellular phone, cell phone, smartphone, and feature phone).  It does so by connecting to a cellular network provided by a cellular phone service operator capable of enabling access to the public telephone network.
      6. Multimedia Messaging Service. The telecommunications standard for phone messaging systems that enables sending messages with multimedia objects (images, audio, video, rich text) and text.  Multimedia Messaging Service (MMS) is mainly deployed in cellular networks along with other messaging systems like Short Message Service (SMS), mobile instant messaging, and mobile email.
      7. Push-to-Talk. Instant two-way communication method for smartphones where transmission occurs bi-directionally, similar to a two-way radio.  To use Push-to-Talk, users must press a physical or on-screen button on the mobile device while speaking and then release it when done.  The listener must then do the same to respond.
      8. Satellite Phone. A satellite phone, or satphone, is a type of mobile phone that connects to other phones or the public telephone network by radio link through satellites orbiting the Earth, enabling them to work in most geographic locations on the Earth's surface, as long as they have unobstructed line-of-sight between the satphone and the satellite are provided.
      9. Service Enabling Device.  Handsets and other hardware that provide the platform for delivering and using the Internet, messaging, and voice service functionality.  Service Enabling Devices (SED) include any mobile device technology, including cellular phones, laptops, tablets, and personal digital assistants.
      10. Smartphone.  A mobile phone with more advanced computing capability and connectivity than basic feature phones.  The smartphone is the standard electronic device used to transmit and receive voice and email communications throughout the IHS.
      11. Tablet. A mobile computer with a display, circuitry, and battery in a single unit.  Tablets are equipped with sensors, including cameras, microphones, accelerometers, and touchscreens, with finger or stylus gestures replacing computer mouse and keyboard.  Tablets may include physical buttons to control basic features such as speaker volume and power and have ports for network communications and to charge the battery.  An on-screen, pop-up virtual keyboard is used for typing; however, some models have connectable keyboards.  Tablets are typically larger than smartphones or personal digital assistants at 7 inches (18 cm) or larger, measured diagonally.

8-17.2  POLICY.

    The IHS is required to implement a cellular service and SED issuance process that follows appropriate category management principles to ensure the lowest cost mobile service that satisfies the Agency's requirements. This policy is based on the FITARA and the OMB Memorandum 16-20, which aims to improve the acquisition and management of common information technology, specifically mobile devices and services. The principles outlined in this chapter serve as the basis for authorizing cellular services and associated SEDs when user requirements for data access and connectivity support the Agency's mission.

8-17.3   PROCEDURES.

    In accordance with Federal, Departmental, and Agency requirements, the IHS EMSP will optimize cost savings for Agency-issued mobile services and devices.  Through standardized procurement, structured mobile service line management, and coordination of IHS-required property management processing and distribution, the EMSP will ensure that the IHS mobile communication goals are achieved in the most efficient and cost-effective way possible. 
    All IHS users must observe the required protocol to establish Agency-issued mobile services and devices, as indicated below, and acknowledge the rules of use as a condition of continued issuance.
    The procedures in this policy ensure that only authorized IHS personnel are issued a mobile device and that appropriate management controls governing the issuance, handling, tracking, and cost accounting are implemented.  
      1. Approved Wireless Service Providers. The IHS has contracted agreements with specific wireless service providers under the EMSP.  All IHS mobile device requirements must utilize one of these providers unless the established providers cannot provide coverage for the target service area.  If another wireless service provider is required, the service requester must obtain a facility-based waiver from the EMSP program manager.
      2. Waivers. If the current EMSP contracted service providers are unable to provide reasonable service, it may be possible to obtain service from another wireless service provider for a limited amount of time.  Designated qualified personnel for the requesting facility must first complete an EMSP field signal strength test of the EMSP-contracted providers using EMSP-supplied devices to demonstrate a lack of or insufficient service.
        1. Test results must be documented in the Request for an EMSP Mobile Service Provider Waiver. Waivers can be obtained through the IHS IT Self Service Portal or by requesting one through email at itsupport@ihs.gov.
        2. The waiver request must be signed by the tester and the tester’s supervisor and submitted to the EMSP via IHSMobileServices@ihs.gov.
        3. Upon review and acceptance of the waiver request by the EMSP team, the EMSP Program Manager will sign the waiver to acknowledge approval for two years and return the waiver to the tester and the tester’s supervisor.
        4. The tester or supervisor will submit the approved waiver to the local contracting officer, who will award a contract for a period of performance not to exceed two years.
        5. The tester/supervisor will cooperate with EMSP to reevaluate the EMSP-contracted providers’ coverage in the target service area to determine whether coverage has improved 90 days before contracted performance period ends. If it is determined that service coverage by an EMSP-contracted provider has become adequate, associated service lines must be transitioned to the required EMSP-contracted provider.
        6. If the alternative mobile service provider is still required, a new waiver request must be submitted to continue service for another year.
      3. Requesting Mobile Services and Devices. The IHS mobile service and devices will only be issued to users who demonstrate a valid business need in order to perform official IHS business.
        1. Request Submission.  IHS users requiring agency-issued mobile services or devices must submit a request through the IHS IT Self Service Portal.  The user must acknowledge and accept the “Mobile Device Justification and User Agreement,” within the IHS IT Self Service Portal in order to receive IHS-issued mobile service or devices.
        2. Request Approval.  The user's first-line supervisor will indicate approval or disapproval of all user requests related to mobile services and devices.  In the case of contractors, the first-line supervisor is the Contracting Officer's Representative (COR).  In addition, second-line supervisory approval is required when a request involves a change in cost.  In the case of contractors, the second-line supervisor is the COR’s supervisor.

          If a supervisor disapproves the request, they will include an explanation for disapproval.

        3. Request Processing.  Upon approval of a user’s Agency-issued mobile service or device request, the EMSP Team will execute the following:
          1. Process the requests with the service provider:
            1. Order new service
            2. Order accessories
            3. Replace equipment
            4. Fix malfunctioning iPhones
            5. Modify user details or services
            6. Cancel or suspend service
          2. Confirm that the user has received all requested services and equipment.
      4. Payment for Mobile Services and Devices.  EMSP staff coordinates the contracted service with the provider when a new service or device is ordered.  The provider delivers monthly invoices for services and equipment purchases, which EMSP pays.  Each October, the Office of Information Technology (OIT) prepares the OIT Annual Chargebacks notice to Headquarters and Area Offices.  For mobile service charges, OIT generates a fiscal year cost estimate based on current users as of October 1st.  Each annual chargeback notice will include any necessary true-up adjustments for service disconnects or new services added during the previous fiscal year.  The ServiceNow request forms used to request mobile services and devices require the Common Accounting Number (CAN) that will be used to pay chargeback amounts owed.  The requestor’s budget staff ensures their operating plans account for mobile service annual charges.
        1. The IHS EMSP SharePoint site, dashboard, or currently designated system, lists charges and usage reports for each service line and associated CANs.
        2. The IHS EMSP will create an “EMSP Quarterly Unused or Under-utilized Services” report and publish it on the established EMSP dashboard.  The Area Directors or their designees are responsible for reviewing the report and taking appropriate action to eliminate all unused or under-utilized devices unless a valid business justification exists to keep those devices in service.
        3. Area and Office invoice payments must be made from the first year of two-year Hospitals & Clinics (H&C) funds or Direct Operations (DO) funds. If H&C or DO funds are unavailable, special arrangements must be made before the OIT Annual Chargeback billing cycle that occurs each October.  Failure to pay chargeback invoices promptly will result in service suspension or termination.
      5. Rules for the Use of Agency-Issued Devices.
        1. Rules of Usage.
          1. Agency-authorized service plans are required for all IHS-issued mobile devices.
          2. Agency-paid service plans cannot be assigned to a user’s personal mobile device.
          3. Smartphones and tablets must be protected with a screen protector and a protective case to prevent or mitigate damage if dropped.
          4. Users must take all reasonable and appropriate precautions against loss, damage, theft, or unauthorized use of mobile devices, including placing devices in secured locations or out of plain sight when not in use. Devices must not be left in direct sunlight or inside closed vehicles during summer to avoid battery damage
          5. Users will prevent unauthorized use by other Federal, non-IHS, and contractor staff, including friends and relatives.
          6. Users of Agency-issued mobile devices are bound by the terms and conditions of the Indian Health Manual (IHM), Part 8, Chapter 6, “Limited Personal Use of Information Technology Resources,” and the IHS Rules of Behavior.  Personal use of devices for communication or data access is allowed occasionally and incidentally unless prohibited in writing.
          7. There will be no excessive personal use of data streaming services, such as video, gaming, or music streaming websites or applications. The limits of personal use are provided in the IHM, Part 8, Chapter 6, “Limited Personal Use of Information Technology Resources.”
          8. Playing games, gambling, watching movies; participating in chat rooms, auctions, or social media; and any other personal or nonproductive uses are strictly prohibited, except as permitted by IHS policy.
          9. Agency-issued mobile device users may download only approved apps.  Approved apps can be found on the OIT Approved Hardware and Software SharePoint site and in the IBM App Catalog loaded on all iOS and iPadOS devices enrolled in the IHS Mobile Device Management (MDM) system.  Approval for use of apps not on the approved list can be requested by emailing itsupport@ihs.gov.
          10. Agency-issued mobile devices may not be brought or used outside the United States.  See Memorandum - Use of Government Furnished Equipment (GFE) During Foreign Travel, February 10, 2021, as amended.  If the link cannot be accessed, please contact IHSmobileservices@ihs.gov for a copy of the memorandum.
          11. iOS devices purchased outside the EMSP contract must be reset and provisioned in the MDM to become “supervised” devices.
          12. There shall be no expectation of privacy when using Agency-issued devices for any service, including email, voicemail, phone calls, instant messaging, multi-media messaging, or web browsing.  Logs, data, and other files created using an Agency-issued mobile device are neither private nor confidential.
          13. Failure to pay the chargeback invoices promptly will result in EMSP disconnecting your service lines.
          14. Over-utilized, under-utilized, or unused mobile services will be reviewed quarterly by the Area Directors or their designees to determine if service lines can be suspended or disconnected, and they are responsible for notifying the EMSP program of any service updates.
          15. Extra services not typically authorized by the IHS may incur additional costs to the Agency.  Such additional services require express authorization from the first-line and second-line supervisor via the established IHS mobile device request processing system in the IHS IT Self Service Portal.
        2. Security.
          1. Personally owned mobile devices may not connect to the IHS network or systems but may connect, with management approval, to the site’s guest wireless network if available
          2. In the event an Agency-issued mobile device is lost, stolen, damaged, or destroyed, users must perform the following steps within 30 minutes of initial discovery:
            1. Fill out the online form in the IHS Division of Information Security (DIS) Ticketing System (https://hqabqdispswhd01.d1.na.ihs.gov/helpdesk/WebObjects/Helpdesk.woa). Keep the confirmation email delivered as a result of submitting the form.
            2. If unable to submit through the DIS Ticketing System, email the incident details to IHSIRTIncident@ihs.gov.
            3. If unable to submit through the DIS Ticketing System and unable to email, call the IHS IT Service Desk at1-888-830-7280.  If it is outside of business hours, including weekends and holidays, call the Network Operations and Support Center (NOSC) at 855-447-6672
            4. If the DIS ticketing system, email, and phone options are not available, use the paper Incident Reporting Form, IHS Form 07-02b.  If the link cannot be accessed, please contact IHSIRTIncident@ihs.gov for a copy of the form.
            5. For further information regarding incident reporting, please refer to the IHS DIS, “Standard Operating Procedure (SOP) for Incident Reporting,” SOP-DIS-09-02, dated January 2023, as amended.  If the link cannot be accessed, please contact IHSCybersecurity@ihs.gov for a copy of the SOP.
            6. In addition, the authorized user will immediately notify the IHS Information System Security Officer (ISSO), or the Area ISSO should the incident occur in an Area Office or facility.  The IHS or Area ISSO will immediately notify EMSP staff, who will coordinate with MDM staff to ensure a data wipe command is sent to the device prior to service suspension.
              1. Toll-free number is (888) 830-7280
              2. IHS IT Service Desk email address: ITSupport@ihs.gov
            7. If the IHS or the Area ISSO is unavailable, the user will immediately notify the IHS IT Service Desk:
              1. Toll-free number is (888) 830-7280
              2. IHS IT Service Desk email address: ITSupport@ihs.gov
            8. Users must notify both the first- and second-line supervisors in writing, explaining the circumstances surrounding the incident.
          3. The supervisor (or person with the most knowledge regarding the circumstances) is responsible for initiating Form HHS-342, "Report of Survey" (IHM Part 5, Chapter 12, Exhibit 5-12-I) and submitting the form to the user’s respective Property Management Officer for processing.  The form must be submitted within three business days after the user reports the incident.  If the link cannot be accessed, please contact IHSmobileservices@ihs.gov for a copy of the form.
          4. Mobile devices are not approved for handling sensitive information unless properly encrypted.  Users must exercise discretion when using mobile devices and refrain from storing or processing sensitive information unless approved in writing by the IHS CIO.  Specific guidance for approving the use of mobile devices for storing and processing sensitive information can be found in the DIS SOP for General User Security Handbook, SOP-DIS-06-11a.  If the link cannot be accessed, please contact IHSCybersecurity@ihs.gov for a copy of the Handbook.
          5. Every Agency-issued mobile device must be configured to automatically lock out after being inactive for no more than five minutes and utilize a user-defined password to unlock the device.  Mobile devices must be configured in accordance with applicable security guidance found in IHM, Part 8, Chapter 12, “Information Technology Security.”  Users may not “jailbreak” devices or change configurations that are required by IHS security policy and procedure.
          6. All deployed MDM-enrolled mobile devices will be enabled for remote erase.
          7. Devices no longer supported by the vendor and cannot receive security updates must be disconnected from service immediately and discontinued from use.  Device replacement, as necessary, must be coordinated as described in EMSP standard operating procedures.
          8. Use of mobile devices must be tracked, and IHS-provided devices must be turned in at the employee’s departure or end of need.
          9. Before transferring or disposing of the mobile device, procedures for properly removing data from the mobile device must be followed (see IHS SOP DIS-SOP-16-04, “Data Destruction and Media Sanitization.”)  If the link cannot be accessed, please contact IHSCybersecurity@ihs.gov for a copy of the SOP.
          10. The device can then be transferred to IHS property staff, who will implement approved IHS procedures for reuse or disposal contained in the IHM, Part 5, Chapter 12, ”Personal Property Management.”
        3. Abuse.
          1. Suspected misuse of an Agency-issued mobile device must be reported via email to the IHS Cybersecurity Incident Response Team at:  IHSIRTIncident@ihs.gov.
          2. Users may be subject to disciplinary action for abuse or misuse of Agency-issued mobile device equipment as outlined in the IHS Rules of Behavior (ROB) for the use of IT resources.  If the link cannot be accessed, please contact IHSCybersecurity@ihs.gov for a copy of the ROB.
          3. Supervisors can obtain call and data usage logs by submitting a User Data Request Form to IHSUserDataRequest@ihs.gov.  Once the request is approved, the request will be sent to the EMSP Team for the fulfillment of the data requested.  The User Data Request Form can be found at User Data Request Form (ihs.gov).  If the link cannot be accessed, please contact IHSMobileServices@ihs.gov for a copy of the form.

8-17.4  RESPONSIBILITIES.

      1. Director, Division of Program Management and Budget.  The Director, DPMB, establishes and oversees the management of the IHS EMSP.  The Director, DPMB, is responsible for assuring enterprise mobile service requirements are implemented and compliant with Federal category management performance mandates.
      2. Enterprise Mobile Services Program Manager.  The EMSP Manager is the COR supporting the EMSP wireless service contracts.  The EMSP Manager is the project manager for all EMSP projects and coordinates EMSP staff and services.
      3. Enterprise Mobile Services Program Staff.  Designated EMSP staff are responsible for:
        1. Creating, maintaining, and managing Enterprise-level mobile service contracts.
        2. Ordering, purchasing, and determining the most cost-effective voice and data plans for Agency-issued mobile devices.  Mobile devices may only be issued to IHS staff for the purpose of conducting official IHS business activities.
        3. Maintaining all mobile service data for use in the chargeback process, reporting, and dashboarding activities.
        4. Maintaining a device inventory for operational purposes and coordinating with the IHS Division of Asset Management, HQ, for the management of physical inventory or accountable property processing.
        5. Providing Area quarterly service and device inventory reports, and chargeback supporting documentation and associated reports.
        6. Providing monthly service utilization data to the EMSP Dashboard for the express purpose of managing zero, over, or under usage of mobile services.
        7. Managing mobile service accounts and administering and processing user account data such as name, email, CAN, and duty station information.
        8. Maintaining the terms and conditions of use for all mobile device services and ensuring end-user agreement to these terms prior to enabling the mobile service.
        9. Processing reimbursable charges.
        10. Ensuring mobile devices ordered conform to all IHS and HHS guidance requirements.
        11. Ensuring mobile devices are properly configured to conform to IHS and HHS guidance regarding device version and operating system.
        12. Notifying end users of the required mobile device refresh cycle and ensuring devices that are no longer supported by the manufacturer are removed from IHS mobile service accounts.
        13. Making changes in the service provider’s portal as requested, such as:
          1. Device reassignments
          2. Phone number changes
          3. Service and feature changes
          4. Personal Identification Number (PIN) resets for voicemail
          5. End-user data field changes
          6. Suspending or disconnecting service lines
      4. Device User.  Device users are responsible for:
        1. Maintaining a copy of the HHS 439, “Personal Custody Property Record/Hand Receipt,” provided at the time of device issuance as directed in IHM, Part 5, Chapter 12, ”Personal Property Management.”
        2. Taking precautions to protect the device from damage, theft, or loss.
        3. Using IHS-provided mobile service and devices only for official IHS duties or under the provisions for Limited Incidental Personal Use and in alignment with the policy and procedures of this chapter.  Limited Incidental Personal Use is permitted under Section 8-17.4, E., “Rules for Use of Agency-Issued Devices,” above.
        4. Cooperate with IT support and/or EMSP staff to resolve cellular connectivity issues, test local service, reset voicemail PINs, and troubleshoot other problems.
        5. Ensuring a request is submitted and approved by their supervisor(s) for any changes needed for their mobile service line or device.
        6. Following all steps to prepare a mobile device for turn-in.  Steps for iPhones/iPads include removing “Find My”, Apple ID, factory resetting the device, removing SIM (electronic and/or physical), and providing details of the change to MaaS360 administrators, the EMSP team, and property staff.  Other mobile devices need to be factory reset, have the SIM removed, and contact made with the EMSP team and property staff.
      5. First Level Supervisor.  First Level Supervisors are responsible for:
        1. Recommending and approving the issuance of a mobile device to a user with a demonstrated business need.
        2. Ensuring staff adheres to the terms of the user agreement and reporting suspected misuse of mobile service or devices.
        3. Managing direct employees’ mobile service usage for zero, over, or underutilization.
        4. Reviewing reports and data to identify zero, over, or underutilized services and submitting the appropriate corrective action request to IHSMobileServices@ihs.gov.  The data provided by the EMSP includes.
          1. Monthly usage reports
          2. Monthly utilization data on the ESMP dashboard
          3. Chargeback data
        5. Notifying Headquarters (HQ) EMSP, local IT, and Property staff of the following changes:
          1. Device reassignments
          2. CAN changes
          3. Phone number changes
          4. Service and feature changes
        6. Notifying HQ EMSP, local IT, and Property staff of service-line disconnections, suspensions, or transfers when the mobile device user leaves or transfers to a different location.
        7. Notifying HQ EMSP when the suspension of service needs to be extended beyond the original suspension period or the removal of a suspension.
        8. Ensuring that direct reports adhere to the required mobile device refresh cycles.
        9. Ensuring an employee turning in a mobile device has followed all the turn-in steps applicable to their device.
        10. If multiple staff members are using a mobile device, it must be assigned to their supervisor.
        11. If the mobile device is used in a continuity of operations plan (COOP), the device must be activated monthly to show text, data, or voice usage above zero.
        12. Notifying the EMSP team that a service line needs to be disconnected or suspended.
      6. Second Level Supervisor.  Second Level Supervisors are responsible for:
        1. Approving funding for mobile services and devices for their staff.
        2. Reporting suspected misuse of mobile service or devices.
      7. Property Management Officer/Asset Center Representative.  The HQ and Area Property Management Officers or Asset Center Representatives are responsible for: 
        1. Receiving, processing, and maintaining the HHS-439 form, “Personal Custody Property Record/Hand Receipt,” and HHS-22 form, “Request for Property Action,” for all Agency-issued mobile devices.
        2. Conducting security investigations when an Agency-issued mobile device is lost or stolen.
        3. Verifying that local IT staff have completed the following when mobile devices are exchanged between users.
          1. The device has been reset back to the factory settings;
          2. Apple ID and PIN have been removed from the device; and
          3. All data has been wiped from the device.
        4. Verifying that local IT staff have completed the following when mobile devices are turned in for surplus processing:
          1. The device has been reset back to the factory settings;
          2. Apple ID and PIN have been removed from the device;
          3. All data has been wiped from the device;
          4. If there is a physical SIM, ensure that the SIM has been removed; and;
          5. MaaS360 Administrators have been notified to remove the device from the MDM.
      8. Headquarters Division of Asset Management.  The HQ Division of Asset Management is responsible for:
        1. Providing a quarterly list of all mobile devices surplussed by each HQ Office and each Area to the EMSP Team at IHSMobileServices@ihs.gov.
        2. Performing a quarterly crosswalk analysis of the devices against their inventory database to flag anomalies and provide a report to the EMSP Team of the findings.
      9. Headquarters Offices, Areas, and Local IT Staff.  Local IT staff function as Tier 1 support for mobile device users, interfacing directly with local staff to troubleshoot issues before escalating to the Area MDM or HQ EMSP personnel.  All designated Headquarters, Area, and local IT staff are responsible for:
        1. Troubleshooting mobile device technical issues.
        2. Notifying Area MDM staff of MDM profile-related issues.
        3. Notifying HQ EMSP staff of technical issues stemming from cellular service.
        4. Assisting employees with a factory reset, including PIN and Apple ID removal, on mobile devices when they are turned in or exchanged between users.
      10. Area Mobile Device Management Administrators and Headquarters Messaging Team.  Area MDM administrators provide Tier 2 support for mobile device users, and escalate to Tier 3 support, the OIT Messaging Services Team (MST), as needed to resolve user issues.
        1. Area MDM administrators with the IHS IT Service Desk can provide the following support functions for any IHS device user:
          1. Provisioning new user accounts on the IHS MDM system.
          2. Assisting users with device enrollment on the IHS MDM system.
          3. Providing basic device administration from the MDM portal, such as locking, unlocking, and restarting devices.
          4. Remotely wiping lost or stolen devices from the MDM portal.
          5. Removing stale or unused devices from the MDM server.
          6. Escalating enrollment or other device issues to Tier 3 Support.
        2. Support requests are escalated to Tier 3, the OIT MST, for the following actions:
          1. Performing maintenance and upgrades on the IHS MDM system.
          2. Troubleshooting and resolving IHS MDM system problems.
          3. Testing and implementing new security policies, configurations, and features on the IHS MDM system.
          4. Providing training on the use and administration of the IHS MDM system.
          5. Escalating problems with the IHS MDM system to the vendor when needed.
          6. Assisting users with configuring Telehealth iPads for multiple users.
          7. Ensuring all iOS devices purchased outside of the EMSP contract are added to the IHS Apple Business Manager (ABM) account by contacting EMSP prior to the acquisition of the devices to obtain specific instructions.