You are an information system auditor of HDA Inc. HDA allows its employees to use personal mobile devices for work. You want to ensure information security of the device without compromising employee privacy. Which of the following is the most effective option?