Policy on portable IT and communications devices