Developing a Bring Your Own Device Policy

Just with most HR-related benefits, a BYOD program needs to have a policy to ensure all employees understand the parameters of the program.  Therefore, as you are in your planning process, you need to develop a comprehensive policy to ensure that you minimize the risk for your corporate assets and you maximize your employees’ ability to do their jobs effectively and efficiently.

Jonathan Hassell of CIO magazine wrote an article on the “7 Tips of Establishing a Successful BYOD Policy.”   The following is a brief summary of his seven tips:

  1. Specify What Devices are Permitted. Make sure you clearly state which devices you will support and what devices your company will continue to purchase for employee use.
  2. Establish a Stringent Security Policy for all Devices. Essentially, if employees want to use their devices for work-related activity they must comply with appropriate security requirements, such as the use of passwords on all devices.
  3. Define a Clear Service Policy for Devices under BYOD Criteria. Determine who is responsible for device issues or questions about use, and make sure that employees understand when they can go to the IT department with these issues and when they need to figure it out on their own by calling the retailers or vendors.
  4. Make it Clear Who Owns What Apps and Data. Hassell explains that this is important when a phone, for example, is lost or confirmed stolen and all the data needs to be wiped from it.  It contains both personal and company-related information.  A wipe will clear all the information.
  5. Decide what Apps will be Allowed or Banned. Some apps are known to pose security risks.  Make a list of applications that cannot be deployed on any device being used for work-related tasks.
  6. Integrate Your BYOD Play with Your Acceptable Use Policy. Most corporations wouldn’t allow employees to access adult-only websites, for example, on their company laptop or smartphone.  Determine whether you can make these same policies for employee-owned devices and how you’ll enforce it and integrate those restrictions in your Acceptable Use policy.
  7. Set Up an Employee Exit Strategy. When an employee leaves, you will not be able to confiscate a device that they own.  However, you will be able to remove access tokens, email access, data, and other applications and information.  Make sure you have a plan of action.

In addition to Hassell’s seven tips, another area to consider is eligibility.  In some organizations, a BYOD program is an earned benefit for employees.  If it is not open to everyone, make sure you clearly outline who is eligible and how you will deal with the personal devices of employees not eligible for the program.

Read Hassell’s complete article for more details on these valuable tips.

Share This