Bring Your Own Device

BYOD Policy Template - Bring-Your-Own-Device


Bring Your Own Device Policy updated to to meet Disaster Recovery, Business Continuity and Corporate Intellectual Property Requirements


Bring Your Own Device Sample


BYOD Policy Template Includes an electronic form for employee agreement to the terms of access and use of enterprise data with a BYOD - Bring Your Own Device - that is owned by the user

BYOD include consumer SmartPhones and tablets which are making their way into your organization. Going mobile makes employees happier and more productive, but it’s also risky. How can you say ‘yes’ to a BYOD choice and still safeguard your corporate data, shield your network from mobile threats, and maintain policy compliance?

With the advent of Bring-Your-Own-Device - BYOD and the ever increasing mandated requirements for record retention and security, CIOs are challenged to manage in a complex and changing environment.

If your enterprise does not have a BYOD policy, then two types of things are happening:

  • BYOD blocked and your company is losing productivity associated with an employee making use of a BYOD or your company is paying for each employees access device.
  • BYOD are already accessing your corporate network, with or without your knowledge, and you are not doing anything to ensure that this is being done securely and is not in compliance with mandated federal, state, local, and industry requirements.

BYOD Policy Template meets all mandated compliance requirements

Janco, in concert with a number of world class enterprises had created a BYOD Policy Template that addresses these issues and provides solutions for the following questions:

  • What are the legal implication of BYOD - What is the impact of the Stored Communication Act - Record Retention and Destruction?
  • What happens to the data and audit trail on a BYOD when an employee leaves the company?
  • What about a lost or stolen BYOD?
  • How is the BYOD configured to receive and transmit corporate data?
  • What kind of passwords are acceptable to use on a BYOD?
  • What kind of encryption standards are acceptable for BYOD?
  • What types of BYOD are allowed and what types are not?
  • What about jail broken, rooted or compromised BYOD?

The purpose of the BYOD Policy Template is to define standards, procedures, and restrictions for end users who have specific and authorized business requirements to access enterprise data from a BYOD connected via a wireless or unmanaged network outside of ENTERPRISE’s direct control. This applies to, but is not limited to, all BYOD and media that fit the following device classifications:

  • SmartPhones
  • PDAs
  • USBs
  • Laptop/notebook/tablet computers
  • Ultra-mobile PCs (UMPC)
  • Mobile/cellular phones
  • Home or personal computers used to access enterprise resources
  • Any mobile device capable of storing corporate data and connecting to an unmanaged network

The BYOD Policy applies to any BYOD, hardware and related software, that could be used to access enterprise resources when the equipment is not approved, owned, or supplied by ENTERPRISE.

Bring-Your-Own-Device - BYOD usage increasing

A growing number of enterprise employees using BYOD - ranging from ad hoc work from home due to temporary family situations to full-time tele-work/home work arrangements. In fact, a recent survey found that 23% of enterprises (companies with 1,000 or more employees) responded that a significant portion of employees spend 20% or more of their working time working away from the office.

  • More enterprises support regular telecommuting. On average, 17% of employees at North American enterprises report having employees who spend at least 20% of their work time away from their normal work desk or work from home. This compares with an average of 14% of employees at the European enterprises.
  • European employers are more conservative than others about use of BYOD.
  • Size doesn't play a big role in an enterprise's decision to support BYOD. At companies with between 1,000 and 4,999 employees surveyed, an average of 16% of employees telecommuter one or more days per week, compared with an average of 14% of employees at firms with between 5,000 and 19,999 employees, and an average of 18% of those working for organizations with 20,000 or more employees.
  • Firms with regular telecommuters have even more frequent travelers.

BYOD Policy Template - It is 14 pages in length. It contains everything that an enterprise needs to implement a functioning and compliant mobile device and use process. Included are forms defining the mobile device environment.

Bring Your Own Device Sample

 

BYOD Policy Template Elements of Security

As the traditional enterprise boundaries begin to fade, it is paramount that BYOD and the sensitive information they contain be managed and protected. As a result, security perimeters must also expand beyond the internal network to these numerous critical endpoints.

BYOD Policy Template Management

Management within organizations becomes more complex and important as both the number of BYOD and the amount of sensitive data stored on the BYOD increases. A lost or stolen BYOD may compromise the critical data stored on it, unless there are processes and tools in place to protect it.

BYOD Policy Template Asset Discovery and Inventory

The first step in securing your mobile organization network is the identification of the current inventory of BYOD and OS clients that exist within your infrastructure. Next, you must integrate the BYOD that have been identified in this process into your existing asset inventory database. Consider the following as you develop or update your BYOD asset inventory:

  • How will you identify the BYOD assets?
  • What are the related assets to this mobile device, for example, additional memory cards?
  • How do you identify the asset owner and the business purpose of each device?

See also Mobile Device Security


Other Individual Policies

All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format (WORD 2003 and WORD 2007) for those clients who just need this particular policy. All policies are Sarbanes-Oxley, HIPAA, PCI-DSS, and ISO compliant.

The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically -- a total solution.