Includes specific metric definition for SLA and a Balanced Scorecard
Bring Your Own Device Policy updated to to meet Disaster Recovery, Business Continuity and Corporate Intellectual Property Requirements
BYOD Policy Template Includes two (2) electronic forms 1) BYOD Access and Use Agreement and 2) Mobile Device Security and Compliance Checklist
BYOD include consumer SmartPhones and tablets which are making their way into your organization. Going mobile makes employees happier and more productive, but it’s also risky. How can you say ‘yes’ to a BYOD choice and still safeguard your corporate data, shield your network from mobile threats, and maintain policy compliance?
With the advent of Bring-Your-Own-Device - BYOD and the ever increasing mandated requirements for record retention and security, CIOs are challenged to manage in a complex and changing environment.
If your enterprise does not have a BYOD policy, then two types of things are happening:
- BYOD blocked and your company is losing productivity associated with an employee making use of a BYOD or your company is paying for each employees access device.
- BYOD are already accessing your corporate network, with or without your knowledge, and you are not doing anything to ensure that this is being done securely and is not in compliance with mandated federal, state, local, and industry requirements.
BYOD Policy Template meets all mandated compliance requirements
Janco, in concert with a number of world class enterprises had created a BYOD Policy Template that addresses these issues and provides solutions for the following questions:
- What are the legal implication of BYOD - What is the impact of the Stored Communication Act - Record Retention and Destruction?
- What happens to the data and audit trail on a BYOD when an employee leaves the company?
- What about a lost or stolen BYOD?
- How is the BYOD configured to receive and transmit corporate data?
- What kind of passwords are acceptable to use on a BYOD?
- What kind of encryption standards are acceptable for BYOD?
- What types of BYOD are allowed and what types are not?
- What about jail broken, rooted or compromised BYOD?
The purpose of the BYOD Policy Template is to define standards, procedures, and restrictions for end users who have specific and authorized business requirements to access enterprise data from a BYOD connected via a wireless or unmanaged network outside of ENTERPRISE’s direct control. This applies to, but is not limited to, all BYOD and media that fit the following device classifications:
- Laptop/notebook/tablet computers
- Ultra-mobile PCs (UMPC)
- Mobile/cellular phones
- Home or personal computers used to access enterprise resources
- Any mobile device capable of storing corporate data and connecting to an unmanaged network
The BYOD Policy applies to any BYOD, hardware and related software, that could be used to access enterprise resources when the equipment is not approved, owned, or supplied by ENTERPRISE.
Bring-Your-Own-Device - BYOD usage increasing
A growing number of enterprise employees using BYOD - ranging from ad hoc work from home due to temporary family situations to full-time tele-work/home work arrangements. In fact, a recent survey found that 23% of enterprises (companies with 1,000 or more employees) responded that a significant portion of employees spend 20% or more of their working time working away from the office.
- More enterprises support regular telecommuting. On average, 17% of employees at North American enterprises report having employees who spend at least 20% of their work time away from their normal work desk or work from home. This compares with an average of 14% of employees at the European enterprises.
- European employers are more conservative than others about use of BYOD.
- Size doesn't play a big role in an enterprise's decision to support BYOD. At companies with between 1,000 and 4,999 employees surveyed, an average of 16% of employees telecommuter one or more days per week, compared with an average of 14% of employees at firms with between 5,000 and 19,999 employees, and an average of 18% of those working for organizations with 20,000 or more employees.
- Firms with regular telecommuters have even more frequent travelers.
BYOD Policy Template - It is 14 pages in length. It contains everything that an enterprise needs to implement a functioning and compliant mobile device and use process. Included are forms defining the mobile device environment.
BYOD Policy Template Elements of Security
As the traditional enterprise boundaries begin to fade, it is paramount that BYOD and the sensitive information they contain be managed and protected. As a result, security perimeters must also expand beyond the internal network to these numerous critical endpoints.
BYOD Policy Template Management
Management within organizations becomes more complex and important as both the number of BYOD and the amount of sensitive data stored on the BYOD increases. A lost or stolen BYOD may compromise the critical data stored on it, unless there are processes and tools in place to protect it.
BYOD Policy Template Asset Discovery and Inventory
The first step in securing your mobile organization network is the identification of the current inventory of BYOD and OS clients that exist within your infrastructure. Next, you must integrate the BYOD that have been identified in this process into your existing asset inventory database. Consider the following as you develop or update your BYOD asset inventory:
- How will you identify the BYOD assets?
- What are the related assets to this mobile device, for example, additional memory cards?
- How do you identify the asset owner and the business purpose of each device?
See also Mobile Device Security
Other Individual Policies
All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in MS WORD format for those clients who just need this particular policy. All policies are Sarbanes-Oxley, HIPAA, PCI-DSS, and ISO compliant.
The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically -- a total solution.
We have just completed a major update of most of the individual polices and almost all of the electronic forms.
- CIO IT Infrastructure Policy Bundle (All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable)
- Backup and Backup Retention Policy
- Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
- BYOD Policy Template (Includes electronic BYOD Access and Use Agreement Form)
- Google Glass Policy (Includes Google Glass Access and Use Agreement Form)
- Incident Communication Plan Policy (Updated to include social networks as a communication path)
- Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy(Includes 5 electronic forms to aid in the quick deployment of this policy)
- Mobile Device Access and Use Policy
- Patch Management Policy
- Outsourcing and Cloud Based File Sharing Policy
- Physical and Virtual Server Security Policy
- Record Management, Retention, and Destruction Policy
- Sensitive Information Policy(HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
- Service Level Agreement (SLA) Policy Template with Metrics
- Social Networking Policy(includes electronic form)
- Telecommuting Policy(includes 3 electronic forms to effectively manage work at home staff)
- Text Messaging Sensitive and Confidential Information (includes electronic form)
- Travel, Electronic Meeting, and Off-Site Meeting Policy
- Wearable Device Policy
- IT Infrastructure Electronic Forms