Issues associated with creating a BYOD policy that works
With the rapid advances in both SmartPhone and Tablet hardware, IT departments are challenged to create an operating environment that will support the needs of the ever increasing mobile user population and at the same time meet the enterprises compliance and security requirements.
A workable BYOD policy must address many factors including:
- Eligibility requirements both from a user and device perspective
- Device support limitations
- Employee risks and responsibilities
- Applications or data access limitations
- Processes for obtaining approval
- Reimbursement policy considerations
- For device purchase and/or replacement costs (e.g., no reimbursement, full, partial up to a limit, frequency of reimbursement, etc.)
- Limitations and limits (e.g., services, max amounts, etc.)
- Approved voice plans, unlimited data plans, roaming plans.
- Security considerations
- Limitations on device “jail breaking,” “rooting”, and making any other modifications to device hardware and/or OS software beyond routine installation of updates as directly provided by the applicable device maker or mobile operator.
- Process (and timing requirements) for reporting lost or stolen devices, changing to a new device and actions to be taken when an employee leaves the company.
- Password policy
- Wipe whole device and conditions under which this would occur (e.g., lost or stolen device, change to new device, move to new role, and departure from company).
- Company rights to wipe company data and applications and/ or the whole device (including personal data.
- Company liability limits for loss of personal applications or data, whether directly or indirectly resulting from the usage of company applications or data, and/or the wiping of such applications or data.
- User personal data and applications.
- Restrictions on the usage of cameras, browsers, Bluetooth, or other applications and services.
- Requirements for anti-malware tools (including specific vendors or versions as applicable), process and timing requirements for reporting any suspected instances of malware infection.
- Audit requirements
- Acceptable use considerations
- Whether devices enabled for enterprise applications and data access may be used or loaned to other users.
- With intranet access (e.g., mobile VPN client), the company's acceptable use guidelines.
- What support, if any, will be provided and: explicitly for which applications, services and scenarios; any “self-service” actions that users must take before requesting support; and process and/or tools for requesting support (e.g., submitting trouble ticket vs. calling).
- Reimbursement for support that is obtained outside of IT's control
All of these factors have been include in the BYOD Policy Template that Janco has created.
Infrastructure Policy Templates That Are Easily Implemented by CIOs
The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically -- a total solution.
We have just completed a major update of most of the individual polices and almost all of the electronic forms.
- CIO IT Infrastructure Policy Bundle (All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable)
- Backup and Backup Retention Policy
- Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
- BYOD Policy Template (Includes electronic BYOD Access and Use Agreement Form)
- Google Glass Policy (Includes Google Glass Access and Use Agreement Form)
- Incident Communication Plan Policy (Updated to include social networks as a communication path)
- Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy(Includes 5 electronic forms to aid in the quick deployment of this policy)
- Mobile Device Access and Use Policy
- Patch Management Policy
- Outsourcing and Cloud Based File Sharing Policy
- Physical and Virtual Server Security Policy
- Record Management, Retention, and Destruction Policy
- Safety Progam
- Sensitive Information Policy(HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
- Service Level Agreement (SLA) Policy Template with KPI Metrics
- Social Networking Policy(includes electronic form)
- Technology Acquisition Policy
- Telecommuting Policy(includes 6 electronic forms to effectively manage work at home staff)
- Text Messaging Sensitive and Confidential Information (includes electronic form)
- Travel, Electronic Meeting, and Off-Site Meeting Policy
- Wearable Device Policy
- IT Infrastructure Electronic Forms