Policies and procedures on how to deal with increasing mobility are the nemesis of CIOs around the world. . .
The increasing use and dependency on IT is drastically changing the way companies improve employee productivity and keep in closer contact with its customers. Today most businesses provide laptops to employees. The challenge comes with SmartPhones and tablets while bringing additional benefits. Employees who are accustomed to using these tools in their personal life are requesting (or demanding) to use the same tools at the workplace.
In addition to the influx of mobile devices, companies are dealing with increasing numbers of employees who are working from non-traditional office locations. Whether employees are traveling, working from customer sites, or working from home, there is a growing need to access corporate data while outside the walls of an office and the firewalls of an IT department. Some questions are raised.
Where should the focus be for mobility computing implementation? Supporting employees involves device management, the connection of those devices, and applications that support collaboration. While connecting with customers involves less focus on devices and more focus on applications and a support structure that addresses customer needs.
- Policies defined the rules of the road for mobile computing yet only one in five organizations have them defined and implemented according to Janco Associates. This lows rate of definition is driven by smaller to mid-sized firms as almost half of all large firms have mobility policies defined. The mobility policy template addresses all of the areas related to mobility: mobile devices (including procedures for lost devices), mobile applications including consideration for approved applications for business use), and data in mobile environments (including policy for using public Wi-Fi networks).
- CIOs are looking into a wide range of devices. Most published data shows that the most capital expenditures are related to mobile devices - tablets (rising), laptops (declining), and SmartPhones (rising). A “post-laptop” era many not necessarily mean that laptops will disappear from the workplace. Rather SmartPhones and tablets can perform certain functions more efficiently than a laptop. Asides from communication, SmartPhones are mostly used for very light work, such as checking email or quick web browsing. Tablet users find a broader variety of applications, including note-taking and presentations. One implication is that CIOs will need to manage a suite of three devices for those workers who require flexibility in their computing options. Many CIOs are exploring mobile device management (MDM) tools, while others are adopting Bring Your Own Device (BYOD) policies by giving workers device stipends and transferring the liability and support away from the IT department.
- IT Help desks need to focus more of their resources handling mobile computing. Even though remote access is only available to one third of mobile workers and instant messaging is only available to one quarter, CIOs need to consider new technologies when providing support to workers who do not have ready access to in-person support options. Policies and performance metrics are a must.
- By definition, mobile devices are extending beyond corporate physical security controls and data on devices or transmitted over public Wi-Fi networks is at risk. Security is a key concern for CIOs as they begin to implement mobile device solutions. Over two thirds of all CIO, according to Janco Associates, Inc. , feel that security of mobile devices is the largest risk to deal with when building a mobility strategy.
- Lost or stolen device are the most common type of mobile security incident today. How many times have we heard in the media that an employee of a hardware vendor loses a device in a bar or cab before it is released? Add to this, unauthorized applications or malware targeted at mobile devices that do put corporate systems at risk.
Policies included in this bundle are:
- BYOD Policy
- Mobile Device Policy
- Record Management Retention and Destruction Policy
- Social Networking Policy
- Telecommuting Policy
- Travel and Off site Meeting Policy
- BONUS -- Chief Mobility Officer Job Description -- Just updated to reflect the latest technologies
Electronic Forms included are:
- BYOD Access and Use Agreement Form
- Company Asset Employee Control Log
- Enterprise Owned Equipment Form
- Mobile Device Access and Use Agreement Form
- Mobile Device Security and Compliance Checklist
- Safety Checklist - Working at Alternative Location
- Social Networking Policy Compliance Agreement Form
- Telecommuting Work Agreement
Full Job Descriptions for:
- Chief Mobility Officer
- Manager BYOD Support
- BYOD Support Supervisor
- BYOD Support Specialist
BYOD - Bring-Your-Own-Device Policy
If your enterprise does not have a Bring Your Own Device policy, then two types of things are happening - neither good:
- Personal devices are being blocked - your company is losing productivity associated with an employee making use of a mobile device or your company is paying for each employees access device. .
- Personal devices are already accessing your corporate network, with or without your knowledge, and you are not doing anything to ensure that this is being done securely and is not in compliance with manadated federal, state, local, and industry requirements.
Janco, in concert with a number of world class enterprises had created a policy address these issues and provides solutions for the following questions:
- What are the legal implication - What is the impact of the Stored Communication Act - Record Retention and Destruction?
- What happens to the data and audit trail when an employee leaves the company?
- What about lost or stolen devices?
- How is a device configured to receive and transmit corporate data?
- What kind of passwords are acceptable to use?
- What kind of encryption standards are acceptable?
- What types of devices are allowed and what types are not?
- What about jail broken, rooted or compromised devices?
Mobile Device Access and Use Policy
The purpose of this policy is to define standards, procedures, and restrictions for end users who have specific and authorized business requirements to access enterprise data from a mobile device connected via a wireless or unmanaged network outside of ENTERPRISE's direct control. This policy applies to, but is not limited to, all devices and media that fit the following device classifications:
- USB applications and data
- Laptop/notebook/tablet computers
- Ultra-mobile PCs (UMPC)
- Mobile/cellular phones
- Home or personal computers used to access enterprise resources
- Any mobile device capable of storing corporate data and connecting to an unmanaged network
The policy applies to any hardware and related software that could be used to access enterprise resources, even if the equipment is not approved, owned, or supplied by ENTERPRISE.
Mobile Device Access and Use Policy Template - This policy is 10 pages in length. It contains everything that an enterprise needs to implement a functioning and compliant mobile device and use process. Included are forms defining the mobile device environment.
Record Management, Retention, and Destruction Policy
There are many common myths about tape, disk, data protection and archiving, one, for example, being that archiving and long-term data retention are only for regulatory compliance purposes. The reality is that while regulatory compliance data, including Sarbanes-Oxley, ISO, financial or HIPAA medical, require long-term retention, many other common application data for almost every business, including those that do not fall under regulatory requirements, can benefit from - if not require - long–term data retention. The notion is to think beyond regulatory compliance. In other words, organizations of all sizes need and rely on information, both current and past.
Contains everything needed to implement a record management policy includng an Interview Checklist to use when you are implementing a records managment process
A record is essentially any material that contains information about your company's plans, results, policies or performance. In other words, anything about your company that can be represented with words or numbers can be considered a business record - and you are now expected to retain and manage every one of those records, for slementing or altering the policy.
Several years or even permanently depending on the nature of the information. The need to manage potentially millions of records each year creates many new challenges for your business, and especially for your IT managers who must come up with rock-solid solutions to securely store and manage all this data.
The Record Management, Retention, and Destruction policy is a detail template which can be utilized on day one to create a records management process. Included with the policy are forms for establishing the record management retention and destruction schedule and a full job description with responsibilities for the Manager Records Administration.
The areas included with this policy template are:
- Record retention requirements for SOX sections 103a, 302, 404, 409, 801a and 802.
- Record Management
- Compliance and Enforcement
- E-mail Retention and Compliance
- Job Description Manager Record Administrator
- 12 forms for Record Retention and Disposition Schedule
- Record Management Best Practices
You can download the Table of Contents and selected pages for this policy template.
Social Networking Policy
Social networking is going corporate. The popular technology used by millions of people to share ideas and photos on MySpace, Facebook, LinkedIn and others is catching on at companies to improve productivity and communication among workers. Private, internal social networks make sense as companies grapple with a slumping economy that has made travel cost-prohibitive even as workforces are spread out as never before.
With increased adoption of social networks among the public, organizations have begun setting up profiles within social networks as a means to further connect with their audiences. Organizations who have been most successful in these endeavors take time to survey the community, understand the values and rules of engagement. In short, they pay attention to the culture and identify what is accepted before they join. When they join, the organizations who have had success within social networks remember that this isn't a place for traditional public relations tactics but a place for engagement. These organizations don't always just talk about themselves, but they have real and human-toned conversations with real people.
The issue faced by enterprises of all sizes is ensuring that the right message is being communicated in a consistent manner. The first step in achieving this objective is to have a uniform social network policy.
Janco recommends that companies embrace social networking because:
- Social networking is going to happen - Workers increasingly have Internet access on their smart phones. By the year 2013, 43% of global mobile internet users (607.5 million people worldwide) will be accessing social networks from their mobile devices.
- Most employeess will use it wisely and for the benefit of the enterprise - Some CIOs fear that social networking would lead to "Networking" instead of doing their jobs. Employees with proper training and guidance will use this new "technology" in ways that will enhance the enterprise's products ans services.
- Social networks actually can make workers more productive - Three out of four of the 895 experts interviewed for the recent Pew Internet report The Future of the Internet IV, said that use of the Internet enhances and augments human intelligence, and two-thirds said use of the Internet has improved reading, writing, and rendering of knowledge.
- Great ideas are gems that are ready to be found on social networks - Great ideas can come from any level of a company. Using social networks internally (wikis, blogs, forums, even IM) fosters collaboration, and allows workers at all levels to contribute ideas.
- Employees are trustworthy - Managers worry that employees will leak confidential information, or speak poorly of the company. but with the proper training and procedures in place this is a non-issue.
The Social Networking Policy Template is the right tool for this task. With it you can successfully manage and control your employees' activity that are related to your enterprise.
Telecommuting is a popular alternative to making the drive in to work every day. If your users are asking about telecommuting to work, you may find that a telecommuting policy helps makes things clear to them.
With the rise of the Internet, and the increase in affordable bandwidth came a new type of worker, the telecommuter. Available technologies, in certain cases, have allowed some companies to offer the ability for certain employees to work from home instead of the office. This can be not only a benefit for the employee, but also for the company itself. As more and more employees clamor for the ability to telecommute, it is imperative for companies to have an in place a viable telecommuting policy.
Telecommuting Policy Template - This policy is over 20 pages in length. It contains everything that an enterprise needs to implement a functioning and compliant telecommuting process. Included are forms defining the working environment in addition to a check list to validate that the off site location complies with you safety requirements.
Travel and Off-Site Meeting Policy
Travel and Off-Site Meeting Policy - Protection of data and software is often is complicated by the fact that it can be accessed from remote locations. As individuals travel and attend off-site meetings with other employees, contractors, suppliers and customers data and software can be compromised. This policy is seven (7) page in length and covers:
- Laptop and PDA Security
- Wireless and Virtual Private Networks (VPN)
- Data and Application Security
- Public Shared Resources
- Minimizing attention
- Off-Site Meetings
- Remote Computing Best Practices
This policy has been updated to reflect the requirements of PCI-DSS, Sarbanes-Oxley, HIPAA, and ISO. The policy comes as both a WORD file and a PDF file utilizing a standard CSS style sheet.
CMO - Chief Mobility Officer Job Description
A Chief Mobility Officer is needed to direct the development and revisions to policies and procedures for the general operation of the mobility initiatives and its related activities. Some of the responsibilities included in the full job description of the CMO are:
- Gaining visibility into the compliance of remote devices
- Managing network security and sensitive information
- Defining OS platforms and devices to support
- Setting mobile policies
- Managing BYOD
- Resolving help desk incidents and problems
- Ensuring compliance and producing audit trails
- Supporting connectivity and Wi-Fi access
- Installing and updating software
- Approving applications available via the firm's application store
- Enforcing mobile policies
- Managing device security