Don’t Write Your BYOD Policy from Scratch – Check Out These Samples to Jumpstart Your Own Policy

Whether or not your organization allows employees to use their personally owned devices to access corporate resources, you need to have a written policy that covers the acceptable use of mobile devices. This policy should clearly communicate to all employees what is, and is not, acceptable use of their smartphones, tablets and other mobile devices as it pertains to access to the company’s networks, applications and/or data.

If someone handed me the assignment to write such a policy, I’m not sure I’d even know where to start. It’s not easy to develop a comprehensive corporate policy from scratch. So…don’t. In this case, it’s OK to copy from someone else.

There are several public resources that provide either templates or full sample policies that give you ideas of what to include in your own policy. The first sample comes from Wisegate, the social network for IT professionals. Wisegate has published a report that is a Fortune 1000 company’s actual BYOD policy. This report gives you an inside look at what another company is doing pertaining to mobile devices in the enterprise. Your company’s policy will differ, of course, but you get to see the span of topics this company felt compelled to cover.

A post by Will Kelly on the TechRepublic blog leads you to 4 BYOD policy templates that can serve as models for your own policy. This article also provides step-by-step instructions on how to create your policy and advice for ongoing management of the policy.

Your organization will have a unique BYOD policy tailored to your own needs, but in general, here are the kinds of things to include:

  • Acceptable use
  • User responsibilities / corporate IT responsibilities
  • Network access requirements
  • Types and brands of devices that are supported as well as those that are not supported
  • The company’s right to monitor the appropriate use of the devices and the user’s right to privacy
  • The policy regarding device reset and data deletion
  • Policy enforcement and the consequences of violation of the policy (up to and including termination)
  • Secure configurations and security controls
  • Application restrictions
  • And, perhaps most important, acceptable use and treatment of corporate data

What’s great about copying off a sample policy or template is that it helps you think of things you may not have thought to discuss with employees, such as why the policies are written as they are. For example, the policy in the Wisegate report explains why the company has chosen not to support devices that run the Android operating system—presumably to head off protests from employees who already bought an Android-based device.

One more thing that experts recommend about your BYOD policy: have workers read it and acknowledge it in writing, and do this at least once a year or more if you update the policy. This is especially important if you spell out the ramifications of violating the policy, such as potential termination for misuse of corporate resources. A signed statement proves that a worker acknowledged awareness of the policy, and this can help to head off any protests if you are forced to discipline an employee over policy violations.

Bookmark and Share
Linda Musthaler

About Linda Musthaler

Linda Musthaler is a principal analyst with Essential Solutions Corp. She is a 30-year veteran of the IT industry. Linda has been a regular contributor to Network World magazine for nearly two decades, writing a regular opinion column as well as in-depth feature stories. She currently writes the weekly electronic newsletter Network World IT Best Practices, which has more than 30,000 subscribers worldwide. Over the years, Linda has written for numerous business and IT industry journals. Through Network World she has published buyer’s guides which analyze the markets for various business technologies and assist buyers in identifying the issues and trends that affect their purchase decisions. Linda has worked many different aspects of the computing industry. She started as a computer programmer and has held positions in end user support, systems administration, network implementation, software sales, product evaluations, business requirements analysis, and product and event marketing.

Leave a Reply

Your email address will not be published. Required fields are marked *

*


nine + 8 =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>