A ‘Bring Your Own Device’ policy (BYOD Policy) is essentially a set of rules applicable to employees who want to use their personal devices for work purposes. No policy is a one-size-fits-all, so you should use this as a guideline only and determine what will work for your business.
Here are the five elements that are usually covered in a BYOD policy:
- Is it voluntary or mandatory for employees to use their own devices? This will depend on your type of business.
- Who must comply with this policy? Consider whether you want all or only some of your employees to do work on their personal devices. What about temporary employees?
- Which devices are supported? Generally, you should not allow employees to use jailbroken or rooted devices. You should list the minimum system requirements and configurations. It may be prudent to include an approval process. For example, an employee must first present their device to your IT department for approval before it may be linked to your network.
- List clear security requirements. Employees should follow the same security rules when using their own devices as when they use company infrastructure. If you have an acceptable use policy already, these rules will be listed there. Do you need to add anything for personal devices? For example, you may want to implement the capability to remotely wipe the employee’s device when they leave your employment or if the device is compromised (lost or stolen). Certain conduct should be prohibited such as sharing use of the device (e.g. an employee allowing their child to use it).
- You’ll need access to company data on the employee’s personal device. The employee should be made aware of the nature, extent and reasons for any monitoring or access to data on their personal devices. You should make it clear that they cannot expect complete privacy. It may be necessary to invest in software that would allow company data to be kept separate from an employee’s personal data so that your monitoring and access is limited and that the employee’s privacy is not violated.
In addition to having a BYOD policy, you may need to update affected procedures and guidelines to implement it.
Keep these in mind:
- Maintain a record of consents, you may need it later.
- Define permissible use. Provide guidelines regarding access to apps, cloud-based storage systems and wireless networks.
- Take other policies into account. The BYOD policy should cross-reference other applicable company policies.
- Provide training to your employees on the content of the policy and your security requirements.
- Update your exit procedure to include disconnecting the employee’s device from the company network, uninstalling company apps and software and wiping company data.
- Consider whether you want to reimburse employees for the use of their devices and review applicable legislation (think tax and employment laws).
If the thought of writing your own BYOD policy is overwhelming, we’re standing by to help you. Get in touch!
Please Share!
Categories
Recent Posts
Topics
access
AI
business continuity
business impact assessment
cats
change management
clarity
complaints
compliance
compliance management
compliance officer
complianoscopy
contracts
COVID-19
Data breaches
data privacy
data protection
Data protection act
Direct marketing
GDPR
General Data Protection Regulation
humour
Information governance
information regulator
legal design
legal drafting
marketing
marketing consent
personal data
personal information
plain language
plain legal language
policies
POPI
POPIA
Privacy
Privacy Law
Protection of Personal Information Act
risk
risk management
risk mitigation
science
security
Simon Sinek
UX