Sample BYOD User Policy
BYOD is short for Bring Your Own Device and refers to personally owned devices used in the workplace. Having a BYOD Policy in place allows an employee to use personal devices at work while protecting the interests of the business. A BYOD Policy accomplishes this by clearly stating the personal-business relationship of the device and what is expected of the user and the business in this relationship.
The following policy has been adapted from an article written by Sandra Gittlen for Network World titled, A sampling of BYOD user policies. You'll want to replace FORGET COMPUTERS with your company name and make additional edits to fit your environment.
Of course, here at Forget Computers we use Robot Cloud to manage our company-owned and BYOD devices. Please contact us if you would like to most efficiently manage and secure your Mac and iOS devices!
Forget Computers Personal Device Policy
The use of a personal device (smartphone, notebook, iPad, etc.) in connection with the FORGET COMPUTERS business and technology infrastructure is a privilege granted to employees through approval of their management. FORGET COMPUTERS reserves the right to revoke these privileges in the event that users do not abide by the policies and procedures set forth below.
The following policies are aimed to protect the integrity of FORGET COMPUTERS data and ensure it remains safe and secure under FORGET COMPUTERS control.
- Your device will lock your account after 10 failed login attempts.
- Your device will lock every 30 minutes requiring reentry of your password.
- Your device will include password rotation every 90 days.
- The password must be a minimum of six characters.
- The password must contain at least one letter or number (except on devices that cannot accept alphanumeric passwords).
- The password must not be one of your previous four passwords.
- Your device will be remote wiped if:
(i) you lose the device;
(ii) you terminate employment with FORGET COMPUTERS;
(iii) IT detects a data or policy breach or virus;
(iv) if you incorrectly type your password 10 consecutive times.
- Your device may allow for only the remote wipe of FORGET COMPUTERS data. This means your personal data is still vulnerable, and thus it is recommended you also set a device password and take additional security precautions.
In addition to the above security settings, all users are expected to use their device in an ethical manner. Using your device in ways not designed or intended by the manufacturer is not allowed. This includes, but is not limited to, "jailbreaking" your iPhone.
A personal device can be connected to the FORGET COMPUTERS infrastructure, but the user is personally liable for the device and any carrier service costs. Users of personal devices are not eligible for expense reimbursement for hardware or carrier services. Users of personal devices must agree to all terms and conditions in this policy to be allowed access to the FORGET COMPUTERS services.
Employees that purchase a device on their own that is not in line with our standard approved device list may not be allowed to have their devices added to the FORGET COMPUTERS business and technology infrastructure. It is highly recommended that the employee refer to the standard approved device list to review the devices that are being supported by IT. Users of personal devices are not permitted to connect to FORGET COMPUTERS infrastructure without documented consent from FORGET COMPUTERS IT. Furthermore, FORGET COMPUTERS and FORGET COMPUTERS IT reserve the right to disable or disconnect some or all services without prior notification.
Release of Liability and Disclaimer to Users of Personal Devices
FORGET COMPUTERS hereby acknowledges that the use of a personal device in connection with FORGET COMPUTERS business carries specific risks for which you, as the user, assume full liability. These risks include, but are not limited to, the partial or complete loss of data as a result of theft of the device, a crash of the OS, errors, bugs, viruses, and/or other software or hardware failures, or programming errors which could render a device inoperable.
FORGET COMPUTERS hereby disclaims liability for the loss of any such data and/or for service interruptions. FORGET COMPUTERS expressly reserves the right to wipe the entire device, or specifically managed applications, at any time as deemed necessary for purposes of protecting or maintaining the FORGET COMPUTERS service.
Furthermore, depending on the applicable data plan, the software may increase applicable rates. You are responsible for confirming any impact on rates as a result of the use of FORGET COMPUTERS supplied applications as you will not be reimbursed by FORGET COMPUTERS. Finally, FORGET COMPUTERS reserves the right, at its own discretion, to remove any FORGET COMPUTERS supplied applications from your device as a result of an actual or deemed violation of the FORGET COMPUTERS Device Policy.