Policy Template for Bring Your Own Device (BYOD)

{{organization.name}} grants its employees the privilege of purchasing and using personal devices such as smartphones and tablets of their choice at work for their convenience. 

This document provides guidelines and acceptable practices for the use of personally-owned devices by {{organization.name}} employees to access {{organization.name}}’s resources.

This policy is for all staff using personally owned devices to store, access, carry, transmit, receive or use {{organization.name}}’s information or data, whether on an occasional or regular basis.

This policy is intended to protect the security and integrity of {{organization.name}}’s data and technology infrastructure. 

Limited exceptions to the policy may occur due to variations in devices and platforms. 

{{organization.name}} will respect the privacy of individuals’s personal device and will only request access to the device by technicians to implement security controls or to respond to legitimate discovery requests arising out of administrative, civil, or criminal proceedings. 

{{organization.name}} defines acceptable business use as activities that directly or indirectly support the business of {{organization.name}}. 

Employees are expected to follow {{organization.name}}’s acceptable use policy when using their devices to perform business activities. 

Texting or emailing while driving is not permitted. Only hands-free talking while driving is permitted. 

The following devices are supported: 

• macOS and iOS Devices

• Android devices

• Microsoft Windows 

• Rooted (Android) or jailbroken (iOS) devices are strictly forbidden from accessing the network. 

Connectivity issues are supported by IT; employees should contact the device manufacturer or their carrier for operating system or hardware-related issues.

Employees shall ensure that password/pin/biometric locks are enabled on their devices. 

Employees shall ensure that they are using the latest OS in their devices. 

Devices must be encrypted in line with {{organization.name}}’s compliance standards. 

{{organization.name}} differentiates between BYOD devices that require MDM and those that do not in the "BYOD Policy Supplement and Summary."  

While IT will take every precaution to prevent the employee’s personal data from being lost in the event it must remote wipe a device, it is the employee’s responsibility to take additional precautions, such as backing up email, contacts, etc. 

{{organization.name}} reserves the right to disconnect devices or disable services without notification. 

Lost or stolen devices must be reported to the IT within 24 hours. Employees are responsible for notifying their mobile carrier immediately upon loss of a device. 

The employee is expected to use his or her devices in an ethical manner at all times and adhere to the company’s acceptable use policy as outlined above. 

The employee is personally liable for all costs associated with his or her device. 

The employee assumes full liability for risks including, but not limited to, the partial or complete loss of {{organization.name}} and personal data due to an operating system crash, errors, bugs, viruses, malware, and/or other software or hardware failures, or programming errors that render the device unusable. 

{{organization.name}} reserves the right to take appropriate disciplinary action up to and including termination for noncompliance with this policy. 

{{organization.name}} retains the right to remotely wipe all data from a device in the event of employee termination, data or policy breach, in compliance with the Mobile Device Management Policy, where applicable.