A mobile device policy should address what devices are owned by the organization for staff use. Operating system (OS) designation and levels of support will align with the device provided. Devices brought into the workplace by staff, part of a BYOD initiative, must also be considered. Here's an overview of things to consider when crafting a mobile policy.
The policy will describe the devices owned by the organization and provided to staff members, etc. This is often done by aligning workers into groups and assigning each group a type of device. For example, supervisors may be eligible for an advanced tablet and smartphone, while other staff members might be assigned a more basic model of each.
Questions to consider:
- Who is eligible?
- Who has access based on job title, responsibilities, etc.?
- What degree of network access will be given?
- What are the types and kinds of devices supported (smartphone, tablet, aircard)
- What device-enabled capabilities should be allowed: text messaging, international calling, personal use?
- Will both domestic and international wireless plans be required?
- What about mobile data cost?
These are devices owned, paid for and furnished by workers, contractors, students, etc. Explain which devices and mobile OSs the organization will support. This is important because, depending on security requirements, decision-makers may have to limit the choices to those that, for example, support personal identification numbers (PINs), code locks, auto lockout, encryption and remote wipe.
This section of the policy also details level of access to mission-critical applications. For example:
- Data that staff can access on their devices
- Security requirements for worker-owned devices
- Level of support workers can expect from the IT department
- Whether only organizational software applications will be supported
- Management solutions used to secure and manage organizational data accessed in a BYOD environment
A policy might state that all devices can download approved software via a specified portal. However, additional software applications, desired by users, must be on an organization- approved list and be purchased by specific reputable sources. All other apps may require approval from the mobile policy board. The policy also may state that the organization won’t support user-added software.
Questions to consider:
- What type of apps can BYOD users use? Are all available?
- What degree of network access will BYOD devices be given?
- What BYOD devices and OS platforms will be supported?
- What applications should be deployed?
- How will applications be distributed and managed: downloaded from a site, desktop client or pushed out by IT?
- Where should apps be made available: in-house app store or a public online store such as iTunes or Google Play.
- How will secure apps be developed?
Download our Mobile Policy Checklist white paper for more information.