Apple or Droid? How About a BYOD Policy (Bring Your Own Device Policy Example)
August 09, 2012
Is Blackberry dead? Maybe, maybe not. But one thing is for sure - even the crustiest IT Manager is opening up the enterprise to devices other than the holstered Blackberry. Which means you've got an opportunity as a company - to move away from holding an inventory of old cell phone and smart devices, and instead move to a Bring Your Own Device (BYOD) Policy.
It's a good idea if you can swing it - and your IT function agrees. The security concerns seem to have gone down a great deal over the last couple of years.
Need an example policy? This one was shared by Capitalist reader and CFO rockstar Scott Stone - follow him on twitter here and connect with him on LinkedIn here. I can vouch for the guy since I've served him as an HR pro in the past and worked for him as well - he gets HR, recruiting and talent (the soft side), but would put you into the wall in a pickup basketball game on game point if it meant he wins and stays on the court (results-oriented). I kid. A little bit.
When you think about it, isn't that what you want from your CFO? Here's his sample BYOD policy. Thank him yourself through the coordinates above.
BYOD Policy (Bring Your Own Device)
As a company, we place value on many principles which are designed to create an awesome working environment. While we have to implement policies to keep the house in order, we want those policies to, above all else, “make sense”. One of those which we feel best embodies this approach is our “BYOD” policy. Simply stated, it applies to your personal communications device and our expectations of how it’s used for business in the workplace.
Here are the key points:
--We expect each team member to provide their own device – you select it, you buy it, you pick the plan that makes the most sense for you. Your phone, your phone number, your provider of choice, your contract with the provider
--We strongly recommend a “Smartphone” of some type, to ensure you can receive emails or other critical communications on the device.
--Our Company will provide you access to your work email address on the device, including assisting you with the setup.
--If your device is a “Smartphone”, our company will reimburse you $75 per month to cover all work related communications on the device (email, text, voice, communications, etc). We expect you to select a plan which can accommodate your business and personal needs for voice and data
--If you select a PO Phone (plain ‘ol phone) which lacks the ability to receive and send emails, our company will reimburse you $15 per month for all work related communications
--We won’t provide a “company phone” to anyone, preferring to allow you to “BYOD”, and provide everyone maximum flexibility.
--If you ever choose to leave the company, take your phone, your number, and your existing agreement with a provider – no hassle, no number change, no problem.
There you have it, an example BYOD policy from a live CFO in the field. Thanks Scott!
The policy only addresses the cost of the phone. Which is what I would expect from a CFO. It does not address confidential information and security... What happens if a employee send an inappropriate text to another employee? How do you get access to that information in a investigation? It also does not address the wage and hour issues related to non-exempt employees.
Posted by: Rick Rossignol | August 09, 2012 at 01:31 PM
Hi Rick -
Here's what I would say. I think Scott has done nice job here of getting people 90% of the way there, and I think it's 95% there for anyone if you think about whether you already have policies in place to deal with IP, confidential information and time reporting for any type of work activity.
There's a trap related to creating multiple policy statements for the same area in a handbook. I'd simply list references at the bottom of this type of policy for related policies for all the areas you mentioned - they clearly will exist elsewhere about 99% of the time for companies with handbooks.
I wouldn't repeat IP, confidentiality and professional conduct policies again in this policy. Cite, perhaps. Repeat or paraphrase - no.
Thanks - KD
Posted by: KD | August 09, 2012 at 01:44 PM
Hey Rick - Scott here....gosh, you make "CFO" sound a little like a dirty word there. That notwithstanding, a couple of points I'd like to make:
- regarding the "inappropriate text" situation, I'm not seeing the issue. The employee (lets call him Lester), coud send an inappropriate text from his personal OR company provided phone to another employee's personal OR company provided phone. If he sends from his company device, I suppose its easier to discipline him. If he send from his personal device, what can you do? So rather than try to develop a policy around the what the bad guys might do, we are more focused on hiring the good guys and girls (please - no suggestions that this is a sexist comment,k?)
- as far as hourly workers are concerned, we are focusing this policy on folks who we reasonably expect to be able to reach pretty much anytime -i.e. "management". If we send an hourly associate home with a comm device, we pay them on call pay. Done.
Now, maybe after considering this, "CFO" doesn't sound so awful coming out.
Posted by: Scottstone9 | August 09, 2012 at 02:47 PM
Really like this approach. And, as always, hr, legal and that command & control managerare going to want to make it easy to firs people, and difficult to have common sense retention approaches to work policies. Of course you can investigate... The offending text will be in the complainants phone, with the offenders number attached. But if you have a "we hire grown-ups" and "no assholes" policy.... It generally sorts itself out.
Posted by: tlcolson | August 09, 2012 at 06:26 PM
This is a great start but I'm inclined to agree with Rick, it needs input from HR and the CIO.
HR needs to weigh in on privacy, appropriate usage and what happens when an employee is terminated. There's likely to be company information that needs to be removed.
The CIO and IT Security can provide input on password requirements, support, restricted software and approved devices and encryption.
All of my customers are at various stages of implementing a BYOD program. I believe a successful BYOD program for phones & tablets will lead the way to similar initiatives for laptops.
Posted by: JimLittlefield | August 10, 2012 at 07:42 AM
Agree that this policy needs some help from IT and HR. BYOD is about more than cost savings, it's also about more than just IT using MDM to still control devices, and it's even about more than allowing knowledge workers to use the tools they want. It's about the combination of all three for a forward-looking mobile strategy. Tools are already out there and still coming for many of the issues folks are worried about, Toggle for privacy, MDM for Data control and security.
http://networkingexchangeblog.att.com/small-business/from-my-cold-dead-hands-why-byod-will-become-a-must-for-knowledge-workers/
Posted by: Davidegger | September 28, 2012 at 02:39 PM