TABLE OF CONTENTS

PFP BYOD Policy

1. 0       Purpose

To describe the conditions under which our employees may use their own devices at work. This policy covers Smartphones phones.

2.0        Policy

A. This Bring Your Own Device (BYOD) policy provides the rules of behavior for the use of personally owned smart phones, by PFP. 

 

3.0        Expectation of Privacy

A. PFP will respect the privacy of your personal device and will only request access to the device to implement security controls or to respond to legitimate discovery requests arising out of administrative, civil, or criminal proceedings. This differs from our corporate policy for company provided equipment and/or services, where employees do not have the right, nor should they have the expectation, of privacy while using company equipment and/or services.

 

The policy isn’t just about protecting corporate data - it includes a program to keep personal employee data away from others, including our IT team. Our MDM (Mobile Device Management) solution will be uploaded on your personal device to parse data and manage access to certain data and service, such as:

  1. Personal emails, contacts, and calendars
  2. Application data and text messages
  3. Call history and voicemails

Removal of this software or any changes to it will result in the loss of access to work-related that’s y I messaged we saw some weirdness systems permanently.

4.0  Acceptable Use

  1. Acceptable use defines standards, procedures, and restrictions for employees who are connecting a personally owned device to our organization’s network for business purposes. BYOD acceptable use applies to any hardware and related software that is not organizationally owned or supplied but could be used to access organizational resources. That is, devices that employees have acquired for personal use but also wish to use in our business environment.
  2. The overriding goal of this policy is to protect the integrity of employee data and business data that resides within our company’s technology infrastructure. This policy intends to prevent data from being deliberately or inadvertently stored insecurely on a device or carried over an insecure network where it could potentially be accessed by unsanctioned resources. A breach of this type could result in loss of information, damage to critical applications, loss of revenue, and damage to our company’s public image. Therefore, all employees using a personally owned device connected to our organizational network, and/or capable of backing up, storing, or otherwise accessing organizational data of any type, must adhere to our company-defined processes for doing so.

Devices may not be used at any time to:

  1. Store or transmit illicit materials
  2. Store or transmit proprietary information
  3. Harass others
  4. Engage in outside business activities.

 

Employees may use their mobile device to access the following company-owned resources:

 

  1. Webex

5.0         Security

This section describes the security for our BYOD policy. This policy defines which applications and resources employees can access via their mobile devices. 

(NOTE: The security team can develop system threat models for mobile devices and the resources that are accessed through the devices.  The guidelines should be derived from those policies.)

The following describes our mobile device security guidelines: 

  1. To prevent unauthorized access, devices must be password protected using the features of the device to access the company network.
  2. The company’s strong password policy is Passwords must be at least 12 characters and a combination of upper- and lower-case letters, numbers and symbols. Passwords will be rotated every 180 days, and the new password can’t be one of 15 previous passwords.
  3. The device must lock itself with a password or PIN if it’s idle for five minutes.
  4. Rooted (Android) or jailbroken (iOS) devices are strictly forbidden from accessing the network.
  5. tablets that are not on the company’s list of supported devices are not allowed to connect to the network.
  6. Smartphones and tablets belonging to employees that are for personal use only (without MDM installed) are not allowed to connect to the network.

 

Employees’ access to company data is limited based on their user profile, defined by their supervisor and implemented by IT. The employee’s device may be remotely wiped if:

 

  1. The device is lost or stolen. Employees are responsible to Notify Their Manager and IT Within 1 hour of their knowledge of the loss.
  2. The employee terminates his or her employment.
  3. IT detects a data or policy breach, a virus or similar threat to the security of the company’s data and technology infrastructure. 

 

User Acknowledgment and Agreement

 

By signing below, you agree to comply with this BYOD policy. 

I acknowledge, understand and will comply with the above referenced security policy and rules of behavior, as applicable to my BYOD usage of <Company Name> services. I understand that business use may result in increases in my personal monthly service plan costs. I further understand that reimbursement of any business-related data/voice plan usage of my personal device is not provided. (Assuming the company opts not to reimburse employee for usage for business purposes)

 

Employee Name:                                                                                                                                  

 

BYOD Device(s):                                                                                                                                    

 

Employee Signature:                                                                                       Date:  _______________