Archive for September, 2013

Reasonable & Essential BYOD Policies

Written by Nick B. Nicholaou on . Posted in Articles

© 2013 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from Christian Computing Magazine 

BYOD– Bring Your Own Device– is an IT wave that is sweeping corporations. IT Directors are understandably uncomfortable about this. Adopting enforceable policies will make the difference, however, in BYOD’s success in any organization.

What Is BYOD, Exactly?
There is a growing number of requests among computer users to use whatever device they own and prefer when at work. In our network consulting we have been seeing it for a few years in the form of employees asking us if they can use their personal computer instead of the one provided to them. Thus, Bring Your Own Device.

Sometimes it is because the employee is used to working on a more powerful system than the one they’re being provided. Other times it is because the employee prefers a different operating system than the one running on the computer being provided to them.

Because of some of the advances operating systems, computer hardware, and Cloud Computing have brought about (Microsoft Office for Mac, automatically synchronizing files, virtualization, etc), the lines are getting blurry between operating system platforms like Windows and Mac OSX. Some are thus celebrating the fact that now people can use Windows, Mac, or anything else they feel most comfortable with when at work.

Management is wondering about the costs and savings this trend will bring. Up for discussion are employee productivity, compromised data and networks, and workstation purchase savings.

Why Are IT Directors Uncomfortable?
IT Directors see the risks of letting “unconfigured” and “unmanaged” systems connect to the network. They are the ones responsible to ensure that essential data and systems are always available so that staff can be productive. They are also the ones who see the impact of supporting multiple platforms and configurations. Their teams are the ones who get calls after hours because something is no longer working and, left unchecked ’til morning, may affect the ability of staff to get their work done.

But many believe the benefits outweigh the risks– cost reductions, program efficiency and productivity increases, changing workforce adaptability, and an improved user experience.

What Policies Should We Have?
This is an evolving area in IT that is still fairly new. Very few policy guidelines have been published, and they are mostly about the use of personally-owned smartphones. Policies need to be approached in a few categories: the employee’s responsibilities, the employer’s responsibilities, termination procedures, and a signed acknowledgement.

Employee Responsibilities

  • To be productive.
    Employees who request to use their personal computers and/ or devices must understand that they are responsible to be productive. Thus any such BYOD request, if granted, will require that the employee be at least as productive as they would have been using the systems normally provided by the employer. Standards of productivity are the responsibility of management, and employees who are not as productive on their personally-owned computers and/ or devices will be required to use employer-provided systems.
  • To be cooperative.
    Personally-owned computers and/ or devices, if allowed to be used at work, must meet minimum standards. Those standards will be set and modified from time to time by the IT Department, and may address minimum processor chipsets and operating system versions, amount of RAM and storage, and the use of specific employer-provided applications such as productivity suites, anti-malware tools, email clients, and more. Use of substitute applications must be approved by both the IT Department and the employee’s direct supervisor.
  • To be responsible.
    The employee agrees to maintain their personally-owned computers and/ or devices that have been approved for use at work at a level that keeps the employee productive at levels set by management and meets or exceeds the IT Department’s minimum system requirements. The employee is responsible for any costs due to failed hardware, configuration and/ or software issues, and theft or breakage.
  • To protect.
    The employee agrees to maintain the security of their personally-owned computers and/ or devices to protect the data and integrity of the employer’s systems. The employee agrees to report immediately, or as soon as possible, if a device with employer’s data is lost or stolen, and to let the employer install software that could delete the employer’s data if the employer so desires, with or without notice. The employee agrees to submit their personally-owned computers and/ or devices approved for use at work for inspection by the IT Department from time to time to confirm that the system is being properly protected against malware and other threats. The employee agrees that the employer may see data and files that could otherwise be considered private, but agrees to hold the employer harmless against any claims against loss of privacy in exchange for the employer agreeing to allow the employee to use his or her personally-owned computers and/ or devices for work.

Employer Responsibilities

  • To provide a productive environment.
    The employer agrees to provide a suitable work area to help the employee be productive at levels required by management. In case the employee’s personally-owned computers and/ or devices are not available due to required repairs (for which the employee is responsible), the employer will provide a substitute workspace using employer-owned computers and/ or devices for a reasonable period of time.
  • To be reasonably accommodating.
    When an employee requests permission to use their personally-owned computer or device at work, the employer agrees to be reasonably accommodating if the employee can demonstrate that their productivity will meet or exceed the productivity standards set by the employer.
  • To be supportive.
    The employer is not responsible to support the employee’s computer or device. However, the employer will give help desk support at the same level as it does for employer-owned computers on the use of software provided by the employer.
  • To Explain Exempt vs Non-Exempt issues.
    Some employees are subject to overtime rules based on State and/ or Federal law. The employer is responsible to explain the employee’s exempt or non-exempt status, and how it impacts work time recordkeeping.

Termination Procedures

If an employee is terminated by the employer or initiates termination of the employment relationship, the employee agrees to remove all employer-owned software and data from their personally-owned computer or device, or to provide it to the IT Department to allow the IT Department to remove it for them.

Signed Acknowledgement

The employee and the employee’s supervisor will sign an agreement acknowledging the BYOD policies in place. The acknowledgement will also state that the employer may modify the BYOD policy at any time and without prior notice.

BYOD is a new area of IT policy. Like all policies– especially those with potential privacy issues– yours should be reviewed by a competent attorney. With policies like these and more, BYOD can work to the benefit of the employer and the employee.