What's Your BYOD Policy?

The mobile devices your employees use for personal matters are varied in quality, design and functionality. Imagine if they all used those devices for work and the management complexities that would introduce.

Guess what? They're almost definitely already using these devices for work! But now imagine if you required it. That's Bring Your Own Device, or BYOD, and the concept is on everyone's mind — and not just because, as Gartner predicts, half of employers will likely require employees to supply their own device for work by the turn of the year, but also because the complexity of network management grows with every addition to your network.

Writes Scott Matteson for TechRepublic, "As complexity grows, the discipline and strategy needed to manage BYOD will grow in accordance. IT departments will need to plan and map out how they can handle these changes in BYOD, define guidelines and requirements for use, and ensure that the appropriate administration, monitoring, and support controls are in place to rise to the new challenges and ensure that they bring the greatest possible benefits to the business."

As complexity grows, the strategy needed to manage BYOD will also grow. Click to tweet

While we agree with Matteson's assessment of the necessary elements of a BYOD policy, and we know that 42 percent of IT employees said their support responsibilities increased after implementing BYOD, we don't think the full creation of a policy should fall squarely on IT's shoulders.

Developing Your Device Policy is a Cross-Departmental Effort

Despite a majority of policy work falling to the IT department, parts of your policy will require other perspectives in order to be successful.

A well-formed BYOD policy features sections on acceptable use, acceptable devices, device management capabilities, reimbursement, security and liabilities/disclaimers. (Check out this template for an example.) Surely, not all of these sections can belong to IT.

"I see BYOD policy creation as something the technical individuals should participate in. It should be people like the director of IT or the CIO — someone comfortable looking at all the technical aspects, but with managerial perspective. Someone who understands process creation and can dig down," says Jennifer Allen, Twinstate's Red Team manager.

"But they need to create a task force themselves. The IT director should head up the effort for technical implementation and the C-suite should head up the effort from a managerial perspective," Allen says, "but they have to reach out to others to figure out what they need."

Allen cautions that this doesn't mean a giant committee is required to create every policy. It simply means that, if you are to create a successful policy, the process will need owners, care and at least two perspectives.

"You shouldn’t hesitate to delegate sections to the managers, particularly sections on employee general policy," says Allen. "The information technology department should own data classification, but with everything else? Just delegate those things so you don’t have this massive document to deal with yourself," she advises.

Reviewing the BYOD Policy Process

To develop a comprehensive policy that will increase productivity, protect your business from risks and help you keep your employees happy, start by choosing the IT/C-Suite power team that will put together the BYOD policy roadmap or outline. Task them with finding owners for each section, and move forward from there, bringing it all together in one living document you can roll out to employees on a timeline that makes sense for your company.