BYOD Policy for [AGENCY]

Transcription

1 BYOD Policy for [AGENCY] This document provides policies, standards, and rules of behavior for the use of smartphones, tablets and/or other devices ( Device ) owned by [AGENCY] employees personally (herein referred to as BYOD User ) to access [AGENCY] network resources. Access to and continued use of network services is granted on condition that each BYOD User reads, signs, respects, and follows the [AGENCY] s policies concerning the use of these devices and services. [AGENCY] reserves the right to revoke this privilege if BYOD Users do not abide by the policies and procedures outlined below. This policy is intended to protect the security and integrity of [AGENCY] s data and technology infrastructure. Limited exceptions to the policy may occur due to variations in devices and platforms. BYOD User must agree to the terms and conditions set forth in this policy in order to be able to connect their devices to the [AGENCY] network, whether by wireless or overtheair access via cellular or other network. Expectation of Privacy: [AGENCY] will respect the privacy of your personal device and will only request access to the device by technicians to implement security controls, as outlined below, or to respond to legitimate discovery requests arising out of administrative, civil, or criminal proceedings (applicable only if BYOD User downloads business /attachments/documents to their personal device). Acceptable Use [AGENCY] defines acceptable business use as activities that directly or indirectly support the business of [AGENCY]. [AGENCY] defines acceptable personal use of Device on agency time as reasonable and limited personal communication or recreation, such as reading or game playing. BYOD User agrees that the Device will not be shared with other individuals or family members, due to the business use of the device (potential access to business , and related risks); BYOD User is blocked from accessing certain websites during work hours and/or while connected to the corporate network at the discretion of [AGENCY]. The list of restricted websites is available upon request. Device camera and/or video capabilities are not disabled while onsite. Any use of the Device during the course of business work shall be owned by [AGENCY]. Devices may not be used at any time to: Store or transmit illicit materials Store or transmit proprietary information belonging to another agency Harass others Engage in outside business activities 1

2 Other activities which are inconsistent with our business practices The following apps are allowed: {Include a detailed list of apps, such as weather, productivity apps, Facebook, etc., which will be permitted} The following apps are not allowed: {Apps not downloaded through itunes or Google Play, etc.} BYOD User may use the Device to access [AGENCY]owned resources: [ , calendars, contacts, documents, etc.] [AGENCY] has a zerotolerance policy for texting or ing while driving and only handsfree talking while driving is permitted. BYOD User agrees to delete any sensitive business files that may be inadvertently downloaded and stored on the device through the process of viewing attachments. [AGENCY] ISO will provide instructions for identifying and removing these unintended file downloads. Follow the premise, When in doubt, delete it out. Devices and Support Permitted Devices are as follows: Smartphones including those using the ios, Android, Blackberry and Windows operating system are allowed (the list should be as detailed as necessary including models, operating systems, versions, etc.). Tablets including those using the ios, Android and Windows are allowed (the list should be as detailed as necessary including models, operating systems, versions, etc.). Connectivity issues are supported by IT: BYOD Users should/should not contact the device manufacturer or their carrier for operating system or hardwarerelated issues. Devices must be presented to IT for proper job provisioning and configuration of standard apps, such as browsers, office productivity software and security tools, before they can access the network. Reimbursement {Choose your reimbursement option} [AGENCY] will/will not reimburse the BYOD User for a percentage of the cost of the device {include the amount of [AGENCY] s contribution}, or [AGENCY] will contribute {X} amount of money toward the cost of the device. {OR} 2

3 [AGENCY] will a) pay the BYOD User an allowance, b) cover the cost of the entire phone/data plan, c) pay half of the phone/data plan, etc. {OR} [AGENCY] will/will not reimburse the BYOD User for the following charges: roaming, plan overages, etc. Security In order to prevent unauthorized access, all devices must be passwordprotected using the features of the device and a strong password is required to access [AGENCY] network. [AGENCY] s strong password policy for mobile devices is: Passwords must be at least six characters and a combination of upper and lowercase letters, numbers and symbols. Passwords shall be changed every 90 days and the new password can t be one of the previous 15 passwords. The device must lock itself with a password or PIN if idle for one minute. All mobile devices will contain the proper encryption for that particular device. If encryption is not possible, e.g., due to the age of the device, then access may not be authorized. After five failed login attempts, the device must be set to lock. Rooted (Android) or jailbroken (ios) devices are strictly forbidden from accessing the network. BYOD Users are automatically prevented from downloading, installing and using any app that does not appear on [AGENCY] s list of approved apps. Devices that are not on the [AGENCY] s list of supported devices {are/are not} allowed to connect to the network. BYOD Users access to [AGENCY] data is limited based on BYOD User profiles defined by IT and automatically enforced. The BYOD User s device may be remotely wiped if 1) the device is lost, 2) the BYOD User terminates his or her employment, 3) IT detects a data or policy breach, a virus or similar threat to the security of [AGENCY] s data and technology infrastructure. Risks/Liabilities/Disclaimers While IT will take every precaution to prevent the BYOD User s personal data from being lost in the event it must remote wipe a device, it is the BYOD User s responsibility to take additional precautions, such as backing up , contacts, and other personal information and/or data. [AGENCY] reserves the right to disconnect devices or disable services without notification. Lost or stolen devices must be reported to [AGENCY] within 24 hours. BYOD User is responsible for notifying their mobile carrier immediately upon loss of a device. 3

4 BYOD User is expected to use his or her devices in an ethical manner at all times and adhere to [AGENCY] s acceptable use policy as outlined above. BYOD User is personally liable for all costs associated with his or her device. BYOD User assumes full liability for risks including, but not limited to, the partial or complete loss of company and personal data due to an operating system crash, errors, bugs, viruses, malware, and/or other software or hardware failures, or programming errors that render the device unusable. [AGENCY] reserves the right to take appropriate disciplinary action up to and including termination for noncompliance with this policy. 4

5 USER ACKNOWLEDGMENT AND AGREEMENT Name: Date: Job Title: Job responsibilities that require access to company data via mobile device: I understand that by submitting this form I am requesting mobile device services from [Agency], and that I agree to be bound by the company s policies, standards and procedures and be responsible for reviewing and complying with all provisions of said policies. I understand that as the Information Owner, [Agency] retains the right to revoke access to company data at any time, for any reason, without notification to myself, regardless of device ownership. Signature of User: Date: Approved by Department Manager Signature: Print Name: Date: IT use only Use approved by: Date: Data Access: Data Device owner: Service Provider: Phone Number: 5

6 SIM: IMEI: Service Start Date: By: Service Termination Date: By: 6