Cherwell IT Service Management Blog
Resources, Best Practices, and Solutions for ITSM Pros

The 4 Essential Steps to Creating a BYOD Policy

Posted by

The 4 Essential Steps to Creating a BYOD PolicyMore and more, employees expect a new level of choice in how they work, whether that means flexible hours, where they work from, or what devices they work on. This last one, freedom of device, raises questions like: Why can’t they use what they’re comfortable with? Are there limits to what someone can do on their own personal devices? Or limits on what devices they can use?So much to say, BYOD (Bring Your Own Device) is not a passing phase. Gartner predicts that by 2016, 38% of companies will expect to stop providing devices. By 2020, 85% will implement a BYOD program. That makes for a rather short window of opportunity for IT to get its BYOD act together. Creating efficient BYOD practices requires a BYOD policy. Don’t know where to start? Here are 4 essential steps to begin thinking about creating an effective BYOD policy.

Step 1. Consider

  • Research (or else) devices and their capabilities. Ensure that your IT service can offer a comprehensive experience for each device. One-size-fits-all service will frustrate users with marginal device capabilities. Before you can offer the service to build a policy around, you must understand each device.
  • Know your stuff. Conduct surveys to find out what devices the industry and your employees are using. Research what the best options are by gathering business activities and outcomes for each device.
  • As you evaluate the various devices and apps, keep some critical questions in mind. These questions should begin to define ownership, sourcing, liability, regulatory, risk, usability, and security practices. For example, when examining security for a device or app, look for how its unique qualities can be maintained in regard to concerns like lost devices, third party sharing, file pulling, and personal storage of corporate data.
  • Have a balanced approach. As you begin thinking up strategies to conform BYOD usage, try to find the sweet spot between high and low detail and high and low coverage. Finding the correct amount of space and limitation for devices will greatly affect how your company interacts with your policy.

Step 2. Write

  • No one writes a policy just for kicks. Write a policy with a purpose. A quality policy should shape actions, control processes, and manage expectations with a more or less standard rules of engagement.
  • The intended result is a set of coherent company-wide practices. Stark definitions of what is supported and how it will be supported will establish quality, consistency, and reliability.
  • The form and writing of a BYOD policy should be clear and understandable. You want users to actually read and understand it. That’s the only way it will incite the desired change.
  • Speak directly to specific concerns in specific areas and contexts. Remove any doubt of when and where policies apply.
  • Include objective, verifiable, conformance criteria. This will really put a set of teeth in your BYOD policy.

Step 3. Establish

  • Now that you’ve written a BYOD policy with writing that underpins action, take action!
  • Make sure the policy is readily available to everyone it affects.
  • Take measures to assess and improve policy conformance.
  • If your policy is successful, it will influence company usage and future device and app purchases.

Step 4. Review and Update

  • Your policy should be definitive, but not static. Make sure to adapt it to new devices and better practices when they come up.
  • Establish procedures to review policies. Policies should be regularly reviewed to maintain relevance.
  • If not, revise, rescind, or replace as needed
  • Set up authority roles that can grant exceptions or waivers. A policy is only as effective as its flexibility to address real concerns. Sometimes these concerns necessitate exemptions or waivers.
  • Come up with a way to broadcast these reviews to those affected. Create a way to communicate policy updates effectively.

Further Reading:

Diving deeper into writing a BYOD policy? Check out the comprehensive guide: How to Write a BYOD Policy.