Bring Your Own Device Policy

The objective of this policy is to define standards, procedures, and restrictions for end users who are connecting a personally-owned device to Company’s organization network for business purposes. This device policy applies, but is not limited to all devices and accompanying media (e.g. USB thumb and external hard drives) that fit the following classifications:

• Smartphones
• Other mobile/cellular phones
• Tablet computers
• Portable media devices
• PDAs
• Ultra-mobile PCs (UMPCs)
• Laptop/notebook computers, including home desktops
• Any personally-owned device capable of storing organizational data and connecting to a network

The policy applies to any hardware and related software that is not organizationally owned or supplied, but could be used to access organizational resources. That is, devices that employees have acquired for personal use but also wish to use in the business environment.

The overriding goal of this policy is to protect the integrity of the confidential client and business data that resides within Company’s technology infrastructure. This policy intends to prevent this data from being deliberately or inadvertently stored insecurely on a device or carried over an insecure network where it could potentially be accessed by unsanctioned resources. A breach of this type could result in loss of information, damage to critical applications, loss of revenue, and damage to the company’s public image. Therefore, all users employing a personally-owned device connected to Company’s organizational network, and/or capable of backing up, storing, or otherwise accessing organizational data of any type, must adhere to company-defined processes for doing so.