Define your BYOD policy

Define eligibility – Identify who can use personal devices for work and scenarios where it is inappropriate due to data security, worker type or other factors. In enterprises that allow a BYOD device to replace a corporate endpoint, this decision is typically optional for the worker and subject to managerial discretion.

Determine allowed devices – BYOD policies should allow people to use whatever type of device that best meets their needs.

Set service availability – Think about the services and apps you want to make available on BYOD devices and whether they differ by work groups, user types, device types and networks used as you define your policy.

Clarify cost sharing – Some organisations provide a subsidy for BYOD devices and other services, especially in cases where a corporate device is no longer provided. If considering a stipend, tax consequences and potential IT cost savings should be taken into account. Implement BYOD in your organisation

Plan rollout – Provide guidance to help people decide whether to participate, choose the right device and understand the responsibilities that come with bringing their own device, including how data can be accessed, used and stored.

Implement security – Confidential business information should reside on the endpoint only in isolated, encrypted form, and only when absolutely necessary. Multi-layered security should include granular policy-based user authentication with tracking and monitoring for compliance; control over print capabilities and client-side storage; and mandated antivirus/ anti-malware software. IT should consider remote wipe mechanisms if business information is allowed on the device.

Establish support and maintenance levels – Spell out the type of incidents IT will support and the extent of this support. A loaner pool of devices allows uninterrupted productivity during service, especially when a BYOD device is used in place of a corporate device. Consider providing key personnel with additional, concierge-style support.

…