Schooley MitchellMobile Device Policy

White Paper

Introduction

Mobile devices are an essential tool in today’s workplace. From smart phones to tablets, we use wireless technology frequently in the course of a regular business day. Cell phones have also become the primary form of personal communication. This makes it more important than ever for companies to have a well developed mobile policy to mitigate liability and educate employees on acceptable use.

A wireless policy should be tailored to the specific needs of a workforce and it is possible more than one policy will be needed depending on an employee’s job function. Similarly, policies will differ depending on the mobile environment, taking into consideration the use of corporately-owned or privately-owned devices.

The following template was created by Schooley Mitchell, the largest independent telecommunications consulting firm in North America, to assist our clients in the creation of solid, all-encompassing mobile device management policies. The document includes best practices adopted from various industry sources.

Considerations

There are several factors to take into consideration before drafting a mobile policy – there is no one-size-fits-all solution. Ask yourself the following questions to ensure you include all the necessary elements:

◊ Are the devices corporately owned or privately owned (BYOD)?◊ What are reasonable guidelines for my business and industry?◊ What mobile capabilities are required by my employees?◊ What mobile device issues or problems do we experience currently? ◊ What are the legal risks to my organization?

◊ Distracted driving and applicable laws◊ Labor standards and overtime◊ Remote wipe provisions

◊ What security measures are needed?◊ How will you enforce the policy?

Distribution & Training

Any company policy must be distributed with frequency for legal protection. Each policy should be signed by the manager and employee. Adhere to the following practices:

◊ Distribute in print, post in break rooms and store in your company’s online intranet◊ Send regular emails with links pointing to the policy◊ Redistribute policies whenever they are changed◊ Review policies during training sessions

Next Steps

Schooley Mitchell delivers objective advice and analysis to ensure you are receiving superior telecommunications services at the best price. We are independent of all vendors and act only with your best interests in mind. We can help optimize your wireless environment.

Services include:

◊ Ongoing optimization of wireless, landline & long distance services◊ Billing error identification and recovery◊ Project management, needs analysis, technology recommendations◊ Hardware upgrades & installs, office relocations, network integration◊ Merchant services analysis, including credit card, debit card, eCheck & ACH

transactions

Contact us today for a risk-free assessment.

Sample MobileDevice Policy

Policy Statement

The purpose of this policy is to secure and protect the mobile devices owned by <COMPANY NAME>. <COMPANY NAME> grants access to these resources as a privilege and must manage them responsibly to maintain the confidentiality, integrity, and availability of all mobile devices. <COMPANY NAME> reserves the right to change this policy at any time, with or without notice.

Definitions

Mobile devices are handheld or notebook-sized devices that can be used to store or send information, or connect to the Internet.

For the purposes of this policy, the following definitions apply:

“Company” means <COMPANY NAME>

“Employee” means all personnel working for <COMPANY NAME>, including contractors, consultants, interns, temporary or other workers assigned resource privileges

“Mobile device” means devices that can used to store or send information or connect to the Internet eg. cellphones and smartphones including BlackBerrys, iPhones, and Android devices, tablets, laptops, notebook computers, portable digital assistants (PDAs), USB drives, memory sticks or other similar devices.

“Remote wipe” means software that deletes data stored on a mobile device

Eligibility/Scope

All employees must adhere to this policy, which applies to all mobile devices owned or issued by <COMPANY NAME> or that are connected to its network. Devices used for <COMPANY NAME> business, or containing data owned by <COMPANY NAME> are governed by this policy.

Acceptable Use

General Use of <COMPANY NAME> Mobile Devices

Corporately-owned mobile devices are for work-related communications. Employees should have no reasonable expectation of privacy regarding this resource and records will be audited to monitor compliance. Text messaging, mobile data and international roaming

are included in some employee packages depending on job function.

All employees will ensure confidential data that is stored on or accessed via a mobile device is safeguarded. This includes:

◊ Taking steps to physically secure the device, including the use of a password-protected lock screen

◊ Never sharing passwords with anyone, including friends or family◊ Avoiding auto-complete features that remember user names or passwords◊ Ensuring all sensitive data stored on the device is encrypted◊ Turning off unnecessary services such as Bluetooth and geotagging when not in use◊ Keeping the operating system and all applications up-to-date and installing updates

immediately when mandated by the IT department◊ Reporting a lost or stolen device immediately

Personal mobile devices that are not managed by the IT department but are used for business are the responsibility of the owner. These users will be responsible for settling billing or service disputes with the carrier, purchasing software, performing maintenance and maintaining warranty information. The devices are still governed by the rules listed above.

<COMPANY NAME> reserves the right to perform a remote wipe on any company-owned device whenever it deems necessary.

When in the office setting or in meetings, all phones should be set to low volume or vibrate as to not distract others.

Personal Use of <COMPANY NAME> Mobile Devices

<COMPANY NAME> subscribes to service plans that provide sufficient resources to conduct company business. To prevent overages, employees should limit their personal use of company phones. The employee is responsible for covering the cost of any charges for unauthorized use including data, text messaging and app downloads.

Driving

Employees whose job responsibilities include travel must refrain from using their phone while driving. Employees should pull off to the side of the road and safely stop the vehicle before placing or accepting a call regardless of circumstance. If this is unavoidable, the use of Bluetooth or other hands-free devices are permitted if allowed under local laws.

Always avoid complicated or emotional discussions while driving, and avoid talking via a hands-free device in heavy traffic, inclement weather or in an unfamiliar area. Never text message while driving.

Employees charged with traffic violations resulting from use of mobile devices while driving will be responsible for all liabilities incurred.

Loss & Theft

The loss or theft of any mobile device containing <COMPANY NAME> data must be reported immediately to your supervisor and the IT department. Change all passwords for accounts stored or used on the device and notify credit card companies and banks if applicable.

Some questions to consider if your mobile device is lost or stolen:

◊ What stored data was stolen? ◊ What stored passwords were stolen? ◊ What other accounts and services might have been compromised? (cloud sharing,

etc.)◊ Did you lose your only copy of important documents?

Personal Devices

Personal mobile devices should not be used during business hours unless it is for legitimate business purposes. A device may be turned on in case some type of emergency contact is required. However, employees should instruct emergency contacts to call the main company line whenever possible. Company mobile device numbers will not be ported to personal devices.

Enforcement

Violations of the foregoing rules will be considered a serious offence and may result in the imposition of discipline up to and including termination, and may involve civil or criminal litigation.