BYOD Acceptable use policy

Objective

Most companies allow employees to use their personal smart devices like laptops, desktops, mobiles, dongles, networks, etc for official purposes. At Peak Signal, given the nature of our business and as the shareholders work, in the main, remotely the company’s approach is to support a Bring Your Own Device (BYOD) approach. It is to be noted also that, in the main, we operate within a ‘Bring Your Own Network’ approach, where individuals are using their home wi-fi as connectivity. The objective of this policy is to establish guidelines and controls in order to mitigate the security risks associated with access to Peak Signal networks and information.

Scope and Applicability

This policy applies to all partners, associates and contractors who use their own devices to access Peak Signal networks and information. Devices that are within the scope of this policy are:

  • Any device which is provided by the Company for official use
  • Any device which is employee-owned but used for official use

Definition / Glossary

Term / Abbreviation Definition / Expansion
SOP Standard Operating Procedure
BYOD Bring your own Device

Policy / Process

BYOD Access

User access to Peak Signal’s information shall be granted through user set-up process, undertaken by one of the shareholders. Access shall be granted based on business requirements and shall be limited to partners, associates, contractors and designated external parties such as customers and suppliers only.

Access to Peak Signal data shall be limited and subjected to business requirements, post formal approvals that all necessary compliance is in place (such as NDAs)

Level of data access shall be authorized by the shareholder responsible for the business being undertaken.

The BYOD program shall be subject to periodic risk assessment.

 

Use of Security Settings

  • Users enrolling their devices for BYOD usage shall agree on the conditions of this policy as well as terms of usage while accessing Peak Signal’s data / information.
  • All registered BYOD devices must comply with the following settings:
    • Device shall be password protected to prevent unauthorized access
    • The device must lock itself with a password or PIN if it’s idle for five minutes
    • The device shall be locked out after 3 unsuccessful login attempts
    • Devices accessing Company resources shall be on the latest OS/ patch version
  •  All BYOD devices are required to have standard anti-malware defences.

 Administration and Usage

  • Peak Signal data can only be created, processed, stored and communicated to the extent of access permit granted
  • Official data must be accessed only within permitted access modes
  • Each user has the responsibility to notify through established incident management process immediately of any evidence of security violation involving the use of BYOD facility with regard to:
    • Unauthorised access
    • Apparent spread of virus 
  • Back up of personal data shall be the responsibility of user
  • Peak Signal will not be responsible for loss or destruction of device or data while using BYOD for official purpose
  • Maintenance, upgrades, enhancements and any installation of programmes necessary for official work shall purely be the responsibility of the User

Acceptable Use

  • All users shall ensure usage of BYOD services in an ethical and lawful manner to avoid any legal issue or litigation for Peak Signal
  • Acceptable use of mobile devices will be allowed as per this policy
  • BYOD devices must be treated as Company assets during official work and precautions must be taken to ensure confidentiality and data security

Logging / Monitoring

  • Periodic security reviews shall be conducted
  • Suspicious events detected through monitoring activities shall be reported through incident management procedure.

User Privacy

User’s personal data such as phone contacts, messages, media or information stored on BYOD devices shall not be accessed during monitoring.

BYOD Awareness

BYOD compliance awareness shall be conducted by Peak Signal shareholders periodically

Non-compliance and consequences

Peak Signal shareholders shall verify compliance to this policy through various methods, including but not limited to periodic walk-throughs, business tool reports, internal and external audits and provide feedback to the shareholder 6 monthly policy review meetings. Any non-compliance shall lead to strict disciplinary action.

Special Circumstance and Exception

All exceptions to this policy will require a waiver explicitly approved by a majority of shareholders.