SPECIAL SECTION: TECHNOLOGY

This is a sample BYOD policy with language incorporating the considerations discussed. It is provided only as an exemplar and is not intended
to be used without modification to fit your particular operational situation. Also, the sample policy should be modified to conform with any
relevant law particular to your state or local jurisdiction. For a copy of the policy, contact Nicole Upano at [email protected].

Bring Your Own Device (BYOD) Policy

T he Company has adopted this Bring Your Own Device (BYOD)
Policy to meet the needs of our employees. Using your own
device for work purposes is not a right, and must be authorized
by the Company. In addition, you must read, sign and follow
this policy at all times in order to use and continue to use your
personal device for work purposes.

Network and Information Security

n Access sensitive business data through Company e-mail and remotely locate and wipe the device if it is lost or stolen.
approved applications only. These access points are protected n Report lost or stolen devices to Company within 4 hours
through the security controls discussed below. In all other or as soon as practical after the device is noticed missing.
respects, keep sensitive business data off of your personal Employees are responsible for notifying their mobile carrier
device. Sensitive business data includes all documents or data immediately upon loss of a device.

SAMPLE
whose loss, misuse, or unauthorized access could adversely n Report any suspected unauthorized access of the device or
affect the privacy or welfare of an individual or Company data breach immediately.
operations. Delete any sensitive business files that may be n Your device may be remotely wiped if:
inadvertently downloaded and stored on the device through — It is lost or stolen
the process of viewing e-mail attachments. Company IT will — You separate from your employment without first permit-
provide instructions for identifying and removing these un- ting IT to inspect your device
intended file downloads. When in doubt, delete it off of your — IT detects a data or policy breach, a virus or similar threat
device; to the security of the Company’s data and technology
n Maintain the original device operating system and keep the infrastructure, as determined by Company in its discretion.
device current with security patches and updates, as released n Smartphones and tablets that are not on our list of supported
by the manufacturer and requested by IT. No “Jail Breaking” devices are not allowed to connect to the network. Current
the device (installing software that allows the user to bypass devices approved for use:
standard built-in security features and controls); — Android Smartphones & Tablets, OS version 7.0 or higher
n Do not share the device with other individuals or family mem- — iOS iPhones & iPads, iOS version 10 or higher
bers. This is strictly prohibited due to the business use of the — BlackBerry Smartphones & Playbook, BlackBerry 10 OS or
device (potential access to Company e-mail, etc.). If you are in higher
a situation where you need to share your device with another n All devices must be password protected and must lock them-
person, please let the Company know and Company IT will selves if idle for more than 2 minutes. You must comply with
evaluate whether to provide you a Company-issued device; all Company password policies, including the use of strong
n Agree to allow the installation of mobile device management passwords, password expiration and password history.
software by Company IT. This software allows the Company to

Wage and Hour Compliance

n Overtime. Consistent with Company Policy, all overtime work your rest breaks or meal periods, unless you are specifically
must be approved in advance by a supervisor. Non-exempt designed as on-call by your supervisor.
employees are paid for all hours worked in accordance with n Dollar Amount of Reimbursement: Authorized users of
applicable law. Non-exempt employees are responsible for personal devices will receive a reimbursement as follows:
accurately recording their time and are prohibited from — Voice only - $[XX] per month
working off the clock. Non-exempt employees must have a — Data only - $[XX] per month
legitimate business reason for accessing Company network, — Voice/Data - $[XX] per month
including Company e-mail, after working time and must n Process for Reimbursement: Complete the Mobile Device
receive advance authorization to do so, except in the event of Reimbursement Request Form and submit it to your supervi-
an emergency. Working off the clock, in any form, is strictly sor for approval. Your supervisor will determine if the request
prohibited. Any non-exempt employee who works after hours meets the criteria and intent of the policy.
without advance authorization will be paid for such work, but n Reimbursement: Payment will be made upon presentation of
is subject to discipline. a completed Personal Reimbursement Form along with a copy
n Meal Periods and Rest Breaks: All rest breaks and meal of the monthly device bill.
periods are “off-duty.” You will be relieved from all work-relat- n Use of Device: You must retain an active device as long as
ed duties and free from any Company control during your rest you are receiving device reimbursement. The device may be
breaks and meal periods. Employees should not conduct any used for both business and personal purposes, consistent with
work-related activities during their rest breaks or meal periods, this policy. Extra services or equipment may be added at your
including sending or responding to work-related emails or expense. You will not be eligible for device reimbursement
texts. You are not required to remain “on-call” during during a leave of absence.

52 units | | MARCH
MARCH 2018 www.naahq.org
2018 www.naahq.org

MARCH18_EditPages.indd 52 2/20/18 5:24 PM

 Policy and Procedure Compliance
n Compliance with Company Policies. You are expected to including Company wireless networks, unless relevant to a
use your device in an ethical manner at all times and adhere work related project with approval from your immediate su-
to the Email and Internet Use and other applicable policies pervisor. If you receive material from outside sources that are
as outlined in the Company handbook. This also includes sexually explicit and not relevant to work related projects, it
Company policies related to mobile device use while driving is wise to delete or destroy it. If the originator of this material
and other Company IT policies outlined in the Company is an employee, you should notify the employee’s supervisor
handbook. or Human Resources. If you believe you have been harassed
n Policy against Harassment: Displaying sexually explicit im- or if the employee persists in sending the material, you
ages unrelated to work related projects on Company property should report the incident immediately in accordance with
is a violation of the Company’s policy on sexual harassment. the Company’s Discrimination, Harassment, and Retaliation

SAMPLE
You are not allowed to download, archive, edit, or manipulate Prevention Policy.
sexually explicit material while using Company resources,

Employee Privacy
n Company will respect the privacy of your personal device to compliance with our security requirements, you may opt to
the extent it is not used for work purposes, and will request drop out of the BYOD program.
access to the device for business purposes only, such as access n We will take reasonable precautions to prevent your personal
by technicians to implement security controls, to respond data from being lost in the event we must remote wipe a
to legitimate discovery requests arising out of administra- device. However, we cannot guarantee that such data will be
tive, civil, or criminal proceedings (applicable only if user saved, and are not responsible for any expenses or damages
downloads Company email/attachments/documents to their that result from the loss of personal data. It is your respon-
personal device), to protect company intellectual property, or sibility to take additional precautions, such as backing up
for other business purposes. If you have concerns related to contacts, pictures, messages, etc.

Miscellaneous
n The Company is not responsible maintaining or repairing n The Company is not responsible maintaining, repairing, or
your mobile device reinstalling, any personal software or personal apps on your
device

USER ACKNOWLEDGMENT AND AGREEMENT

I acknowledge, understand and will comply with the BYOD that the Company requests, or if I elect to discontinue my partic-
Policy. I understand that addition of Company-provided third ipation in the BYOD program, I will: (1) immediately refrain from
party software may decrease the available memory or storage accessing any Confidential Information stored on my device; (2)
on my personal device and that Company is not responsible for any allow the Company access to retrieve any Company information
loss or theft of, damage to, or failure in the device that may result or documents stored on my device; and (3) if and when so direct-
from use of third-party software and/or use of the device in this ed by the Company, permanently delete and erase any Company
program. I understand that contacting vendors for trouble-shooting documents or information stored on my device or provide access
and support of third-party software is my responsibility, with limited to allow the Company to do so; and (4) allow the Company access
configuration support and advice provided by Company IT. to the device to remove and disable any Company provided
Upon the termination of employment, at any other time third-party software and services from it.

Employee Name:

Employee Signature: Date:

www.naahq.org
www.naahq.org 2018 || units
MARCH 2018
MARCH 53

MARCH18_EditPages.indd 53 2/20/18 5:24 PM