39 lines
2.3 KiB
Markdown
39 lines
2.3 KiB
Markdown
# BYOD (Bring Your Own Device)
|
|
|
|
> For the complete policy details, see [BYOD Policy](./BYOD_Policy.md).
|
|
|
|
## **Purpose**
|
|
|
|
Ensure the security and confidentiality of company data in alignment with the Personal Information Protection and Electronic Documents Act (PIPEDA) when accessing company resources via personal devices.
|
|
|
|
## **Scope**
|
|
|
|
Applicable to all clients and their employees of digiBandit IT Services intending to access company resources (e.g., email, files, applications) on personal devices like cell phones, laptops, or tablets.
|
|
|
|
## **Policy Highlights**
|
|
|
|
- **Device Registration and Approval:** Employees must gain approval and register their devices with digiBandit IT Services' IT management system before accessing company resources.
|
|
|
|
- **Security Requirements:** Mandates up-to-date antivirus software and security patches on personal devices, alongside strong passcodes or biometric locks and enabled device encryption.
|
|
|
|
- **Data Access and Storage:** Enforces controlled access to sensitive data and prohibits unencrypted company data storage on personal devices. Cloud storage must comply with PIPEDA and company policies.
|
|
|
|
- **Remote Wipe and Device Management:** Authorizes digiBandit IT Services to wipe company data from personal devices remotely under specific conditions to protect sensitive information.
|
|
|
|
- **Compliance and Monitoring:** Stipulates device usage monitoring for policy compliance, with potential revocation of company resource access for non-compliance.
|
|
|
|
## **Procedure Overview**
|
|
|
|
- **Request for Access:** Employees must submit a request to managers and IT administrators for personal device access to company resources.
|
|
|
|
- **Device Assessment and Registration:** IT administrators will assess device security compliance before registration in the IT management system.
|
|
|
|
- **Security Setup:** Administrators will assist employees in implementing necessary security measures, such as encryption and passcodes.
|
|
|
|
- **Access Provisioning:** Based on roles and needs, limited access to company resources is granted, with training provided on secure data handling.
|
|
|
|
- **Ongoing Monitoring and Compliance:** Regular audits and periodic policy reminders are included to ensure continuous compliance.
|
|
|
|
## **Acknowledgment**
|
|
|
|
Employees must acknowledge understanding and agreement to adhere to the policy.
|