Learn BYOD policy best practices from templates

When drafting a Bring Your Own Device (BYOD) policy, you might be tempted to cut and paste from a template you find online. However, BYOD policies aren't one size fits all. You should think of BYOD policy templates as the starting point for your creation process.

• White House Bring Your Own Device Toolkit: The White House has a rather complete BYOD toolkit online that was developed in support of federal agencies implementing a BYOD program. Highlights of the toolkit include case studies and example policies. Templates can be a better starting point because they come from the enterprise, not some pundit or analyst's desk.
• Zenprise BYOD Policy Template: While you have to fork over some information to Zenprise to download this policy template, it's well worth your time (even with the inevitable contact from the Zenprise sales team). This leader in the consumerization of IT's policy should be mandatory reading for any company that plans to author its own BYOD policy. I even like it for educating managers about BYOD policy guidelines.
• IT Manager BYOD Policy Template: IT Manager Daily published this basic template by Megan Berry. She does a good job of breaking down and explaining the critical parts of a BYOD policy.
• BYOD policies for school systems: Capital Area Intermediate Unit, an education service agency in Pennsylvania, has collected a number of school BYOD policies on their wiki. Even if you aren't writing a BYOD policy for a school system, it can still be beneficial to see how a particular segment has to accommodate requirements in their policies.

BYOD policy creation process

After you pick up valuable information from BYOD policy templates, it's time to get started. Here is a high-level overview of how to develop your first BYOD policy.

1. Assemble a project team that includes representation from your end user community and major departments, especially finance, legal, IT, and security. This team will probably be the same one behind your BYOD initiative, though it could be a sub-team of the larger project team.
2. Assign BYOD policy research to all or select members of the team. You can point them to the templates I recommended.
3. Deliver the research findings to the policy team.
4. Break down internal considerations for a BYOD policy to protect your corporate technology infrastructure via a document or white board.
5. Circulate those considerations for internal review and sign off.
6. Develop an outline for your BYOD policy based on the research and internal considerations.
7. Develop a draft of your BYOD policy for internal review.
8. Solicit comments and feedback from stakeholders such as executive management, legal, and IT security.
9. Revise document and open it for user comments.
10. Finalize with user comments if needed.
11. Publish the BYOD policy for distribution and get management and user signoff.

Ongoing management of your BYOD policy

It's important to stay informed of what others in your industry are doing for BYOD policy by reviewing templates and industry studies. Industry changes to BYOD policy can mean it is time to revise your own policy, solicit internal feedback/comments, and publish a new version, much the same way that technological or business changes internally might dictate such a move.

Additional BYOD resources

• BYOD and the Consumerization of IT (TechRepublic and ZDNet special feature)
• The Executive's Guide to BYOD and the Consumerization of IT (TechRepublic)
• Three BYOD policies for keeping workers (and IT) happy (TechRepublic)
• Four worst mistakes you can make with a BYOD policy (TechRepublic)
• SANS Survey on Mobility/BYOD Security Policies and Practices (PDF)