Having a coherent set of mobile policies as early as possible will help you prevent headaches for your IT staff and confusion for your end users. Like anything else they are note that involved or complicate … they just take time and will require you to take a step back and just think.
Let’s start with a simple definition of mobile policies.
Mobile Policies: A set of usage guidelines and procedures for both the organization and the end user to adhere to.
Nice and easy…
At a bare minimum, your mobile policies should include guidelines on the following:
- Device Ownership: Will you only allow corporate owned devices? Can an employee bring their own device?
- General Usage: Essentially the do’s & don’ts. What is allowed and what is not allowed on the devices. This will be slightly influenced by the Device Ownership question. This is pretty standard stuff that you can most likely just ‘port’ over from your general IT and behavioural, good citizen employee guidelines. If the device is corporate owned what can the employee use it for. Be reasonable.
- Corporate Processes: Many don’t include general procedures in their mobile policies, but if you are going to spend the time why not include the official processes for requesting a new device, an application or whatever else is related to the device.
A mobile policy should be in agreement with your already existing security policies. Be sure that the mobile policy is complimentary and not contradictory to what your security group already has in place.
You may think that this is an oversimplification… but in my short time in mobile (since 2006) I can tell you that many organizations do not have anything in place. If you have to start somewhere … you might as well start with simple.
