How to Write a BYOD Policy

Guest Author

By Matthew Neigh, Global Technology Evangelist, Cherwell Software

Today’s IT environments are complex, and the commoditization of IT is one of the driving elements. This is manifest in a variety of ways in the enterprise. However, few are as vexing as “bring your own device” (BYOD).

BYOD is not only the future—actually, it’s already here. Organizations should expect the trend and learning curve to increase, and the required time to adapt to decrease at a sharp rate. That means IT organizations are responsible for laying the groundwork for today’s need: the creation and implementation of policy. Listed below are key factors you’ll want to consider as you move toward the creation and implementation phase.

The Challenge

A large number and variety of potential devices and apps might make their way to your service desk. Usually, your customers are changing how they do business and effectively adopting these devices and apps for good reasons.

Smart Customers. Consumerization is one of the key market forces driving the commoditization of IT. Customers can simply purchase a device with the intent to pursue corporate goals and objectives. The customer isn’t thinking of whether or not the IT organization can support or integrate that device. Instead, the key driver is the business value the device represents to the organization.

New Devices, New Considerations. Consideration factors include (but are not limited to) sourcing, risk, regulatory, liability, security, ownership and utility/usability. The key thing to remember here is that there is no universal view of what should be in a BYOD policy. This is because organizations’ business requirements and strategies can vary substantially from one another. For the policy to be useful and relevant, it must reflect the priorities of the organization and its leadership. A template can be a useful guide. However, you’ll likely eliminate some of the policy elements and add necessary provisions.

The Concerns. Given the commoditization and commercialization of IT, here are a few things we can expect to hear:

  • Customer: “Isn’t there some kind of app I can run to give me access to the information or services that I need in the field?”
  • Organization: “We need to have this in place two months in advance of our next product launch. Why can’t we do that?”
  • IT: “Is this secure?”

Each perspective is valid with respect to each department and its goals and objectives. The IT department must find a means of addressing these concerns effectively without artificially limiting or overly restricting itself in the process. IT organizations should consider how effective policies can be used to their advantage—as well as fitting the business requirements of the entire enterprise.


What is a Policy? Let’s start with the definition: “A definitive course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisions.” So, how does this help us define, implement and refine policies? A policy allows us to shape actions, control processes, and manage the expectations of others. Policies help ensure the consistency, quality, and reliability of your interactions with those who depend upon you.

Policies benefit both the customer and the service provider. For example, when a customer calls the service desk, policy might require that the organization conduct a brief interview with the customer to verify that they are entitled to the support being requested. In this case, the policy helps the service provider ensure that only those entitled to the support receive it. This also ensures that the organization will have personnel available to provide support when the customer needs it and manage the overall cost of support. At a minimum, policies can specify a set of rules for engagement between the customer and service provider.

BYOD Policies

A Balanced View. When crafting a policy, build a balanced view of the area in which you are trying to manage expectations. In every policy, find stability between topical coverage and detail. Going too deep or skimping on either dimension represents a potential problem source.

Characteristics of Good Policies. To provide maximum value for both parties, well-designed policies should do the following:

  • Be clear and understandable to all audiences involved with the policy.
  • Directly relate to a specific area.
  • Address a specific need/concern in the area.
  • Use objective, verifiable conformance criteria.
  • Provide guidance without being overly prescriptive. (However, note that your organization does need to be prescriptive at times—clearly stating what an employee should or should not do.)

In addition, consider functional factors, such as the following:

  • How policies are documented and controlled
  • Ensuring that policies are readily accessible to affected persons
  • Establishing procedures to ensure policies are regularly reviewed for relevance and revisions as needed
  • How to access and improve conformance levels
  • Defining who can grant exceptions and waivers

These factors ensure your policies are relevant and accessible. Remember that the policy should effectively shape the current and future actions of the workforce. Overall, endeavor to design policies that support organizational objectives and business strategy. And then when your policy is reviewed, filter it through several considerations.

Make sure that all target audiences, as well as internal and external stakeholders such as the finance department, have had the opportunity to be involved in policy development, and to submit input and contributions to the BYOD policy. This will ensure that your target audiences have the opportunity to contribute their unique business requirements, as well as increase buy-in and adherence across the organization.

Once you have involved all appropriate audiences and completed your organization’s BYOD policy, it’s time for efficient communication, providing any departmental training if necessary, and effectively encouraging adherence to the BYOD policy. This will allow your organization to move forward more easily and strategically into the new, commoditized IT business world.

As Cherwell Software’s Technology Evangelist, Matthew Neigh works closely with existing customers and industry peers to understand how ITSM software solutions are currently being utilized, to explore how customer behavior is driving innovation, and to discover how emerging trends might impact service delivery. Matthew boasts extensive experience with integrating service management solutions into organizations of various sizes and industries. Matthew has traveled to more than 50 countries around the globe speaking, training, and consulting on topics ranging from interpersonal relationships to cross-cultural adjustment to ITSM practices.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.