BYOD - Laptop / Macbooks

Here are some of the policy statements for BYOD Policy (Some points borrowed from Magda CHELLY, CISSP, Ph.D.‍

All Employee’s Personal mobile devices shall be connected to the corporate network only if enrolled with a Mobile Device Management (MDM) solution.
Only devices which have been built to international standards and/or manufactured by approved OEMs, shall be enrolled to connect to Company’s Information systems / network.
The Personal Mobile devices shall be encrypted as per policy. Change of Personal mobile device shall be in accordance with the company policies.
Unauthorized / unlicensed / Pirated software shall not be installed by employee on the personal device. Any liability arising from such acts shall rest with Employee only.
Inappropriate personal information should not be stored into the company work environment. These may include copyright violated songs, videos, pictures, documents, books / reports and information that doesn’t belong to Company or individual.
Device getting replaced shall be wiped and de-enrolled from the MDM solution. Disposal and decommissioning of Personal Mobile devices must conform to the E-Waste Practices.
Users must be aware that the device contains Company data and take appropriate action to protect the device from being lost, misplaced, or stolen.
Personal Mobile Device settings (passwords, pattern etc) must be consistent with Company’s Password policy. Admin Password shall be shared with Company Admin, in case needed for support on hardware and operating system related issues.

Employees shall not back up Company information or Data from the Personal Mobile Device to non-Organization system or personal systems as this may cause loss of confidentiality of certain information. Backup to be performed as per Company policy.

If enrolled device is lost or stolen, the employee should immediately inform the same to the company through

Personal Mobile devices must use the latest Operating System Updates as per the official updates of respective operating systems. Updates are pushed by the OEM and must be followed and updated on a periodic basis, to ensure security compliance.

Personal Mobile devices must be protected. Devices must always have a passcode or password set, if available by the device as per company enrolment policies.

Rooted (Android) or jailbroken (iOS) smartphones or tablets or pirated operating system are strictly forbidden from accessing the company network as they would not be enrolled to company network.

All the technical controls applicable for Company Owned Devices are applicable for Employee owned Devices. Additionally, a Mobile Device Management (Container) solution is implemented on the Employee owned Devices

Company shall not be responsible for the loss of Employee Owned Device, irrespective of location (inside or outside the company)
Company is liable to <XY% of the cost> / <depreciated cost of the device (as per invoice and local accounting standards)> in case the device ownership is transferred to Company for purposes beyond individual’s or company’s control.
Company is liable to pay monthly allowance of < $nn> per month for a maximum of <24/36> months in a block period of <36/48/60> months

Technical Controls: