A Device Usage Policy empowers your organisation to set the requirements for how your employees (and contractors) use your devices to access your IT infrastructure and the valuable data it stores. From an information security standpoint, a Device Usage Policy is a very useful tool that will help you minimise the risks posed by your employees’ device usage.

You may have heard of a similar policy called the Bring Your Own Device Policy (BYOD). The main difference between these two policies is that the BYOD Policy applies to personal devices owned by your employees, while the Device Usage Policy applies to the use of your devices.

Why is the Device Usage Policy important?

A Device Usage Policy is important because information (or data) is valuable and organisations have to look at different ways of ensuring that they maintain good information security standards.

Employees are a big area of exposure. Without the policy, you will not be able to properly regulate how they use your devices in accessing your IT infrastructure and any important data you have stored on the infrastructure.

By not having the policy, you risk your employees using your devices in ways that make your organisation vulnerable to hacks, theft and a whole range of other unwanted scenarios. You also risk infringing the rights of data subjects.

How does the policy work?

This policy sets out the type of devices that it applies to and covers the minimum usage requirements that apply to the use of your organisation’s devices, amongst other provisions.

What devices does the policy apply to?

  • Fixed devices, such as desktop computers or servers
  • Portable devices, such as laptops, tablets, and mobile phones
  • The software on those devices
  • The onsite and offsite use of those devices

What minimum usage requirements does the policy set out?

The minimum usage requirements the policy covers include the following:

  • purpose of use – the purpose for which the employees use devices (they must use them mainly for work purposes, amongst others)
  • encryption – encrypting the devices to minimise the risk of unauthorised access
  • standard software – the software that should run on the devices, including operating systems, anti-virus and mobile device management software
  • protection guidelines – how to protect devices against damage, theft or loss
  • incident reporting – reporting of damage, theft or loss
  • repair procedures – the repairing of the devices, in case of any damage

Actions you can take

  • Protect your confidential information and personal data and regulate how your employees use your devices to access it by asking us to draft a Device Usage Policy.
  • Limit the risks of non-compliance with data protection laws posed by your employees by asking us to draft a Bring Your Own Device Policy.
  • Comply with information security standards by joining our Information Security Compliance Programme.
  • Be alerted to any new developments by subscribing to our newsletter.

Interested?

If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.