|
A recent Network Trends Now survey on enterprise mobility policy shows that 77% of enterprises have a formal policy that governs employees' use of cell phones, aircards, pagers, and smartphones. Larger organizations that manage more than 500 devices show an even higher rate for adopting a formal mobility policy, with 91% reporting in a recent Network Trends Now survey, that they have a policy in place.
It is important to keep the mobility policy current. There are six critical elements that organizations should include in their mobility policy.
There are six critical elements that organizations should include in their mobility policy to govern employee use of smartphones, cell phones, laptop aircards, and pagers:
-
Executive support
- Clearly defined entitlements
- Enforcement consistency
- Expectations for expenses
- Compliance to Government regulations & risk mitigation
- Security
Executive support is critical. Employees are used to having control in terms of selecting the smart phone, or cell phone, mobility carrier, and service plans that they use. Without executive support, employees will find ways of undercutting mobility policies. In one case, a manager had a provision added to the mobility policy to prevent an overzealous Human Resources executive from overriding the policy.
Entitlements should clearly define who gets a service plan that is paid for or subsidized by the enterprise and the cell phone or smartphone that they are eligible to receive. One approach is to establ ish entitlements based on the job role. Many organizations find they can establish policy entitlement guides for job roles. This allows managers to clearly identify what data and applications are essential for the roles of employees in the organization, how they work, and the level of access to do their jobs. For example, the sales team may need mobile access to customer records. Financial executives may need access to sensitive data on corporate financial results while an administrative team may need access to email and calendars.
Part of the key to maintaining a policy is to have consistent enforcement of the policy. Many firms find a portal with an automated questionnaire that has pre-established entitlements based on the job role is a good approach. This takes personalities and subjective assessments of employees' needs out of the evaluation process. A portal will also provide a scalable approach that can adapt as mobile smartphones, applications, and access are rolled out to more employees.
 A good policy will establish some expectations for the amount of minutes and data that will be consumed. In addition, it can call out the need to establish special arrangements for international travel. High international roaming charges can be avoided through unlocked GSM phones and Subscriber Identity Management (SIM) cards with plans that have been optimized for international travel.
The fifth element that is critical to an effective mobile policy is compliance to government regulations. The policy should make it clear that the devices are to be used for business purposes. The US federal tax law does not specifically cite cell phones, but section 61 of the Internal Revenue Service tax code states that “gross income includes… all income including... fringe benefits.” An employer provided cell phone is considered a fringe benefit and it is taxable to the employee unless
-
The cell phone is used exclusively for work.
-
The employee would have been entitled to a business expense deduction if they had bought it for themselves.
Organizations must draw a distinction between corporate and personal use. The policy should also indicate that periodically the organization will audit usage to show employees are not using corporate assets for personal use. Alternatively, the policy can state that the organization or its employees are maintaining minute-by minute audit logs for calls, text messages, instant messages, e-mails all usage. The enterprise should state in its policy that personal use will be included in personal income and taxed. Organizations should also state that employees must utilize a hands-free device if they are driving and that employees will not send text messages while driving or operating heavy machinery. Clear rules should be established regarded the use of photography and video on devices. Ideally, organizations should be able to disable photography and video from employees that do not need these capabilities for their jobs. Finally, organizations should tailor their policy for compliance requirements with their specific industry.
The sixth consideration for policy concerns security. Smartphones and mobile devices are more likely to be lost or stolen. Passwords and encryption of data on devices will help protect sensitive employee, customer, and corporate data. One lost device can result in costly penalties and legal action, It is important to remember that new smartphones have the computing power and memory that laptops had five years earlier. The amount of data even that is included in corporate e-mail and attachments can be quite damaging. Over time the "street" value of a device may rise based on the data that is stored on a device.
Implementation of central Mobile Device Management (MDM) can help to address these issues with security and access controls.
________________________________________________________
What do you think of this post?
What issues have you had to deal with in updating your organizations' mobility policy?
Please register and comment.
|
