Bring Your Own Device (BYOD) Onboarding Procedure (AC-PROC-002)
1. Purpose
To establish the process for registering and securing a personally-owned device (BYOD) for access to company resources.
2. Scope
This procedure applies to all workforce members who wish to use a personal device to access company information or systems.
3. Overview
This procedure details the steps for a workforce member to register a personal device for company use, including obtaining consent, installing required security software, and ensuring the device meets security standards before access is granted.
4. Procedure
| Step | Who | What |
|---|---|---|
| 1 | Workforce Member | Requests to use a personal device for work purposes. |
| 2 | Workforce Member | Provides formal consent to the installation of security software and acknowledges the company’s right to remotely wipe corporate data. |
| 3 | Workforce Member | The device is formally registered with the IT Department. |
| 4 | IT Department | Installs and verifies required security software (MDM/EDR) and confirms the device meets minimum security standards (encryption, access control, malware protection). |
| 5 | IT Department | Access is granted to company resources. |
5. Standards Compliance
| Procedure Step(s) | Standard/Framework | Control Reference |
|---|---|---|
| 1-5 | SOC 2 | CC6.1, CC6.6 |
| 1-5 | HIPAA | 45 CFR § 164.310(d)(1) |
6. Artifact(s)
A completed and signed BYOD Registration and Consent form.
7. Definitions
- BYOD (Bring Your Own Device): A policy that allows employees to use their personal devices for work-related purposes.
- MDM (Mobile Device Management): Software that allows an organization to manage and secure employees’ mobile devices.
- EDR (Endpoint Detection and Response): A solution that monitors endpoint and network events and records the information in a central database for analysis, detection, investigation, reporting, and alerting.
8. Responsibilities
| Role | Responsibility |
|---|---|
| Workforce Member | Requests to use a personal device, provides consent, and ensures their device is available for security setup. |
| IT Department | Manages the device registration process, installs and verifies security software, and grants access. |
| Managers | Ensure their team members follow this procedure when using personal devices for work. |