Bring your own device (BYOD)

Lara Nichols recognises the advantages gained to the business and the efficiency of its employees through arranging flexible working arrangements as allowing employees to bring their own device into the business and permitting them to use their property to undertake their day to day working activities.

Policy Aims

  • To protect the data that is downloaded onto an individual’s equipment
  • To specify what devices the company will support
  • To provide protection to the clients customers and employees of Lara Nichols
  • To prevent sensitive data being stolen or misused in the event of theft or accidental loss of the portable equipment
  • To establish a Service Policy for employees should problems occur.

Policy and Procedure

  • Devices that are permitted are personal mobile phones, personal tablets and laptops.
  • All data that is processed on an individual’s device will be in compliance with the Data Protection Act 1998
  • The Director (Data Controller) will remain in control of all personal data regardless of the ownership of the device used to carry out the processing
  • The Data Protection Act 1998 requires the data controller to take appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of personal data of, or damage to, personal data
  • Lara Nichols recognises that these devices will be used during the individual’s working day as part of their day to day duties.
  • Employees must ensure that they password protect all devices on all occasions
  • All passwords should contain a capital letter and a number to ensure the strength of the password is strong
  • Where available Touch ID should be used as a security measure
  • Login names and passwords must not be disclosed to anyone other than the Managing Director or Managing Director
  • Devices can be used for personal use as well as for  business use
  • Personal use of the device should be restricted to lunch and break times
  • Employees should know where their personal devices are on all occasions, equipment should not be left unattended
  • In the event that an employee loses their device or the device is stolen this must be reported to the Managing Director and Managing Director as a matter of urgency.
  • All information will be stored on the company drives.  We understand that some data may be stored on individual devices whilst work is being completed (only).
  • The employee understands and accepts that should the employee leave our employment it is essential that the device is returned to the offices so that all company information can be removed from the device.
  • Applications (Apps) that are bought will be the property of the owner of the device not Lara Nichols.
  • Access to business data on Apps is to be removed on leaving the company.
  • You must have administrator rights on your device and not provide those rights to other parties
  • Other users of the device must not have access to the VPN (Virtual Private Network)
  • Be aware of the possibility of spoof emails or calls purporting to be from IT staff or companies.

This policy will be subject to regular review to ensure that it provides security to Lara Nichols and its clients as well as following best practise in relation to such matters.

This policy was last reviewed in October 2017