1. WOSM Staff Support Centre
  2. Workplace and Travel
  3. Digital and Information Technology

WSB Policy: Bring Your Own Device (BYOD)

Updated
Have more questions? Submit a request

Purpose

The World Scout Bureau (WSB) recognises the benefits that can be achieved by allowing staff to use their own electronic devices when working, whether that is at home, in a WSB facility or while travelling.

Such devices include laptops, smart phones and tablets, and the practice is commonly known as ‘bring your own device’ or BYOD. The WSB is committed to supporting staff in this practice and ensuring that reasonable and/or less technical restrictions are imposed on the user in accessing the IT Resources set up by the WSB.

The WSB must ensure that the information security risks arising from the use of personal computing devices is controlled. The control does not apply to the use of personal devices to access the WSB information and data that are intended for public access.

 

Scope

This policy is for all WSB staff, contractors, consultants, interns and volunteers who are authorised to use their personally owned computing devices to store, access, carry, transmit, receive or use WSB information or data, whether on an occasional or regular basis. The term for personal computing devices used for work is called BYOD (“bring your own device”).

 

Personal Computing Devices

A Personal Computing Device is any device that was purchased by an individual and was not issued by WSB. A personal device includes any portable technology features as listed in Appendix B. Threats to mobile handheld devices stem mainly from their size, potability, and available wireless interfaces and associated services.

The WSB will maintain management control and authorise the use of personally owned devices. The WSB shall develop guidelines to define which employees can use their own devices, the types of devices they can use, and which information and data that they can access, process, or store on their devices.

Personal computing devices must:

  • Be authorised by WSB to access, process, transmit and/or store information and data of WSB.
  • Be inspected by WSB IT staff to ensure appropriate security on the device are up to date and meet the requirements of WSB Information Security Policy prior to use.

Definitions

A list of terms used throughout this policy are defined in Appendix A.

 

Guiding Principles

The following are accompanying policies to this policy:

    1. WSB Information Security Policy
    2. WSB IT Access Control & User Management Policy
    3. WSB Acceptable Technology Use Policy

Policy

Acceptable Use

  1. The WSB defines acceptable personal use of any device on company time as a reasonable amount of time for leisure activities. Please refer to the WSB Acceptable Technology Use Policy for more details.
  2. Employees are prohibited from inappropriate web-content using their personal computing devices connected to a WSB Information Technology Resources (e.g. LAN or Internet).
  3. During working hours, the personal computing device may not be used to store any:
    • Illicit or illegal material
    • Store or transmit propriety information belonging to other organisation
    • Harass others
    • Engage in other external ventures or activities.

 

Security & Safety

  1. To prevent unauthorised access, personal computing devices must be protected with passwords
  2. The WSB Password Standards Policy provides a guideline on how to set strong password for all devices.
  3. Employees may use their personal computing devices to access the following company services:
    • Emails
    • Calendars
    • Contacts
    • Documents
    • Other Information Systems or Cloud based computing systems/software packages.
  4. All personal computing devices running Windows OS MUST be protected with an Anti-Virus application and is updated to the latest operating system patches and updates. 
  5. Rooted Android and Jailbroken iOS device are strictly not permitted to access any WSB Information Technology (IT) resources. 
  6. WSB Staff, contractors, consultants, and volunteers using their personally owned devices connected to the WSB Information Technology (IT) resources are expected to follow applicable local, state and federal laws and regulations regarding the use of electronic devices at all times.
  7. Employees are expected to protect personal devices used for work purposes from potential unauthorised access, hacking, loss, damage or theft. 
  8. If members of the user’s household regularly use the personal device, then it is strongly recommended that encryption is implemented to protect the WSB’s data stored on the user’s personally owned devices.

Monitoring & Access

  1. The WSB retains the right in determining what is, and is not, appropriate content and has overall responsibility for the appropriate access to and use of the WSB’s Information Technology (IT) resources.
  2. Since the WSB will not routinely monitor personal computing devices, the WSB also reserves the following right:
    • To monitor, access and review all use of WSB resources and infrastructure. This includes all personal information exchange carried out on the user’s personally owned devices connected to the WSB’s Information Technology (IT) resources.
    • To regularly review user’s access to WSB Information Technology (IT) resources and revoke any access if needed.
    • To take all necessary and appropriate steps to retrieve information owned by the WSB.
  3. The WSB will not be responsible for loss or damage of personal applications or data resulting from the use of the WSB’s applications.

 

Roles & Responsibilities

Stakeholders

Responsibilities

Senior Management Team

Review, Approve and formally support this policy

Users
  • Complying with the terms of this policy and all other relevant WSB policies, procedures, regulations and applicable legislation.
  • Respecting and protecting the privacy and confidentiality of the information they process at all times.
  • Set up a strong password in accordance to the standards defined in the WSB Password Standard Policy.
  • Set the device to lock automatically when the device is inactive for more than a few minutes.
  • Take appropriate physical security measures and not to leave the device unattended.
  • Keep the software up to date.
  • All WSB related documents MUST be stored on Dropbox.
  • Configure the device to maximise its security. For example, each new technology brings new enhanced security features. Take time to study and discover how to use these and decide which of them are relevant. Seek help from the local IT Coordinator if necessary.
  • Organise and regularly review the information and data on the device and delete any copies when no longer needed.
  • In the event where the device is being replaced or when leaving the WSB’s employment, all of the non-published WSB information and data are securely returned to WSB and deleted from the device.
  • It is recommended to encrypt the device (to prevent access even if someone extracts the storage chips or disks and houses them in another device).
  • Report any data breaches, theft loss or damage to the local IT Coordinator.
  • The user assumes full liability for risks including, but not limited to, the partial or complete loss of the WSB and personal data due to an operating system crash, errors, bugs, viruses, malware, and/or other software or hardware failures, or programming errors that render the device unusable.

IT Department (Senior Manager, Digital & IT Services, IT Coordinators)
  • The identification, implementation and management of appropriate security controls necessary to safeguard the WSB’s network (LAN/WAN) and supporting infrastructure.
  • The provision of facilities for information backups to Dropbox and/or other centralised information stores but excluding backups of the hard disks on individual computers.
  • The provision of services which enable authorised user’s access to appropriate electronic information systems and data
  • Liaising with and advising the WSB management, individual users and line managers on the appropriate actions to take in the event of an actual or suspected breach data security.
  • Providing assurance that information technology controls and procedures are operated in accordance with the policies, regulations and best practice.
  • Support the user’s line manager in the secure removal of the WSB’s data when such data/information is no longer needed
  • Ensure any disruption to the technology is addressed in a timely manner.
  • Report to the Senior Management Team any and all issues, changes, deviations, exceptions, breaches and general problems related to the IT DRP and BCP.

Line Managers, Supervisors, Department Heads
  • The implementation of this policy and all other relevant WSB policies within the business areas for which they are responsible.
  • Ensuring that all WSB staff, contractors, interns, consultants and volunteers who report to them are made aware of and have access to this policy and all other relevant WSB policies.
  • Ensuring that all WSB staff, contractors, interns, consultants and volunteers who report to them are provided with adequate training and are instructed to comply with this policy and all other relevant WSB policies.
  • Ensuring that all WSB owned data stored on the user’s personal device is retrieved and no copies of the said data remains on the user’s computer.
  • Consulting with the HR Manager in relation to the appropriate procedures to follow when a breach of this policy has occurred
  • Consulting with the IT Personnel in relation to the appropriate actions to be taken when an actual or suspected breach of data security has occurred on the user’s personal computing device.

 

Policy Distribution & Awareness

This policy and it's supporting policies, standards and guidelines will be published on the WSB Dropbox.

Soft copies of the policy and its supporting policies, standards and guidelines will be available on WSB Staff Support Center.

The IT Personnel and/or the Senior Manager, Digital & IT Services may make periodic policy announcements by email.

WSB line managers will ensure that all existing and new staff, contractors, consultants, interns, volunteers and third-party commercial service providers who report to them are made aware of and have access to the policy and its supporting policies, standards and guidelines.

Individuals requiring clarification on any aspect of the policy and its supporting policies, standards and guidelines and/or advice on general I.T. security matters may email their queries to the Senior Manager, Digital & IT Services or the local IT Personnel.

 

Exceptions to this Policy

Exceptions to the guiding principles in this policy must be documented and formally approved by the Global Director, Communications , with evidence of support from the appropriate Senior Management Team.

Policy exceptions must describe:

  • The nature of the exception.
  • A reasonable explanation for why the policy exception is required
  • Any risks created by the policy exception.
  • Evidence of approval.

 

Policy Enforcement

The WSB reserves the right to take such action as it deems appropriate against individuals who breach the conditions of this policy. WSB staff, contractors, consultants, interns and volunteers who breach this policy maybe subject to disciplinary action, including suspension and dismissal as provided for in the WSB disciplinary procedure.

Breaches of this policy by a third-party commercial service provider, may lead to the withdrawal of WSB information technology resources to that third party commercial service provider and/or the cancellation of any contract(s) between the WSB and the third-party commercial service provider.

The WSB reserves the right to refer any use of its IT resources for illegal activities to the relevant Authorities.

 

Review & Update

This policy will be reviewed and updated annually or more frequently if necessary, to ensure any changes to the WSB’s organisation structure and business practices are properly reflected in the policy.

 

 

Appendix A: Definitions

Devices: Any technology and electronic features used to store, access, carry, transmit, that require the use of WSB information and/or data on occasional and/or regular basis.

Device includes any portable technology such as camera, USB flash drives, USB thumb drives, DVDs, CDs, air cards and mobile wireless devices such as Androids, Apple iOS, Windows Mobile, tablets, laptops, or any personal desktop computer

Information: Any data in an electronic format that is capable of being processed or has already been processed.

Information Technology (I.T.) resources: Includes all computer facilities and devices, networks and data communications infrastructure, telecommunications systems and equipment, internet/intranet and email facilities, software, information systems and applications, account usernames and passwords, and information and data that are owned or leased by the WSB.

IT Personnel: These are the individuals responsible for the day to day management of a WSB network domain. Also includes WSB personnel who have been authorised to create and manage user accounts and passwords on a WSB network domain

Line manager: The individual a user report directly to.

Password: A string of characters that a user must supply in order to gain access to an IT resource.

Process / Processed / Processing: Performing any manual or automated operation or set of operations on information including:

  • Obtaining, recording or keeping the information.
  • Collecting, organising, storing, altering or adapting the information.
  • Retrieving, consulting or using the information.
  • Disclosing the information or data by transmitting, disseminating or otherwise making it available.
  • Aligning, combining, blocking, erasing or destroying the information.

Users: Any authorised individual who uses the WSB’s IT resources.

 

Appendix B: Types of Portal Devices

Personal computing devices such as notebooks and laptops.

Personal Mobile phones

Personal handheld tablets

 

Articles in this section

See more
Was this article helpful?
0 out of 0 found this helpful