The purpose of this document is to define how Resolver will retain control over its information assets while they are being accessed through devices not owned by the organization.
This document applies to all personally owned devices that can store, transfer, or process any sensitive information from the Information Security Management System (ISMS) and Privacy Information Management System (PIMS) scope. These devices include laptops, smartphones, tablets, USB memory sticks, digital cameras, etc. Such devices will be referred to as BYOD in this Policy.
Users of this document are all Resolver employees.
The rules in this Policy apply to all BYOD, whether they are used for work or private use or whether they are used within or outside of the organization’s premises.
Resolver supports the widespread use of BYOD for work use – i.e., using such devices for performing work for the company.
The company data that is stored, transferred, or processed on BYOD remains under the company’s ownership, and the company retains the right to control such data even though it is not the owner of the device.
Resolver’s IT department will manage and enforce the minimum requirements for BYOD through Mosyle Business Automated Enterprise, Apple MDM & Security, and Microsoft Intune MDM.
The minimum requirements are subject to change at any time, depending on organizational needs and an evolving security landscape.
All BYOD devices are allowed to connect to the Resolver Guest networks ONLY.
All Resolver employees are permitted to use their own devices for e-mail, Slack, Asana, Salesforce, Concur, Zoom, Box, and Bamboo.
BYOD, Mobile phones/Tablets owners are prohibited from installing applications from non-trusted sources (sources outside of the App Store, Google Play, or the Microsoft Store).
Rooted or Jailbroken devices are not allowed to be used as BYODs hosting Resolver content.
For each BYOD, the following conditions are mandatory:
The following actions are prohibited with BYOD:
Resolver has the right to view, edit, and delete all company data that is stored, transferred, or processed on BYOD.
Resolver has the right to perform full deletion of all data on BYOD without the device owner’s consent if it is deemed necessary to protect company information.
All security breaches and lost or stolen BYOD must be reported immediately to the IT and Information Security departments by phone, Slack, and e-mail: infosec@resolver.com.
Further, all weaknesses that have not yet become incidents must be reported through the same channels within 1 business day.
The Information Security Analyst will oversee training new and existing employees on the appropriate use of BYOD and raising awareness about the most common threats.
All policies require the participation of staff and contractors to be successful. Any employee or contractor found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Any exceptions to this policy can only be granted in accordance with the company CISO or Resolver’s Information Security Department’s written approval.
This document is valid as of August 2023.
The owner of this document is an Information Security Analyst who must check and, if necessary, update the document at least once a year.
When evaluating the effectiveness and adequacy of this document, the following criteria need to be considered:
EFFECTIVE ON: August 2023
REVIEW CYCLE: Annual at least and as needed