When the company is done with setting up the BYOD path, the next thing is to get it going. To successfully implement the BYOD the transition, it is better to put it in a formal project context and form a cross-platform, cross-skill team to manage the technology, security, financial implications of the transition.
Although BYOD initiative looks basically an IT-related issue, access to the corporate resources via employee-owned devices complicates the project. Naturally, in order to form a successful BYOD transition project, the project team will need to be formed. I recommend the project team to be formed from various departments and from various skill levels. At the very least, the project team is better formed by a person from the management, one from the IT department, one from the accounting/finance department, one tech-savvy user (better if an early adopter) and one late adopter. Not only having different perspectives from different departments will address many issues before they happen, but also they will better enforce the project outcomes throughout the company.
The project team will answer the simple questions that I have discussed so far in the series:
What are the current policies with employee-owned devices?
What are the business goals in implementing BYOD?
How will the risks be managed?
Which devices/operating systems will be supported?
Will there be exceptions with certain departments/personnel? [warehouse, off-site, customer-facing personnel etc..]
The answers to these questions will form the outlines of the BYOD project. After the outline is defined, there will still be some more issues here and there that will need to be worked out. These issues are not less important but they need to be considered “inside the outlines” of the project. That means, if one issue contradicts one outline, it either needs to be rejected or the outline is to be reevaluated.
Data ownership, which can be considered inside the risk management is where the project team needs more support. Having corporate and proprietary data on employee owned devices is a nightmare that should be properly managed. I recommend adding someone from the legal department (or the company’s lawyer), a representative from the content owners and an employee from the information security team. From my personal experience, I would like to emphasize that the perspective of the team should be enabling the business, rather than restricting it, which is clearly the easier way (I have yet to see one company which that does not happen). If the company chooses to restrict, the employees will find a way to circumvent the restriction.
The outcomes from the policies should also be delivered to the help desk. The help desk policies and procedures need to be revised according to the BYOD policies. In addition, the procedures to support the BYOD users has to be defined and written. Again, from my experience, before handing things over to the help desk, I recommend publishing self-service guides on the company Intranet. At the very least, having corporate e-mail account setup guides that cover different devices [Android, iOS, Windows Mobile and BlackBerry] will cut the help desk calls almost in half.
Financial elements, especially the operating expenses is another issue. Think about the following: most probably the employee owned devices will have one SIM card. But the employee will use the same device for both personal and work related issues, meaning that the calls, data and messages will be under one invoice. Here, the BYOD project has to clearly define the reimbursements to the employee. The input from the accounting/finance department at this point will be crucial.
Once these issues are worked out, the next step is to document them clearly. Considering the very nature of the advancements in the consumer technologies, the documentation also needs to address the continuous evaluation and revisioning cycles. The evaluation has to start from the launch date and take both the feedback from the employees and reports from the Enterprise Mobility Management application into account. In a world where changes happen and adapted overnight the policies and documentation should be reviewed and updated frequently. I believe that in current business environment, quarterly evaluation and update of the policies will be enough for almost all companies.
- Featured image: http://redboardbiz.rogers.com
- Inline image: http://www.shapia.com