Return to Policies page
Navigation
    Add a header to begin generating the table of contents

    Bring Your Own Device Policy

    Policy name Bring Your Own Device (BYOD) Policy
    Policy number ICT001
    Date approved 26 June 2024
    Approving body Council
    Responsible officer General Manager
    Implementation officer Senior Systems Administrator
    Next review date August 2029
    Linked policies

     
    • Acceptable Use of Computer & Network Policy
    • Bring Your Own Device (BYOD) Procedure
    Related forms and documents
    • BYOD Staff Agreement Form
    • BYOD Student Agreement Form

    1. Purpose of this policy

    The Cairnmillar Institute (the Institute) aims to provide staff and students who work in the Clinic with the information needed to make an informed choice about whether to use a laptop provided by the Institute or their own device, known as “Bring Your Own Device (BYOD)”. This policy defines the standards, rules of behaviour and device requirements for staff using their own devices within the Institute’s computing and network environments.

    2. Scope

    2.1 Exclusion

    2.1.1. The Policy is an OR policy. Staff are permitted to use a BYO Device OR a Cairnmillar supplied device. Staff are not eligible for both options.

    2.1.2. Certain positions are excluded from BYOD due to the nature of their role and function. These include;

    • All IT roles.
    • All finance roles.
    • All HR roles.
    • Any staff member needing to access the Level 1 secured SharePoint data.

    2.2 Expectation of Privacy

    2.1.1 The Institute will respect the privacy of your personal devices and will only request access to respond to legitimate discovery requests arising from administrative, civil, or criminal proceedings.

    2.1.2 The Institute will install management agents onto your computer to ensure compliance with Microsoft Entra Registered device requirements.

    2.1.3 The Institute will not ask for or expect administration privileges on your device. Any tasks that must be completed on a BYOD will have to be completed by the device owner.

    2.1.4 Staff registering for the program will be expected to register their BYOD device with The Institute’s Microsoft Entra tenant using the provided process.

    2.3 Acceptable Use

    The Institute acknowledges that it does not own the device and therefore does no limit the use of the device.

    2.3.1 No Institute data is to be stored locally on a BYOD. This includes, but is not limited to:

    1. Course Material
    2. Research Material
    3. Confidential client or other customer data
    4. Material classified as intellectual property
    5. Student data or results

    2.3.2 Staff may use their BYOD to access all required Institute services and data primarily through cloud-based access, including Microsoft 365 services and applications. Including the cloud-based version of Word, Excel, PowerPoint, and Outlook.

    2.3.3 Staff must use their devices ethically and adhere to the Institute’s computing policies.

    2.3.4 Staff agree to make every reasonable effort to ensure that The Institute’s data is not compromised through the use of BYO Devices. Screens displaying sensitive or critical information should not be visible to unauthorised persons and all registered devices must be password protected.

    2.4 Applications

    2.4.1 All applications required on a BYOD are the responsibility of the owner of the device.

    2.4.2 The Institute gives access to download and install the latest versions of Microsoft Office through the https://office.com portal for those instances where the cloud-based versions lack specific functionality. Note that in the case where the desktop version is used, files must still be stored within the Institute SharePoint Online or OneDrive Online storage.

    2.4.3 Access to any other specialised software that needs to be installed will be considered on a case-by-case basis following an application request to IT via the Helpdesk. In the instance where software is provided, the Institute’s IT will provide the installer and any installation information required. It is the responsibility of the device owner to install and configure the software.

    2.5 Connectivity

    2.5.1 BYODs must be able to connect to the Institute’s network infrastructure, primarily through the Wi-Fi systems in use in all offices. IT will assist with completing the connection where required; however, the device owner is responsible for its compatibility.

    2.5.2 Connections for devices to the projection and audio systems in the Hawthorn East premises will be provided by the Institute for HDMI, USB-C, Firewire, Thunderbolt, and DisplayPort connections. Connections for any other form of display adaptors are the responsibility of the owner of the BYOD

    2.6 Digital Security

    2.6.1 All staff-owned devices to be used for the Institute must comply with basic security configurations to mitigate data security issues for Institute data.

    2.6.2 All BYOD must have:

    1. A firewall installed and operational that blocks traffic that originates externally. Most operating systems come with a firewall installed, and the default configuration is normally a minimum starting point.
    2. A commercial grade Anti-Virus platform from one of the approved vendors. Staff should contact IT to obtain an up-to-date list of approved vendors, as this can change frequently.
    3. A user account on the device that is limited to use by the staff member only. If the device is to be shared with other household members, they must have their own account separate to the one used for Institute work. Where a device is a single-user device, such as a phone or tablet, only the staff member must have access to the device.
    4. Local data storage encryption enabled. On a Windows device this is BitLocker. On an Apple device, this is Vault. Phones and tablets must be encrypted where the possibility of Personally Identifiable Information of clients, students or other staff may be stored on it. This includes whether it is only used for email.
    5. The device must have secure boot enabled for laptops, notebooks, and desktops.

    2.7 Support with BYOD

    2.7.1 The Institute can only provide best-effort support on BYODs.

    2.7.2 The Institute will provide the assistance and guidance required to BYOD users in complying with the Expectation of Privacy listed in this document.

    2.7.3 The Institute is unable to assist with issues including, but not limited to;

    1. Private network connectivity
    2. Private network performance
    3. Personal printers including configuration and printing issues
    4. BYOD hardware faults
    5. BYOD operating system faults
    6. Virus removal
    7. Security configurations

    2.8 Risks, Liabilities and Disclaimers

    2.8.1 The Institute reserves the right to:

    1. Disconnect, block, or disable services to a BYOD without notification.
    2. Take appropriate disciplinary action up to and including termination for noncompliance with this policy.

    2.8.2 Lost or stolen devices (whether BYOD or Institute owned) must be reported to the Institute’s IT within 24 hours.

    2.8.3 The owner of the BYOD is liable for all costs associated with the device.

    2.8.4 The owner of the BYOD assumes full liability for risks including, but not limited to, the partial or complete loss of company and personal data due to an operating system crash, errors, bugs, viruses, malware, and/or other software or hardware failures, or programming errors that render the device unusable.

    2.8.5 Staff acknowledge that the Institute;

    1. Owns all intellectual property created on the device under any Cairnmillar account.
    2. Will delete all business data held on the device in the event of theft, loss, or staff termination. Every effort will be made to ensure that personal data is not deleted; however, it is recommended that regular backups are maintained.
    3. Has the right to deregister the device for business use at any time.
    Print a copy