The following template was created by Schooley Mitchell the largest independent Telecommunications Consulting firm in North America to assist our clients in the creation of solid, all encompassing mobile device management policy.

1. Schooley Mitchell
Mobile Device Policy
White Paper

2. Introduction
Mobile devices are an essential tool in today’s workplace. From smart phones to tablets,
we use wireless technology frequently in the course of a regular business day. Cell phones
have also become the primary form of personal communication. This makes it more
important than ever for companies to have a well developed mobile policy to mitigate
liability and educate employees on acceptable use.
A wireless policy should be tailored to the specific needs of a workforce and it is possible
more than one policy will be needed depending on an employee’s job function. Similarly,
policies will differ depending on the mobile environment, taking into consideration the use
of corporately-owned or privately-owned devices.
The following template was created by Schooley Mitchell, the largest independent
telecommunications consulting firm in North America, to assist our clients in the creation
of solid, all-encompassing mobile device management policies. The document includes
best practices adopted from various industry sources.
Considerations
There are several factors to take into consideration before drafting a mobile policy – there
is no one-size-fits-all solution. Ask yourself the following questions to ensure you include
all the necessary elements:
◊ Are the devices corporately owned or privately owned (BYOD)?
◊ What are reasonable guidelines for my business and industry?
◊ What mobile capabilities are required by my employees?
◊ What mobile device issues or problems do we experience currently?
◊ What are the legal risks to my organization?
◊ Distracted driving and applicable laws
◊ Labor standards and overtime
◊ Remote wipe provisions
◊ What security measures are needed?
◊ How will you enforce the policy?

3. Distribution & Training
Any company policy must be distributed with frequency for legal protection. Each policy
should be signed by the manager and employee. Adhere to the following practices:
◊ Distribute in print, post in break rooms and store in your company’s online intranet
◊ Send regular emails with links pointing to the policy
◊ Redistribute policies whenever they are changed
◊ Review policies during training sessions
Next Steps
Schooley Mitchell delivers objective advice and analysis to ensure you are receiving
superior telecommunications services at the best price. We are independent of all
vendors and act only with your best interests in mind. We can help optimize your wireless
environment.
Services include:
◊ Ongoing optimization of wireless, landline & long distance services
◊ Billing error identification and recovery
◊ Project management, needs analysis, technology recommendations
◊ Hardware upgrades & installs, office relocations, network integration
◊ Merchant services analysis, including credit card, debit card, eCheck ACH
transactions
Contact us today for a risk-free assessment.

4. Sample Mobile
Device Policy

5. Policy Statement
The purpose of this policy is to secure and protect the mobile devices owned by
COMPANY NAME. COMPANY NAME grants access to these resources as a privilege
and must manage them responsibly to maintain the confidentiality, integrity, and
availability of all mobile devices. COMPANY NAME reserves the right to change this
policy at any time, with or without notice.
Definitions
Mobile devices are handheld or notebook-sized devices that can be used to store or send
information, or connect to the Internet.
For the purposes of this policy, the following definitions apply:
“Company” means COMPANY NAME
“Employee” means all personnel working for COMPANY NAME, including contractors,
consultants, interns, temporary or other workers assigned resource privileges
“Mobile device” means devices that can used to store or send information or connect to
the Internet eg. cellphones and smartphones including BlackBerrys, iPhones, and Android
devices, tablets, laptops, notebook computers, portable digital assistants (PDAs), USB
drives, memory sticks or other similar devices.
“Remote wipe” means software that deletes data stored on a mobile device
Eligibility/Scope
All employees must adhere to this policy, which applies to all mobile devices owned or
issued by COMPANY NAME or that are connected to its network. Devices used for
COMPANY NAME business, or containing data owned by COMPANY NAME are
governed by this policy.
Acceptable Use
General Use of COMPANY NAME Mobile Devices
Corporately-owned mobile devices are for work-related communications. Employees
should have no reasonable expectation of privacy regarding this resource and records will
be audited to monitor compliance. Text messaging, mobile data and international roaming

6. are included in some employee packages depending on job function.
All employees will ensure confidential data that is stored on or accessed via a mobile
device is safeguarded. This includes:
◊ Taking steps to physically secure the device, including the use of a password-
protected lock screen
◊ Never sharing passwords with anyone, including friends or family
◊ Avoiding auto-complete features that remember user names or passwords
◊ Ensuring all sensitive data stored on the device is encrypted
◊ Turning off unnecessary services such as Bluetooth and geotagging when not in use
◊ Keeping the operating system and all applications up-to-date and installing updates
immediately when mandated by the IT department
◊ Reporting a lost or stolen device immediately
Personal mobile devices that are not managed by the IT department but are used for
business are the responsibility of the owner. These users will be responsible for settling
billing or service disputes with the carrier, purchasing software, performing maintenance
and maintaining warranty information. The devices are still governed by the rules listed
above.
COMPANY NAME reserves the right to perform a remote wipe on any company-owned
device whenever it deems necessary.
When in the office setting or in meetings, all phones should be set to low volume or
vibrate as to not distract others.
Personal Use of COMPANY NAME Mobile Devices
COMPANY NAME subscribes to service plans that provide sufficient resources to
conduct company business. To prevent overages, employees should limit their personal
use of company phones. The employee is responsible for covering the cost of any charges
for unauthorized use including data, text messaging and app downloads.
Driving
Employees whose job responsibilities include travel must refrain from using their phone
while driving. Employees should pull off to the side of the road and safely stop the vehicle
before placing or accepting a call regardless of circumstance. If this is unavoidable, the
use of Bluetooth or other hands-free devices are permitted if allowed under local laws.

7. Always avoid complicated or emotional discussions while driving, and avoid talking via a
hands-free device in heavy traffic, inclement weather or in an unfamiliar area. Never text
message while driving.
Employees charged with traffic violations resulting from use of mobile devices while
driving will be responsible for all liabilities incurred.
Loss Theft
The loss or theft of any mobile device containing COMPANY NAME data must be
reported immediately to your supervisor and the IT department. Change all passwords
for accounts stored or used on the device and notify credit card companies and banks if
applicable.
Some questions to consider if your mobile device is lost or stolen:
◊ What stored data was stolen?
◊ What stored passwords were stolen?
◊ What other accounts and services might have been compromised? (cloud sharing,
etc.)
◊ Did you lose your only copy of important documents?
Personal Devices
Personal mobile devices should not be used during business hours unless it is for
legitimate business purposes. A device may be turned on in case some type of emergency
contact is required. However, employees should instruct emergency contacts to call the
main company line whenever possible. Company mobile device numbers will not be ported
to personal devices.
Enforcement
Violations of the foregoing rules will be considered a serious offence and may result in the
imposition of discipline up to and including termination, and may involve civil or criminal
litigation.