Bring Your Own Device Policy for Staff and Contractors
Applies to: All employees, contractors, and authorised third parties accessing company systems or data using personal devices.
1. Purpose and Scope
This policy outlines the requirements and responsibilities for individuals using personally owned devices (including but not limited to laptops, smartphones, tablets, and home computers) to access TVNF /MirrorMe’s systems, data, and services. This includes use of email, cloud-based platforms (such as Microsoft 365, OnePageCRM, Basecamp), and any system containing or processing personal or client information.
This policy ensures such use complies with TVNF /MirrorMe’s security requirements, data protection obligations (including the UK GDPR), and the standards required under the Cyber Essentials Plus certification scheme.
2. Device Security Requirements
All personally owned devices used to access TVNF /MirrorMe’s infrastructure or data must:
System Updates: Have a supported operating system and apply all high-risk or critical security updates within 14 days of release.
Malware Protection: Run active antivirus/malware protection software (such as Windows Defender, Bitdefender, or built-in mobile protection).
Device Access Control: Be secured with a lock screen using a minimum of one of the following: password, PIN, fingerprint, or facial recognition.
Authentication Controls: Use Multi-Factor Authentication (MFA) for all work-related accounts (e.g., email, cloud platforms, CRM access).
Network Security: Only connect to networks using WPA2 or WPA3 encryption with a unique, secure password. Default router passwords must be changed.
Data Storage: Avoid storing client or company data locally on personal devices unless encrypted and specifically authorised by a company director.
Incident Reporting: Users must immediately report loss, theft, suspected compromise, or unauthorised access of any personal device used for work purposes.
3. Acceptable Use and Monitoring
TVNF /MirrorMe retains the right to review and audit any personal device that connects to its services if a security concern arises.
Access may be restricted or revoked at any time if a device fails to comply with this policy.
Any data created or stored on behalf of TVNF /MirrorMe is the property of the company, regardless of device ownership.
4. Responsibilities
Staff and contractors are responsible for ensuring their devices meet the above requirements before accessing company services.
Devices found to be non-compliant may result in disciplinary action, suspension of access, or contract termination.
TVNF /MirrorMe will provide support only in relation to access controls (e.g. login troubleshooting), not technical support for personal devices.
5. Policy Agreement and Enforcement
All individuals who use a personal device for work-related purposes must confirm in writing that they understand and agree to this policy prior to being granted access.
Failure to adhere to the requirements outlined in this policy may result in immediate removal of system access and may constitute a breach of contract or internal disciplinary procedure.
6. Declaration of Agreement
I confirm I have read, understood, and agree to comply with TVNF /MirrorMe’s BYOD Policy. I acknowledge that my personal device must meet the company’s security requirements, and I understand that access may be restricted if I fail to maintain compliance.
For any enquiries, please contact John Pierre Allard (jpa@tvnf.co.uk) who is our data manager.
