BYOD (Bring Your Own Device) Policy

IT & Security Devices & Software Last reviewed: 2025-11-08 Owner: IT Security Team

Purpose

Global Bank recognises that employees may wish to use their personal devices for work-related activities. This Bring Your Own Device (BYOD) policy defines the conditions under which personal devices may be used to access corporate resources, the security requirements that must be met, and the responsibilities of both the employee and the bank.

Policy Reference: IT-DEV-004
Effective Date: 1 September 2024
Review Date: 1 September 2025
Applies To: All permanent employees who wish to use personal devices for work purposes

Scope

This policy applies to personally owned smartphones, tablets, and laptops used to access Global Bank email, calendars, messaging platforms, or any other corporate application. Contractors and temporary staff are not eligible for the BYOD programme and must use corporate-issued devices.

Eligible Devices

Device TypeMinimum Requirements
iPhoneiOS 17 or later; device must not be jailbroken
Android phoneAndroid 14 or later; device must not be rooted; security patch within 90 days
iPad / Android tabletSame as phone requirements above
Windows laptopWindows 11 Pro or Enterprise; TPM 2.0; BitLocker capable
MacBookmacOS 14 (Sonoma) or later; FileVault capable

Enrolment Process

  1. Obtain Approval: Submit a BYOD Enrolment Request through the IT Service Portal. Your line manager must approve the request.
  2. Read and Accept the BYOD Agreement: You will be required to read and digitally sign the BYOD User Agreement, which outlines your responsibilities and the bank's rights regarding your device.
  3. Install MDM Profile: Once approved, you will receive instructions to install the Global Bank Mobile Device Management (MDM) profile on your device. For phones and tablets, this is done through the Microsoft Intune Company Portal app. For laptops, IT Operations will guide you through the enrolment.
  4. Device Compliance Check: The MDM platform will verify that your device meets the minimum security requirements. Non-compliant devices will be denied enrolment until the issues are resolved.
  5. Access Granted: Upon successful enrolment, you will be able to access approved corporate resources on your personal device.

Security Requirements

All BYOD devices must comply with the following security standards, enforced through the MDM platform:

  • Screen lock: PIN (minimum 6 digits), password, or biometric authentication must be enabled.
  • Encryption: Full device encryption must be active.
  • Operating system: Must be running a supported version with the latest security patches.
  • Antivirus: Microsoft Defender for Endpoint must be installed on BYOD laptops.
  • No jailbreak/root: Devices that have been jailbroken or rooted are not permitted.
  • Remote wipe: You must consent to selective remote wipe of corporate data in the event of loss, theft, or policy violation.

What the Bank Can and Cannot See

The MDM platform uses a work profile model that separates corporate and personal data:

Bank CAN SeeBank CANNOT See
Device model and OS versionPersonal emails, texts, or messages
Compliance status (encryption, patch level)Personal photos, videos, or files
List of managed (corporate) appsPersonal browsing history
Device location (only if reported lost/stolen)Personal app data

Employee Responsibilities

  • Keep the device's operating system and security patches up to date.
  • Report a lost or stolen device to the IT Service Desk within one hour of discovery.
  • Do not remove the MDM profile or corporate apps while enrolled in the programme.
  • Do not store classified or restricted bank data outside the managed work profile.
  • Ensure the device is available for compliance checks when prompted by the MDM platform.

Leaving the Programme

If you wish to leave the BYOD programme or leave the bank, the MDM profile and all corporate data will be removed from your device via selective wipe. Personal data will not be affected. Contact the IT Service Desk to initiate the de-enrolment process.

Liability

Global Bank is not responsible for any damage to, loss of, or repairs needed for personal devices. The bank does not provide technical support for personal device hardware or non-corporate software issues. Data charges incurred from accessing corporate resources on personal mobile data plans are the employee's responsibility unless a corporate mobile allowance has been approved.

Contact

  • IT Service Desk: servicedesk@globalbank.com | Ext. 2000
  • IT Security Team: itsecurity@globalbank.com | Ext. 2200

Related Articles

Approved Software List

Official list of software applications approved for installation on Global Bank corporate devices, including version requirements and licence details.

Updated 2026-01-15

Corporate Device Usage Policy

Policy governing the acceptable use, security requirements, and employee responsibilities for all Global Bank-issued computing devices.

Updated 2025-12-01

Laptop Replacement and Refresh Cycle

Information on Global Bank's hardware refresh schedule, eligibility criteria for laptop replacement, and the process for requesting a new or replacement device.

Updated 2026-02-01