Atlassian announces end of life for OpsGenie. Looking to switch? We're here to help -- Learn More ➡️
Menu

BYOD & Mobile Device Management (MDM) Policy

1. Introduction

PagerTree supports the secure use of personally owned devices to access company systems, provided such use does not introduce risk to customer data or PagerTree’s operational environment. This Bring Your Own Device (BYOD) Policy outlines the security requirements and responsibilities for employees and contractors who use personal devices for authorized business purposes.

BYOD participation is optional and requires adherence to all security controls described in this policy.

2. Scope

This policy applies to:

  • All employees, contractors, and approved third parties using personal devices for PagerTree business
  • All mobile phones, tablets, laptops, and other personal computing devices that access PagerTree systems, services, or data
  • All communication channels used to access PagerTree applications (email, company systems, cloud services, etc.)

This policy does not authorize access to sensitive production systems or administrative environments unless explicitly approved.

3. General Requirements

All personal devices used for company purposes must:

  • Be owned and controlled by the authorized user
  • Be used exclusively by the owner (no shared family devices for work access)
  • Support modern security controls (e.g., encryption, lock screen, up-to-date OS)
  • Be configured to meet PagerTree’s minimum security requirements

Participation in BYOD requires agreement to follow all PagerTree security policies.

4. Security Requirements for Personal Devices

4.1 Device Security Controls

All BYOD devices must implement the following controls:

  • Device Lock
    Devices must be protected with a password, PIN, or biometric authentication.

  • Auto-Lock
    Devices must automatically lock after a short period of inactivity.

  • Encryption
    Full-device encryption must be enabled where supported by the operating system.

  • Operating System & Patch Management
    Devices must run supported operating systems and apply security updates promptly.

  • Malware Protection
    Where applicable, devices should use up-to-date malware protection tools.

  • No Jailbroken or Rooted Devices
    Jailbroken, rooted, or otherwise security-modified devices are prohibited.

4.2 Access Controls

  • Multi-factor Authentication (MFA) is required for accessing PagerTree systems.
  • Administrative or privileged PagerTree accounts may not be accessed via personal devices unless explicitly approved.

4.3 Data Handling Requirements

  • PagerTree data may not be stored unencrypted on personal devices.
  • Local downloads of sensitive or customer data are prohibited unless secure storage is used and access is authorized.
  • Copying, forwarding, or transmitting company data to personal apps or cloud storage is strictly prohibited.

4.4 Lost or Stolen Devices

If a device used for business purposes is lost or stolen:

  1. The incident must be reported immediately to security@pagertree.com
  2. PagerTree may require revocation of access tokens, forced password resets, or remote session termination
  3. If technically feasible, PagerTree may request remote wipe of company data

5. Acceptable Use Requirements

Users must:

  • Follow all PagerTree security policies, including Password Policy and Acceptable Use guidelines
  • Use devices responsibly and only for approved business purposes
  • Maintain separation between personal and business data
  • Install only trusted applications that do not compromise device security

Users must not:

  • Disable security features (encryption, lock screen, OS updates)
  • Install unauthorized apps that could access company data
  • Circumvent PagerTree authentication or logging controls
  • Store customer or sensitive data outside approved systems

6. Monitoring and Privacy

PagerTree does not monitor personal content or applications on BYOD devices.
However, PagerTree may:

  • Monitor and log access to company systems and data
  • Enforce security requirements through authentication and access control mechanisms
  • Require removal of company data or access upon termination or policy violation

PagerTree will never access personal photos, messages, or unrelated private content.

7. Enforcement

Failure to comply with this policy may result in:

  • Revocation of system access
  • Requirement to cease using personal devices for business purposes
  • Disciplinary action where applicable

Contractors or third parties may also face termination of contracts or access rights if noncompliant.

8. Review and Maintenance

This policy is reviewed at least annually or whenever changes in technology, risk, or business operations require updates. Revisions must be approved by PagerTree Executive Management.

For questions regarding this BYOD Policy or PagerTree’s security program, please contact security@pagertree.com.