How to handle any compliance or policy challenges of text messages
1. Know Your Device Ownership Scenario(s).
Who will own and operate devices used for text communications? To begin, address how your organization will provide mobile devices that are used for business text messaging. This is important, because your device ownership and billing model will have a significant impact on how your organization implements its mobile and text messaging archiving and compliance plan.
The major categories of device ownership are Bring Your Own Device (BYOD), Choose Your Own Device (CYOD), Corporate-Owned Personally Enabled (COPE), or a combination of these scenarios. Each approach to device ownership has advantages and drawbacks, so there’s no ‘perfect’ solution that suits every organization. Your choice of device ownership should be made based upon the specific needs, objectives, and capabilities of individual user groups within your organization.
2. Update your communications policy to account for business text messaging.
While mobile device policies likely already have a place in your organization’s information security policy and supervisory procedures, you will need to enhance these to include explicit direction on acceptable use of text messaging for business purpose, and then enforce compliance. Your policy should address the following questions, and be distributed to employees:
Which type of mobile hardware is preferred/mandated for business use?
This is related to your device ownership strategy. Will your organization require/prefer iPhones, or can employees use multiple types of devices?
What type of data and devices will be archived and supervised?
Be specific with employees here, noting who, what, when, and where business communications and text messaging on mobile phones will be archived and supervised. Also, note how communications will be archived, so employees are aware if they need to enable a specific archiving technology on their phone to be compliant.
Will you allow employees to whitelist contacts on mobile phones?
Describe if, how, and when employees can whitelist certain contacts (usually personal contacts like a spouse or physician) to exclude or prevent sensitive personal or medical conversations from being captured, archived and supervised by their employer.
The popularity of text messaging is growing every year, and many employees and their clients now expect to use it as a tool to conduct business.
Prohibiting the use of text messages is not only unsustainable for an increasingly mobile workplace, but it also does not protect your organization from risk — it simply hides risk where you can’t see and manage it.
- How to handle any compliance or policy challenges of text messages
- Why your organization’s device ownership scenario matters, and how to choose the right one
- How to account for text messaging in your policies, and use technology solutions to manage risk