Corporate E-Mail Policies
 

The issue of what exactly can be seen by the BES administrators seems to be a frequent topic around here, one that Penguin3107 clarified quite nicely in this thread:

http://www.blackberryforums.com/gene...rnet-mail.html

I will admit that I was one of the persons who had a mistaken understanding of what could or could not be seen, but then I wasn't too concerned simply because I'm only on BIS and besides -- I own my own (small) company. But after seeing how often this comes up as a topic, it got me to thinking:

• For the BES administrators, how many of you have restrictive policies in place regarding BIS email, and what are the consequences for violation of those policies? Do we have many situations where there is an "absolutely no personal use of the BB" or is it more typically a "reasonable use" policy that is in place to provide evidence if you have a goof-off employee? Or is there no policy at all? Do you personally think the policy is reasonable in your organization?
• For employees on BES systems, what is your understanding of the policies? If you are uncertain, why don't you ask the administrator (as opposed to posing a question here) because ultimately the admin. is the one who knows. Do you fear personal consequences? Do you believe that asking the admin. would negate your claim of policy ignorance as a defense? What is your rationale?

I would like to get your input on these matters, if only because this would seem to represent some issues regarding company policies and employee rights, and how employees are behaving within organizations. It also would seem to have some fascinating ramifications for issues of corporate culture. Your thoughts and observations beyond the limited set of questions that I have posed are welcome.

Thank you.

Ignorance is NEVER an excuse, you know that :-)

There is no Personal is PC - that's the old saying.
Our policy is simple:

- no personal devices ever connected to the network (including BlackBerrys)
- since you don't own the device or network, you live by the rules
- we will get you any type of PDA, as long as it is a BlackBerry

Having said that, we do not restrict BIS e-mail, but we do have other policies regarding third party applications and a password policy.

It is amazing how many people think it is, however. ;-) Thanks for responding. How do you think the policies go over, especially regarding 3rd party apps? Also, given that the BBs are entirely corporate-owned, are employees expected to carry them 24x7, even while on vacation? Just curious??

99.9% of them use the BB for e-mail and voice only. No one asks for BIS. No one asks for weather apps. This is for e-mail/business only.

There is no published expectation or policy regarding 24X7 availability. That's a discussion between a manager and the employee.

Thanks. I'd like to hear from other admins, as well as users. Let me know what the policy situation is like at your firm.

Our IT Policy is set so that users can receive their BIS email but ALL out-going mail sent from a BB is sent from their BES address. Only a couple of people have ever even asked me about this, and they didn't have any problems with the policy.

Try using Ignorance as an excuse in court doesn't work to well(y)




This is a good topic so far very interesting.

Has there ever been any discussion as to why all out-going mail is routed through BES? Is this something that is actively monitored, or only passively monitored?

We look at it this way - a user cannot receive an email in Outlook and then forward it as another account. All outgoing mail from Outlook is sent from the Outlook email account. The IT Policy we have for BIS email on a BB makes this pretty much the same.

As for our company monitoring outgoing mail....I don't know all the specifics, but I believe any email sent from a person's Outlook account to a competitor's domain is monitored before it is actually sent.

Thanks. Sounds pretty reasonable to check mail going to a competitor's domain.

Wow! I was going to post today with this very topic in mind. We have had a change-of-the-guard. With that said, I sense that very soon our current anything-goes policy will soon be heading toward a micro-managed driven policy. Currently our users can install whatever they like, which burns me up, b-cuz I end up wasting time on Joe Schmoe's BB when he decides to upgrade his hh OS and blows it up. We have + or - 20 personal BBs on the BES, for which my support is to be limited to issues w/ corporate mail only. But when it comes down to it, w/o anything in writing, I end up helping them with everything from how to use "this stupid SureType" to "I just deleted mail from my Outlook 25 seconds ago, and it's still on my BB!"

That's one thing we do not do - allow personal devices on the BES. If someone wants a BB the device must be ordered by us and it is corporate property and fully supported.

So if you had to guess for now -- how much more restrictive will the new policy become. It sounds like you are considering:

• Installing and supporting only corporate BBs.
• Probably installing and supporting only corporate approved applications.

Is there anything else? Do you think that you will lock down on use of BIS email, and/or monitor employee use of BIS email?

What's funny is I work for a technology company, and our IT security practices keep things zipped up tighter than a frog's a$$, yet our BB security policy is basically that there isn't one. The people running our BES are basically doing it as an afterthought. They are the notebook people, and that's their primary responsibility. Even funnier is that we have over 500 BB users and they've even recently started allowing personal BB's because they don't have time to procure and lock down more corporate bb's. That may all change at some point, but for now we're wide open. I have 3 BIS accounts set up, several 3rd party apps, whatever I want to do, I just do it.

Now I'm guessing -- just from seeing some of your posts around here -- that if you hosed something on the BB you would end up fixing it yourself (probably after a couple of posts or searches around here :smile:). Are you seeing anything going on with the support division or, because you are an IT company -- is the BB user group sufficiently sophisticated regarding use of the devices that support needs are pretty minimal? I'm guessing the latter.

If I hosed my bb, you're right in that I would come here for suggestions, then dive in myself. Our support division hasn't changed in years, and as tight as our IT keep our other systems locked down, our budget people lock down even tighter, so adding headcount to maintain and secure the BES just isn't an option. To answer your last question, I would say I'm one of the more proficient BB users, so I wouldn't exactly say the user group is very sophisticated. Shame really, cause it's fun and rewarding to know the device and how it works and have at least beginner level knowledge of what to do when something goes wrong.

We don't have any policies and we expect that there will be a certain percentage of personal use. I think we (any company, for that matter) should at least enforce a password requirement. Not only does the device have sensitive email and such data but unless you disable it it also has access to your corporate intranet.

Thank you to the gentleman who answered the very first post that I nervously put up on BBF before getting my 8830.:smile:

I'm guessing that your company's policy regarding personal use -- even if replies are routed through the BES as opposed to BIS -- is pretty comparable to what many companies do. The tricky question from a management perspective -- and effectively communicating that to the users -- is what percentage of personal use is acceptable as opposed to when are you goofing off and not taking care of business.

Great thread. Thanks for clearing it up.

Maybe this should be part of the FAQ?