Through 2014, 80% of Fortune 1000 companies will have moved from individual plans and liability to corporate liability and pooling for voice and data, according to Gartner.
As companies increase their spending on wireless and adopt ever- more-sophisticated mobile devices, managing service costs, security and procurement has become critical. However, Gartner analysts says that many companies still do not have thorough wireless usage policies.
"Policies are a crucial way of managing complex services," says Phil Redman, research vice-president at Gartner. "Through 2015, closer management of wireless services can save companies 10% to 35% of their wireless costs."
According to Redman, the problem exists because wireless telephony services were originally brought into many organisations through the back door – pushed by individual users or lines of business. He says that compared to so many other aspects of IT, many organisations simply don't have adequate internal adoption, usage or management policies directed at cellular services.
Gartner advises organisations to look across IT for its wireless policy, rather than limiting it just to the networking or telecom group, because wireless encompasses many different areas in the company, from IT to finance (procurement), and goes across many lines of business and technologies. A wireless solution should impact the security group, servers and messaging, application development, asset management, hardware, networking, and possibly other areas of IT.
"A good method to ensure a strong policy is to incorporate a centralised team across IT that will be impacted by mobile and wireless decisions. This team can strategise for the strongest and widest policy," Redman says. "However, wireless policies don't have to be large documents. Often the best, most-read and most-widely-adopted policies are brief and to the point."
Another best practice to follow is making sure the policies are delivered from the top down. Senior management should approve and enforce the wireless policy. Policy should also be built into enterprise resource planning (ERP) systems, and it should become part of the onboarding/off-boarding process.
Defining corporate user requirements and policy is essential for all sizes of organisation, and although every company will need a unique policy, there are key areas that every policy should contain. These include the following:
* Eligibility – Companies should make strict eligibility requirements, defining the specific mobile user segments that can have access to and be subsidised for wireless service, as well as which services they can buy. Generally, there are three guidelines that most organisations use or should use in deciding who gets subsidised service — job function, job title and manager's approval.
* Enterprise mobile device issues – There are a number of issues around mobile devices that organisations should include in a policy, including ownership and standardisation. With regard to ownership, organisations are advised to check with their legal department about access to corporate data on personal devices, because there can be limited accessibility of personal-owned mobile devices — especially after the user has left the company. From a standardisation point of view, it has become increasingly difficult to standardise on one device type, operating system platform or form factor.
* Managed diversity: mobile devices – With the above point in mind, Gartner has developed a "managed-diversity framework." This is a two-by-two matrix that matches user categories or roles to device choices, which are determined by the support level to which the IT organisation is willing to commit. Companies should also list which devices they will not permit into the organisation due to cost or security issues.
* Service Termination – Organisations need a direct policy for service discontinuance after an employee leaves. Discontinuing the subsidy for wireless service is an important part of the exit procedure, as is the recovery of the mobile device if the company has purchased it.
* Acceptable usage guidelines – The cellular phone products and services obtained under this guideline should be used expressly for business purposes only. For organisations that have employees submit expenses, personal calls can be subtracted from the total amount expensed (using an itemised bill, add up all personal calls and multiply by cost per minute).
* Security – Security guidelines for smartphones should be similar to notebooks, including power-on password, user authentication and possibly information encryption. Organisations should work with the security group to have a blanket policy that includes mobile devices, especially if smartphones are supported. The theft or loss of any organisation’s cellular telephone should be immediately reported to the carrier providing the service and the security department.
* Mobile telephony expense procedures – Expensing can be done by each individual who gets service, which is the decentralised process. However, centralised expensing, where the bill goes directly to the organisation, is easier to manage and is becoming more the norm.
* Technical support – Guidelines for help desk and support should be included, whether internal or outsourced. Procedures for after-hours and international support should be detailed.
* Procurement procedures – Directions and policy for device and service procurement should be outlined, including contact information and internal or external website links. Policy on what type of device is supported should also be included, as well as which services by user segment are allowed.
* Personal versus corporate liability – For cellular usage, corporate liability revolves around the company negotiating and procuring the service and taking fiscal responsibility for the user. When the individual procures the service and takes fiscal responsibility as well, it is known as individual liability. As companies centralise and standardise on mobile cellular services, Gartner recommends moving to or staying with corporate liability.
* Maximum spending limits – Though not required, it is a good idea to set up maximum spending limits by user segment. Any employee exceeding the monthly limit should be liable for those expenses, which are recovered through the expense or corporate payment systems.
* Enterprise liability statement – Any corporate policy on the use of wireless should include a liability statement. Many policies are outlining that the phone should not be used where such use could endanger the employee (such as when driving) or when the use is illegal. Also, companies should be aware of the continuing debate about health effects of the use of cellular devices.