RMO No. 24-2025 - 8box Solutions Inc.

REVENUE MEMORANDUM ORDER NO. 24-2025 issued on issued on May 7, 2025 prescribes the policies, guidelines and procedures on the implementation and use of personal device/s.

The BIR will implement Bring Your Own Device (BYOD) strategy to allow employees and other authorized third parties to use their personal devices for work-related activities offering more convenience, flexibility, and productivity.

The following persons shall be allowed to use personal device/s:

Employees
Consultants/Contractor/Service Provider
Partner government agencies, and
Other Third Parties except those accessing BIR network for one-day presentation purposes only

The following personal device/s shall be allowed to be connected to the BIR
network/resources:

Laptop
Smartphone/tablet
Desktop Computer
Printer (applicable only if allocation of printer by Property Division is insufficient)

BYOD users shall strictly abide by the policies and guidelines on Revised Information and Communications Technology (ICT) Security Policy (RMO No. 15 2014), Republic Act No. 10173 (Data Privacy Act of 2012) and Acceptable Use Policy (AUP). BIR employees and contractors must undergo Information Security Awareness and Data Privacy Act briefings in order to register and use their personal devices.

Users who need to connect their personal device/s to the BIR’s internet shall register their devices and comply to this issuance before requesting and be given access to the internet using their personal devices. ISG personnel shall be allowed to access/inspect registered personal device/s and conduct vulnerability assessment (VA). However, employees accessing BIR network (WiFi) using smartphone/tablet shall not undergo VA.

BYOD Users shall ensure that updates are regularly applied to the operating system and primary applications, such as email client, web browser and security software. They shall also ensure that personal and BIR-related files/application systems are encrypted and separated from one another.

BYOD Users shall secure the device/s to prevent sensitive data from being lost or compromised and shall be fully liable for the loss of BIR data stored therein. BIR shall not be responsible for the loss of the registered device/s.

In case of lost or stolen device/s, users shall report to authorized BIR personnel within 24 hours. They shall also handle other issues not related to BIR network/resources. Removal/deletion of work-related data prior to disposal/pullout of the registered device shall be ensured by BYOD users.

The guidelines on the implementation of BYOD as well as the roles and responsibilities of the concerned offices are specified in the Order.