Dear Shaju Tomy,
You have already defined the scope for your policy. You have identified the limits to an extent. You need to define it further and set the terms for deviations. This will guide you to the escalation matrix .
Please identify the devices that you may need to consider , such as Iphone, Blackberry, Macbook, Laptops, Pen Drive, Hard Disk, extra internet connection, Scanner, Projector and so on. Identify the scope of requirement for these devices and what they need not do.
There must be a policy for Data security and management in your firm. Find the corresponding clause , such as if the official email box is set on Blackberry, what would you not be able to allow along with it ? Would you need the online VPN to be installed in the laptop or Macbook?
What are the work related software that needs to be uploaded ? It may include Workforce management, Data management or even Anti-Virus .
Once you set the specifications clear , set the guidelines for deviations. You don't own the device , hence will have the minimal control over it. Hence, stay focussed on the work related usage and security.
Identify the steps for audit and roles responsible for it. Reporting managers and IT staff to be precise. Let them know what they should be looking out for and declare it to the employees, the modes and standards for audit.
HR and Management Team can be the last level to take a decision on the deviations reported.
Here's discussion that might help you to frame the policy . Please consider sharing the lessons you learn from this implementation.
BYOD -Legal Perspective
Wish you all the best !