BRING YOUR OWN DEVICE (BYOD)
Effective: August 15, 2024
Purpose: Emporia State University recognizes the need for students, faculty, staff, and visitors to bring their own electronic devices onto ESU campus, networks, and systems. Such devices include laptops, smart phones and tablets, and the practice is commonly known as “bring your own device” or BYOD. These guidelines provide the owner of the devices with information on how to secure their devices to protect ESU’s property as well as their own information and assets.
Scope: This policy applies to all persons who access or use any of the University’s information or services.
Responsible Office: Information Technology
Policy Statement: Device owners and users are responsible for maintaining the security posture of their devices and following the set guidelines within this policy.
The Information Security Officer (ISO) is responsible for maintaining and reporting compliance with this policy and for reviewing this policy on an annual basis.
Under no circumstance does this policy substitute or suspend any other established Information Technology policy all of which apply to BYOD owners and users.
BYOD owners and users have the responsibility for their devices and how they use them. The University recommends the following guidelines be followed for these devices:
- Be familiar with the device and its security features.
- Apply relevant security features for the device.
- Apply patches and upgrades to the device in a timely manner.
- Ensure the device is not used for any purpose that is noncompliant with the University’s Information Technology Usage Policy (Policy 6.02 in the University Policy Manual).
- Read and be aware of what installed apps and software have access to on the device.
- Install and maintain appropriate malware protection on the device.
- Do not store University information on the device itself. Refer to Information Classification Policy (Policy 6.09 in the University Policy Manual) for more information on University information types and examples.
The President or designee must approve any exceptions to this policy.
Definitions: All words and phrases shall be interpreted utilizing their plain meanings unless otherwise defined in another University or Board of Regents policy or by statute or regulation.
Procedures: All procedures linked and related to the policies above shall have the full force and effect of policy if said procedures have first been properly approved by the University’s administrator in charge of Information Technology.
[Information Technology procedures - coming soon]
Related Policy Information: 6.02 - Information Technology Usage; 6.09 – Information Classification