6.07 MOBILE COMPUTING DEVICES
Effective: August 15, 2024
Purpose: With the added ease at which individuals are able to perform their work comes added responsibility to protect University information.
Special security issues that relate to mobile devices include:
- Any malware (viruses, worms, Trojans) that infects the device can bypass the University’s security and spread rapidly to other devices on the University network;
- If data stored on a mobile device is not backed up by the user, it could be completely lost if the device is stolen or mechanically fails; and
- If a mobile device is stolen or lost, sensitive and confidential data on the device is compromised.
This policy sets out to ensure that all University information that is classified as confidential or sensitive per the policy on Information Classification and stored on mobile devices is secured from unauthorized disclosure, destruction, and/or modification.
Scope: The policy applies to all persons authorized to access, modify, or create University information.
Responsible Office: Information Technology
Policy Statement: All users are responsible for taking the steps necessary to protect University information. The Information Security Officer (ISO) is responsible for monitoring and reporting compliance with this policy. The ISO is responsible for reviewing this policy annually.
University owned or controlled mobile computing devices must be used for University approved business according to the Information Technology Usage Policy.
All reasonable measures must be taken to prevent the theft of mobile devices.
All University information classified as sensitive or confidential stored on a mobile computing device must be afforded the same level of security as information maintained within the University’s network.
University information classified as sensitive or confidential stored on mobile devices must be backed up to an appropriate University device or network drive.
When available, encryption software must be used for all University information classified as sensitive or confidential.
When encryption is not available, data classified as sensitive or confidential shall not be stored on the device.
The President or designee must approve any exceptions to this policy.
Definitions: All words and phrases shall be interpreted utilizing their plain meanings unless otherwise defined in another University or Board of Regents policy or by statute or regulation.
Procedures: All procedures linked and related to the policies above shall have the full force and effect of policy if said procedures have first been properly approved by the University’s administrator in charge of Information Technology.
[Information Technology procedures - coming soon]
Related Policy Information: [coming soon]