91ɬÂþ

To ensure secure, reliable, and accountable use of mobile computing and storage devices containing 91ɬÂþ (91ɬÂþ) data by establishing unified management of and formally assigning roles and responsibilities with respect to the use of such devices.

Applies to all mobile computing and storage devices used by 91ɬÂþ’s users in the performance of their duties and to all 91ɬÂþ data when accessed through, or stored on, mobile computing and storage devices, regardless of the device’s ownership.

Mobile Computing Devices: Small devices intended primarily for the access to or processing of data, which can be easily carried by a single person and provide persistent storage. Current examples include, but are not limited to, laptop, notebook, netbook and similar portable personal computers, as wells as smartphones and personal digital assistants (Android, Blackberry, iPhone, and others).

Mobile Storage Devices: Media that can be easily carried by a single person and provide persistent storage. Current examples include, but are not limited to, magnetic storage devices (diskettes, tapes, USB hard drives), optical storage devices (CDs, DVDs, magneto-optical disks), memory storage devices (SD cards, thumb drives), and portable devices that make nonvolatile storage available for user files (cameras, MP3 and other music players, audio recorders, smart watches, and cell phones).

Restricted Data: Data in any format collected, developed, maintained, or managed by or on behalf of 91ɬÂþ or within the scope of 91ɬÂþ activities that are subject to specific protections under federal or state law or regulations or under applicable contracts. Examples include, but are not limited to, medical records, social security numbers, credit card numbers, drivers licenses, non-directory student records, research protocols and export controlled technical data.

User: Anyone who uses 91ɬÂþ’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.

Policy

91ɬÂþ is committed to and encourages an open and collaborative environment through the use of mobile devices to facilitate interaction among users. However, mobile computing devices and mobile storage devices that connect to 91ɬÂþ’s servers or contain 91ɬÂþ restricted data can be a substantial security risk for 91ɬÂþ. To reduce that risk, 91ɬÂþ has adopted the following guidelines.

Guidelines

• All mobile computing devices and mobile storage devices that access the 91ɬÂþ intranet and/or store 91ɬÂþ restricted data must be compliant with 91ɬÂþ information security policies and standards. 91ɬÂþ information security policies applicable to desktop or workstation computers also apply to mobile computing and mobile storage devices.
• Restricted data stored on mobile computing and storage devices must be encrypted.
• Any and all mobile computing and mobile storage devices used within 91ɬÂþ’s information and computing environments must meet all applicable 91ɬÂþ encryption standards.
• Mobile devices purchased with 91ɬÂþ funds, including but not limited to contracts, grants, and gifts, must also be recorded in the 91ɬÂþ IT assets inventory.
• 91ɬÂþ’s Chief Information Officer will establish standards to govern the secure use of all mobile computing and storage devices at 91ɬÂþ.
• 91ɬÂþ’s Chief Information Officer will provide guidance to assist departments and units in complying with these requirements.
• All 91ɬÂþ managers, in conjunction with IT support teams, are responsible for ensuring all existing users of mobile computing and storage devices within their areas of responsibility are compliant with 91ɬÂþ policies and standards.
• All users who are currently using personally-owned mobile computing and storage devices that access the 91ɬÂþ intranet and/or store 91ɬÂþ restricted data are required to bring their personal device into compliance with the 91ɬÂþ information security standard for mobile computing and storage devices.
• All users will report the loss or theft of a mobile computing or storage device to the immediately upon detection of the loss. 91ɬÂþ’s Chief Information Officer must be immediately notified of theft or loss of any mobile computing device or mobile storage device that contains restricted data. 91ɬÂþ’s restricted data may not be released for storage on, or access through, devices that do not meet these requirements.
• Failure to comply with these guidelines may result in suspension or termination of connectivity privileges and/or corrective action, up to and including termination or expulsion.