- Overview and Purpose
- Scope
- University Owned Mobile Devices
- Personal Owned Mobile Devices
- Mobile Security Policy
- Report a Lost or Stolen Mobile Device
- Exceptions
- Enforcement
- Policy Support Contact Information
- Approval and Revisions
- Supporting Documentation
1.0 Overview and Purpose
University employees use mobile technology as a means of sending and receiving university email, synchronizing calendars and contacts, transmitting text messages and connecting to the Internet. The purpose of this policy is to describe the conditions under which the university permits the use of mobile devices for its employees. Also how the university manages mobile technology to minimize risk, especially in the event of loss or theft.
2.0 Scope
This policy applies to Bentley University faculty, staff, contractors, vendors, and other personnel who are granted privileges to access Bentley University resources.
3.0 University Owned Mobile Devices
Certain university employees are required to use of mobile devices to facilitate university business. Employee supervisors must identify those employees who require a mobile device as part of their job responsibilities. The university purchasing department directly works with these individuals to assist with the purchase of a mobile device and the appropriate data/voice plan.
Employees are allowed incidental personal use of university owned mobile devices as long as no applicable state or federal laws and university polices are being violated by such use. Employees are reminded that university owned mobile devices, data stored on a device, and the data/voice plans and records are sole property of the university. When an employee leaves the university, all university owned mobile devices must be returned to the university.
University-owned mobile devices must have the manufacturer’s installed firewall software enabled.
4.0 Personally Owned Mobile Devices
The university recognizes and allows employees, although not required to use a mobile device as a requirement of their position, to connect personally owned mobile devices to the university’s resources to access and synchronize email data, contacts, and calendar information. All usage use must comply with state and federal laws, as well as with the university’s own policies governing appropriate use of technology.
5.0 Mobile Security Policy
If an employee, either due to work-related requirements or through their own personal choice, elects to access university’s resources via a mobile device, they must accept the security policies defined by the university that will be downloaded and installed on the device upon connecting to university resources. The mobile security policies are designed to accomplish the following primary objectives.
- Require a pin/password/passcode to unlock the device;
- Remotely wipe the device in the event of failed login attempts;
- Remotely wipe the device in the event that the device is lost or stolen;
- Limit the amount of email that can be stored on the device;
6.0 Report a Lost or Stolen Mobile Device
- If a university owned or personal mobile device containing university data is lost or stolen please call the university Help Desk at x2854 to report the missing device;
- If a personally owned mobile device was connected to the university’s email system an employee may request the remote wipe of the device data if lost or stolen;
7.0 Exceptions
Any exceptions to this policy are to be reviewed and approved by the Information Security and Privacy Administrator in consultation with the Information Privacy Committee as needed.
8.0 Enforcement
As described in Bentley University’s Acceptable Usage Policy anyone found to have violated this policy may be subject to disciplinary action, up to and including immediate termination.
9.0 Policy Support Contact
- Information Security and Privacy Administrator
- InfoPrivacy@bentley.edu
10.0 Approval and Revisions
This policy is approved by the Information Privacy Committee. The policy is reviewed on an annual basis and updated as needed.
- Revision v1: Approved by the Information Privacy Committee on 01/29/2010
- Revision v2: Approved by the Information Privacy Committee on 09/30/2013
11.0 Supporting Documentation
This policy is supported by the following policies, procedures, and/or guidelines;
- University Acceptable Usage Policy
- University Data Classification and Usage Policy