EFFECTIVE:April 2016
CARETAKER: VICE PRESIDENT FOR LIBRARIES AND INFORMATION TECHNOLOGY
1.0 PURPOSE
The purpose of this policy is to secure and protect St. Lawrence University information assets that may be accessed and stored on mobile devices. Mobile devices offer great flexibility and improved productivity for employees, but they can also create added risk and potential targets for data loss. This document describes St. Lawrence University’s requirements for securing the institution’s information on mobile devices.
2.0 SCOPE
All employees, students, contractors and consultants must adhere to this policy. This policy applies to all university owned and personal mobile devices with access to St. Lawrence University’s information assets classified as sensitive or protected. St. Lawrence University considers mobile devices to be smart phones, tablets, or other types of highly mobile devices. Laptops are specifically excluded from the scope due to significant differences in security control options.
3.0 POLICY
St. Lawrence University has established the following requirements for use of mobile devices based on ISO/IEC and NIST documented standards*.
3.1 USER AND TECHNICAL REQUIREMENTS
Individuals and their devices accessing St. Lawrence University’s information assets classified as sensitive or protected are subject to the St. Lawrence University Mobile Device Standard.
The user is responsible for the backup of their own personal data and St. Lawrence University is not responsible for the loss of data.
4.0 ENFORCEMENT
The institution may temporarily suspend or block access to any individual or device when it appears necessary to do so in order to protect the integrity, security, or functionality of institution and computer resources.
Violations of this policy may result in penalties and disciplinary action in accordance with the Student Handbook, Faculty Handbook and/or rules governing employment at St. Lawrence University.
5.0 EXCEPTIONS
Exceptions to the policy may be granted by the Vice President for Library and Information Technology, and/or his/her designee in accordance with the St. Lawrence University Mobile Device Standard.
6.0 REFERENCES
- St. Lawrence University Mobile Device Standard
- International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) – Joint Technical Committee 1 (JTC 1) / Standardization subcommittee 27 (SC27): IT Security Techniques
- National Institute of Standards and Technology (NIST) – Computer Security Resource Center
- St. Lawrence University Acceptable Use Policy
- St. Lawrence University Asset Inventory
- St. Lawrence University Data Classification Policy
- St. Lawrence University Data Classification Quick Reference Guide