ISP-15 - Mobile Device Policy

MOBILE DEVICE POLICY


 

Policy Objective

This policy is to ensure that Parkland College data on mobile devices, including any personal and college-owned devices where Private or Confidential Parkland College data exists, remains protected.

Scope

All persons who access or store Parkland College information assets from or on a mobile device.

Policy

Section 1 – Data Storage and Protection on Mobile Devices

  • Data classified as Private or Confidential must not be stored on mobile devices unless effective security controls have been implemented to protect the data.

  • Mobile Devices that store Private or Confidential classified data must employ full-device encryption or equally effective measures to secure the data.

  • Alternatives to encryption must be reviewed on a case-by-case basis and approved in writing by a designated Parkland College official.

  • Parkland College mobile devices must be enrolled in the campus-managed Mobile Device Management (MDM) solution appropriate to the device. Where technically possible, MDM should be deployed in such a manner as to only exert control over the Parkland College data.

  • All Parkland College data remains property of the college and must be removed from the device upon request. Mobile Device Management, Remote Device Management, or similar systems may be employed to remove Parkland College data from any device on which it resides, regardless of device ownership.

  • Data must not be retained on a mobile device for longer than is necessary for the proper use and purpose of the mobile device.

  • Any data belonging to or used to transact the business of Parkland College from any mobile device, regardless of ownership, may be subject to discovery through legal requirements for disclosure of public records.

Section 2 – Physical Protection

  • Every effort should be made to ensure the physical protection of Parkland College mobile devices to prevent damage, theft, or other loss.

  • Parkland College mobile devices must be physically secured when left unattended.

  • Mobile devices belonging to Parkland College must be inventoried regularly.

  • Any Parkland College mobile devices designated for student or community use must be inventoried and tracked when being loaned, borrowed, or used.

  • Damage, theft, or any other loss related to Parkland College mobile devices must be reported in a timely manner.

  • Mobile Devices owned by Parkland College may be geographically tracked and monitored in any way deemed necessary to ensure organizational and data security.

Section 3 – Use

  • Access to any mobile device storing Private or Confidential classified information must be protected using a password, PIN, biometrics, or similar secure locking mechanism at the device level.

  • Mobile devices belonging to Parkland College are for use in transacting College business only. Use outside this context is prohibited.

  • Applications installed on Parkland College mobile devices must be controlled and no unauthorized applications may be installed.

  • Secure Connectivity must be employed whenever any Private or Confidential information is transmitted.

    • Secure Connectivity includes:

      • Non-public network connectivity

      • VPN

      • Secure Messaging channels

  • Data classified as Private or Confidential must never be transmitted over any insecure channel including, but not limited to, SMS/Text Messaging, Email, or any other plain text communications methods available to mobile devices.

  • The Parkland College Responsible Use Policy shall govern all other use of college mobile devices.

Section 4 – Disposal

  • All Parkland College mobile devices must be securely wiped prior to disposal.

  • The Parkland College Asset Management Policy shall govern all other aspects of the system lifecycle related to mobile devices including disposal.


 

Print Article

Related Articles (1)

Definitions of terms used across policies and standards