MOBILE DEVICE POLICY

1. PURPOSE

1.1 Weber State University is committed to and encourages an open and collaborative environment through the use of mobile devices to facilitate academic interaction between students, faculty, and staff.  There is an inherent risk in utilizing mobile devices for this purpose, however, due to the ease in which these items can become lost or stolen.

1.2 The intent of this policy is to set forth standards and guidelines to mitigate this risk and to protect university or personal sensitive information stored on mobile devices.

2. REFERENCES

2.1 Understanding and Identifying Private and Public Information

2.2 PPM 10-1, Information Security Policy

2.3 PPM 10-2, Acceptable Use Policy for Computing and Network Resources

2.4 2012-IT-SG-1, Mobile Device Standards and Guidelines

3. DEFINITIONS

3.1 Mobile Device:  Any handheld or portable computing device including, but not limited to, a smartphone, PDA, or tablet.

3.2 PDA:  A handheld device that combines computing, telephone/fax, internet and networking features

3.3 Sensitive Information:  Any information that, if released to the public, could be used to cause harm or damage to either an individual or the university.  Such information could include, but is not limited to, Social Security Numbers, W-Numbers, driver’s license information and individual financial information (such as credit card numbers, bank account numbers, or financial statements).  Sensitive information is used in this document to include high-risk, restricted and confidential information.  See PPM 10-1, Information Security Policy for definitions of these information classifications.

4. POLICY

4.1 It is the responsibility of anyone who utilizes the Weber State University internal network for the purpose of processing University sensitive information using a mobile device to take appropriate measures at all times to safeguard that information.  All University faculty, staff, and contracted personnel will, at a minimum, adhere to the Mobile Device Security Standards outlined in the document titled 2012-IT-SG-1, Mobile Device Standards and Guidelines, to ensure they are taking every precaution against accidental or mischievous data compromise through mobile devices.  While not mandatory, users are encouraged to review and consider for implementation the Guidelines outlined in this document, as well, for added security.