Purpose:
Tennessee Code Annotated § 47-18-2910 specifies that state agencies must have safeguards and procedures to ensure that confidential information is protected on laptops and other portable devices. All college owned laptops in use by faculty or staff have enterprise drive encryption enabled by Information Technology. This policy is intended to ensure the integrity of college data that might be transmitted or stored on other portable devices used by DSCC faculty and staff regardless of whether the device is college property or personal property.
Scope:
The policy applies to all laptops or other portable devices used by DSCC faculty and staff that connects to the DSCC email server regardless of whether the device is college property or personal property. The college recognizes and allows employees, although not required, to use a mobile device to connect to the college’s resources to access and synchronize email data, contacts and calendar information. All usage must comply with state and federal laws, as well as the college’s policies governing appropriate use of technology (including the Computing, Network and Communications Acceptable Use Policy 11.02.04).
Policy:
1.0 Use with E-mail
Any portable device used by faculty or staff that connects to the DSCC email server must respect the current Active Sync Policy. This software policy requires specific security be present and active on the portable device before communication with the server is allowed. These are:
A. Password requirements:
1) The device must be configured with a password.
2) The minimum length of the password will be 4 characters. Longer passwords are encouraged if the device has the capability.
3) The password must be complex if the device is capable of complex passwords. A complex password would contain at least 1 alpha character, 1 numeric digit and 1 special character.
B. Idle device locking:
After 10 minutes of inactivity, the device will lock and not display data. The user will be
required to enter their device password to unlock the device.
C. Remote erasure
1) If a device is lost, stolen or taken out of service, the user will have the ability to erase all data on the portable device remotely. This is done by logging into the Outlook Web Access (OWA) server. Information Technology will also be able to assist users with this.
2) If the event of 10 failed login events, the device will automatically remotely wipe the device.
2.0 Use with Other Systems
Self-Service Banner and the SciQuest application are considered acceptable for use with personal mobile devices, however; personal mobile devices should not be used to access the college’s Enterprise Resource Planning system (currently Internet Native Banner) or any other system that contains personally identifiable information, bank account information or credit card information for students, employees, alumni or vendors of the college.
3.0 Report a Lost or Stolen Mobile Device
It is the employee’s responsibility to report a lost or stolen mobile device containing any college data (including e-mail) to the Vice President for Technology. The IT staff will assist with the remote wipe of the device as needed.
Compliance:
All DSCC employees are expected to abide by this policy. Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment or suspension.
Definitions:
OWA – Outlook Web Access. This is the software that is used to access college email from a browser such as Internet Explorer, Firefox or Chrome.
Portable Computation Device – A computational device that can connect to a wired or wireless network and exchange data with college servers. This can include tablet computers and smart phones. Most of these devices are used to connect to the college email server for calendar, contact and email information.
Revision History:
New policy approved by Admin Council on July 29, 2016.