Mobile Computing and Storage Devices Policy

To view the Mobile Computing and Storage Devices Standard, click here.

Purpose

To ensure secure, reliable, and accountable use of mobile computing and storage devices with University of Florida Restricted Data. This policy establishes unified management, and formally assigns roles and responsibilities for these devices.

Scope

This policy applies to all mobile computing and storage devices used by the University of Florida constituency in the performance of their duties, and to all University of Florida Restricted Data when accessed through, or stored on, mobile computing and storage devices, regardless of the device’s ownership. University of Florida Restricted Data may not be released for storage on, or access through, devices that do not meet these requirements.

Policy

All mobile computing and storage devices that access the University of Florida Intranet and/or store University of Florida Restricted data must be compliant with University of Florida Information Security Policies and Standards.

  1. Restricted Data stored on mobile computing and storage devices must be encrypted.
  2. Any and all mobile computing devices used within the University of Florida information and computing environments must meet all applicable UF encryption standards. mobile computing devices purchased with University of Florida funds, including, but not limited to contracts, grants, and gifts, must also be recorded in the unit’s information assets inventory.
  3. University of Florida information security policies applicable to desktop or workstation computers apply to mobile computing devices.

Responsibilities

  1. The University of Florida Information Security and Compliance Office will establish standards to govern the secure use of all mobile computing and storage devices at the University of Florida.
  2. The University of Florida Office of the Vice President and Chief Information Officer will provide guidance to assist units in complying with these requirements.
  3. All University of Florida deans, directors and department chairs, in conjunction with their IT support teams, are responsible for migrating all existing uses of mobile computing and storage devices within their areas of responsibility to devices and services that are compliant with university policies and standards.
  4. All members of the University of Florida constituency who are currently using personally owned mobile computing and storage devices that access the University of Florida Intranet and/or store University of Florida Restricted Data are required to bring their personal device into compliance with the University of Florida Information Security Standard for Mobile Computing and Storage Devices.
  5. All members of the University of Florida constituency will report the loss or theft of a mobile computing or storage device to their departmental Information Security Manager (ISM) immediately upon detection of the loss. The UF Privacy Office must be immediately notified of theft or loss of any portable computing device or media that contains Restricted Data.

References

GP01.01 – Definitions Used in Policies and Standards

TS05.01 – Mobile Computing and Storage Devices Standard

UFIT Standards for Confidentiality of Restricted Data