Number: IT 090
Effective: December 1, 2016
Department: Information Technology
Last Revision: December 19, 2016

Purpose

To define the responsibilities, guidelines, and terms of use for user owned mobile devices configured for CWI data use and that can access CWI’s electronic resources.

Scope

This policy applies to all users who utilize either CWI-owned or personally-owned Mobile Devices to access, store, back up, relocate or access any CWI resources or information.

Definition

College Computing Resources: Computer hardware, software, data and network resources used and/or provided by CWI, including applications, intranet web access and CWI email/calendar/contacts.

Device Management: Management, security, and monitoring of all Mobile Devices that have access to College Computing Resources.

Mobile Device: Employee provided smartphone, tablet or laptop to be used to perform CWI-related work or educational activities.

User: Anyone who uses CWI’s information technology resources, even if they have no responsibility for managing the resources. This includes students, faculty, staff, contractors, consultants, and temporary employees.

Policy

CWI’s IT resources are provided to support CWI and its academic and service missions, its business and administrative function, and its student and campus life activities. CWI takes every precaution to protect the integrity and confidentiality of data that resides within CWI’s technology infrastructure. This policy is intended to prevent this data from being deliberately or inadvertently stored insecurely on a mobile device or transferred over an insecure network where it can potentially be compromised. A breach of this type could result in loss of information, damage to critical applications, financial loss, and damage to CWI’s public image. Users who bring personal devices to campus and use CWI’s IT resources must comply with state and federal laws and regulations, the guidelines in this policy, executive orders and policies of the Idaho Technology Authority (ITA) and the Idaho State Board of Education, and any other applicable CWI policies. Access to CWI resources and information is a privilege, not a right. Consequently, users are not automatically guaranteed the initial or ongoing ability to use these devices to gain access to CWI networks and information.

Guidelines 

Information Technology Responsibilities

  • Information Technology (IT) is responsible for configuring and supporting the User’s Mobile Device to access College Computing Resources, such as CWI wireless for staff and guests.
  • IT will provide configuration documentation for, and assistance with, Virtual Private Network (VPN) connectivity for remote access to CWI’s network by employees who are authorized to have such access.
  • IT is not responsible for backing up or restoration of critical data stored on personally-owned computing equipment.

User Responsibilities

  • The User is responsible for using College Computing Resources on his/her personal Mobile Device within the same constraints as on a CWI-owned device by adhering to all device and network acceptable use guidelines referenced herein and in any other applicable CWI policy.
  • The User will not download or transfer sensitive business data to his/her Mobile Device.
  • The User will password-protect his/her Mobile Device.
  • The User must maintain the original Mobile Device operating system and keep the device current with security patches and updates, as released by the manufacturer. • The User is responsible for any virus, adware, and spyware removal.
  • The User is responsible for any software installed on his/her Mobile Device including the operating system and any home related network software or drivers.
  • The User agrees to delete any sensitive business files that may be inadvertently downloaded and stored on his/her device through the process of viewing email attachments.
  • The User will not backup, download, or transfer sensitive business data or documents to any third party service such as Dropbox or personal OneDrive.
  • The User is responsible for all Mobile Device support requirements, including the cost of repairs, diagnostics or replacement.

Appropriate Use 

  • For personal computers and equipment, CWI IT offers limited technical support for issues related directly to classes only. This support includes help with:
    • Wireless Internet access
    • MyCWI
    • Blackboard
    • Classroom and Conference room presentation

Cloud Based Storage

  • Users are encouraged to use network or cloud based storage for any files that are accessed with Mobile Devices. This includes:
    • SharePoint sites
    • Network Drives
    • CWI provided OneDrive

Jailbroken Or Rooted Devices

Jailbroken Apple iOS devices, rooted Android devices, and other similar devices pose a risk to CWI data contained within the secure communications app. Therefore, CWI will disable or remove CWI data access on Mobile Devices determined to be jailbroken or rooted.

Access Control

  • IT reserves the right to refuse, by physical and non-physical means, the ability to connect Mobile Devices to CWI and CWI-connected infrastructure. IT will engage in such action if it feels such equipment is being used in a way that puts CWI’s systems, data, and users at risk.
  • All Mobile Devices attempting to connect to CWI’s network through an unmanaged network (i.e. the Internet) will be inspected using technology centrally managed by CWI’s IT department. Mobile Devices that are not in compliance with IT security policies, or represent any threat to CWI’s network or data, will not be allowed to connect.
  • Remote laptop computers or personal PCs for employees may only access CWI’s network using a VPN connection.
  • Upon successful connection to the VPN, the Employee’s remote device will be inspected for minimum virus protection, operating system versions and security. The connection will be refused if the minimum levels are not present.

Security

  • Employees using Mobile Devices and related software for network and data access must, without exception, use secure data management procedures. All Mobile Devices must be protected by a strong password. Employees agree to never disclose their passwords to anyone.
  • IT reserves the right, through policy enforcement and any other means it deems necessary, to limit the ability of users to transfer data to and from specific resources on the CWI network.
  • IT can and will establish audit trails which may be accessed and used without notice. Such trails will be able to track the attachment of an external device to a PC, and the resulting reports may be used for investigation of possible breaches and/or misuse. The user agrees to and accepts that his/her access and/or connection to CWI’s networks may be monitored to record dates, times, duration of access, etc., in order to identify unusual usage patterns or other suspicious activity. This is done in order to identify accounts or computers that may have been compromised by external parties. In all cases, data protection remains CWI’s highest priority.

Copyright

  • CWI actively monitors all media being downloaded or uploaded using CWI’s College Computing Resources. At no time should a user attempt to access, copy, upload or download any copyrighted material.
  • Upon detection of copyrighted material on the CWI’s network, the user will be notified of the violation with a warning. 
  • Subsequent violations may result in the termination of access to CWI’s College Computing Resources.

Privacy

  • Users shall have no expectation of privacy related to mobile devices when connected to or using CWI’s College Computing Resources. CWI monitors, tracks and audits connectivity usage of all CWI College Computing Resources.

Policy Non-Compliance

  • Failure to comply with this policy may, at the full discretion of CWI, result in the suspension of any or all technology use and connectivity privileges and corrective action up to and including termination, and for students, suspension and/or expulsion.