Mobile Computing Device (Cell phones, Laptops and PDAs)
Purpose
The purpose of this policy is to provide guidance for appropriate purchase and usage of Mobile Computing Devices [Laptops, Personal Digital Assistants (PDAs), Cell Phones, PDA or SMART phones (phones with data/network connectivity capabilities].Scope
This policy applies to all APU employees, APU students and APU visitors who are authorized by IMT to connect Mobile Computing Devices to APU’s network. The policy sets standards for the purchase, operation, and support of Mobile Computing Devices for APU employees. This includes any type of handheld communication device capable of transmitting packet data either directly (through APU’s wireless network) or via connection to another network service (cellular service).Overview
The Information Media Technologies (IMT) department strives to provide the best customer service possible to all members of the University Community. However, some services are not always a necessity for certain job descriptions and/or duties that are required. Information and Media Technology (IMT) has responsibility for specifying requirements for mobile computing devices used at APU. IMT’s responsibility to manage this policy and the use of these devices assists APU in managing University risk and the impact such devices can have on the operation of our infrastructure or the information stored therein. It will also allow IMT to properly support and maintain these devices. The University has established and approved vendors for all services we provide. It is up to the discretion of IMT to change vendors if at any time the service provided is no longer meeting the needs of the University.Policy
Information and information systems are valuable assets of Azusa Pacific University. We rely on our information and information resources to advance our mission. Additionally, we are responsible to our donors, employees, and most importantly to the students we serve to ensure the integrity, confidentiality, and availability of our information and information resources. To fulfill this responsibility APU has identified the following:
Cell phones
The use, purchase and replacement of cell phone are governed by the “Voice Communications Devices” policy.
Laptops
In APU’s context, a laptop functions as a replacement to a desktop computer which provides the added functionality of wireless networking capability for increased connectivity and greater mobility. Purchase and replacement of laptops are governed by the “Refresh Strategy N/A” policy.
Personal Digital Assistant (PDA)
A Personal Digital Assistant (PDA) typically functions as a personal organizer, fax sender, and personal computer that incorporates handwriting recognition using touchscreens, small keyboards, and/or voice recognition features. All PDA hardware is to be purchased centrally through IMT.
PDA Phone
A PDA Phone, is a combination of a PDA and a cell phone, allowing for network connectivity capabilities. The network connectivity capabilities range from connectivity to Local Area Networks (enterprise network) to internet connectivity through the service provider’s network. The use, purchase and replacement of PDA Phones are governed by the PDA Phone Purchasing Criteria.
Services
All services used are to be for business purposes only. If there is a need/ or request to use the services for personal use, the University is to be reimbursed by the employee. The credit will be made to the departments cost center account and line number 5067. If there is an on-going occurrence of over usage by an individual user, the designee will contact the department head of that user.
Standards for Mobile Computing Devices will be set by IMT and reviewed each year with attention given to cost, business functionality, service availability, software compatibility, supportability, and security. These standards will specify models, vendors, related service providers, and software packages approved for use with these devices.
Laptops and PDA Phones
Laptops requested outside the refresh process and PDA Phones will be purchased by IMT after approval for purchase is granted by both the department Vice President or Dean and the CIO, after funds are provided by the department. Please refer to the “Laptop Request Form” for requests to purchase laptops and the “Request to purchase PDA Phone form” to purchase PDA phones.Cell Phones and PDA’s
Cell phones and PDA’s will be purchased by IMT after approval for purchase is granted by the employee’s supervisor and after funds are provided by the department.Note: There is currently no standard replacement cycle related to Cell Phones, PDAs and PDA Phones. As a result, each department will need to determine when to replace Cell Phone, PDA and PDA Phone hardware and budget for replacement purchases.
Usage
Given that Mobile Computing Devices may be storing and transferring critical
APU data while connected to the internet, all APU Policies (Acceptable Use,
Email, Data Security, etc.) are applicable and will be enforced. Mobile users
must password protect access to stored information and take precautions to ensure
the device is not lost or stolen.
Charges
Upon receipt of the service provider’s bill, IMT’s Telecommunications Department
will review the charges and determine if calling patterns fit the users’ current
plan’s monthly minute allotment. The IMT Telecommunications Department will
evaluate usage bi-annually and will collaborate with the employee’s supervisor
to determine changes to cellular plans where necessary. Additionally, the IMT
Telecommunications Department will comply with corporate policy set forth in
the Voice Communications Devices policy.
Payment
The IMT Telecommunications Department will process all service provider invoices
and charge the departments accordingly for all business usage charges. Applicable
business usage charges include monthly access fee, airtime usage, certain long
distance charges, and taxes. Any personal usage of the voice/data service will
be the responsibility of the employee. Any overages above a set amount will
be reported to the department budget manager, or designated contact, for the
department’s assessment of usage. Overage amounts are billed to the department,
and it is the responsibility of the department to enforce employee’s reimbursement
of charges
Software
Standards for the purchase of Mobile Computing Device software will be set and
reviewed each year with special attention given to cost, business functionality,
service availability, software compatibility, supportability, security and compatibility
with the service provider’s network (voice and data), and synchronization. Software
standards will include costs and upgrade requirements.
Security of data
Data stored on mobile devices is often at more risk than data stored on desktop
computers or network shares due to the potentially volatile environments that
the devices can be used in. Hence, personal or confidential data must not be
stored on mobile computing devices. In addition, all data stored on mobile computing
devices should be backed up regularly.
Support
Support for Mobile Compute Devices will be coordinated through the IMT Help
Desk. As some Mobile Computing Device functions require support from outside
service providers (e.g. Verizon Wireless) the IMT Telecommunications Department
will assist in contacting and resolving issues.
Network Access and Support
Authorized Cell Phone and PDA Phone users will be allowed to access any APU
network directly through the Wi-Fi network, which requires authentication through
a web browser. To ensure the security of our networks, users should not leave
Ad-hoc detection or capability open on their Mobile Computing Device. In addition,
a PDA or PDA Phone attached to a desktop or laptop computer which is connected
to any APU network is also indirectly connected to the network.
Some cell phones and PDA Phones have the ability to act as a modem allowing desktop or laptop computers to connect to the service provider permitting access to the internet. The IMT Support Desk should be contacted before attempting this capability.
Service Provider Network
Increasingly, Cell Phones and PDA Phones are sold having both computing and
communications features which allow for transmission and receipt of information
via service providers. These services can also be extended to connect laptops
to the service provider’s network for internet connectivity. While the IMT Support
Desk will assist APU employees with problems related to communications services
offered by the service provider (Verizon Wireless), responsibility for support
of those services ultimately rests with the service provider.
Department Responsibility
Once an employee’s employment with the university has been terminated, the manager/supervisor
is to immediately notify the IMT Support Desk so that the service can be suspended
if necessary. It is also the manager/supervisor’s responsibility to obtain all
Mobile Computing Devices that are the property of the University before the
employee physically leaves the University. If another employee (replacement
employee) will take over the device/service, the manager/supervisor must notify
the IMT Support Desk so that they can change the name of the user on the equipment
and service plan and ensure the device and service is functioning properly.
Loss or Theft of Devices
Upon the loss or theft of a mobile computing device the employee must file a
report with Campus Safety and forward a copy of the report to the IMT Support
Desk. Upon receipt of the loss/theft report, IMT will activate a process to
wipe the data and user profile from laptops and PDA Phones. The execution of
this process will help ensure that private and confidential data that might
be stored on the device will not be accessed and used inappropriately. If an
employee should lose or damage a Mobile Computing Device, or if the department
fails to collect the device from the employee upon separation from APU, the
department will be responsible for the full payment to repair or replace the
instrument.
Appeal Process
In the event that the request is denied, the requestor may submit a written
request for review with the Deputy Chief Information Officer/Executive Director
of IMT.
Change Log:
"Security of Data,"
"Data stored on mobile devices is at more risk than data stored on desktop computers..."
[emphasis added]. I suggest that you consider replacing "is" with "is often"
or "may be." The greater insecurity of mobile devices is a general principle
rather than a hard fact.
"Network Access and Support,"
Position reversed – PDA’s and PDA Phones CAN access the wireless network ….
data stored on mobile computing devices should be backed up "frequently." I
think that "regularly" might more nearly capture the sense in which I myself
might make such a recommendation.
The draft policy does not explicitly state who is authorized to make exceptions to the policy and what criteria would be assessed in analyzing a proposed exception.
Appeal Process section has been added.
Concluding disclaimer
if a department "forgets to" take some action. I think you may prefer "fails
to."
Selection and Purchase – Laptops and PDA Phones
Clarify that only purchases of laptops outside the refresh policy require verification
of funding and VP approval
