Date of Original Implementation: October 2011
Date of Last Revision: October 2011
The purpose of this policy is to define standards, procedures, and restrictions for the use and support of Personal Digital Assistant devices (PDAs) that are common in the workplace and may be used by employees of Cambridge College. This policy applies to, but is not limited to, all devices that fit the following device classifications:
Handhelds running the Apple OS, Android OS, Blackberry OS, Palm OS, Microsoft Windows CE, PocketPC, Windows Mobile, Symbian, or Mobile Linux operating systems and others.
Mobile devices that are wireless or wired (i.e. connectible using the College wired or wireless network or by a wireless provider network such as Verizon, ATT or Sprint.
Smartphones that include PDA functionality.
Any third-party hardware, software, processes, or services used to provide connectivity to the above.
The policy applies to any PDA hardware and related software that could be used to access college resources, even if the equipment is not college sanctioned, owned, or supplied. The overriding goal of this policy is twofold. The first goal is to protect Cambridge College’s technology-based resources (such as College data, computer systems, networks, databases, etc.) from unauthorized use and/or malicious attacks that could result in loss of information, damage to critical applications, loss of revenue or damage to our public image. Therefore, all users employing PDA-based technology to access College technology resources should adhere to College-defined processes for doing so. See the Electronic Communication Policy and the Responsible Use Policy, (for examples). The second goal of this policy is to make clear the limits that the College places on user support for PDA devices.
This policy applies to all Cambridge College employees, including full- and part-time staff, full and part time faculty, contractors, and other agents who utilize College-owned, personally-owned, or publicly-accessible PDA-based technology to access the College’s data and networks via wired or wireless means. Such access to enterprise network resources is a privilege, not a right. Consequently, employment at Cambridge College does not automatically guarantee the granting of these privileges.
Addition of new hardware, software, and/or related components to provide additional PDA-related connectivity within College facilities will be managed at the sole discretion of the Information Technology Department and the College.
At this time Cambridge College does not provide support for employee owned Cell Phones or PDAs. The Cambridge College IT Department is not able to provide personal consulting to individual employees, other than providing a best effort attempt to assist an employee in their own attempt at connecting a PDA device to a College IT resource. Such support is limited to time available and will often require the employee to perform upgrades, patches and revisions on their own.
Policy and Appropriate Use
It is the responsibility of any employee of Cambridge College who is connecting to the College’s network via a PDA to ensure that all components of his/her connection remain as secure as his/her network access within the office. It is imperative that any wired (via sync cord, for example) or wireless connection, including, but not limited to PDA devices and service, used to conduct Cambridge College business be utilized appropriately, responsibly, and ethically. Failure to act accordingly may result in immediate suspension of that user’s account at the sole discretion of the IT Department. Based on this, the following rules should be observed:
1. Employees using PDAs and related software to connect to Cambridge College’s technology infrastructure will, without exception, use secure remote access procedures. This will be enforced through public/private key passwords in accordance with Cambridge College’s Responsible Use policy. Employees agree to never disclose their passwords to anyone, including family members if college work is conducted from home.
2. All PDAs that are used for college interests must display reasonable physical security measures. Users are expected to secure all handhelds and related devices used for this activity whether or not they are actually in use and/or being carried. This includes, but is not limited to, power-on passwords. Any non-college owned computers used to synchronize with PDAs will have current antivirus software loaded. Antivirus signature files must be updated on a regular basis.
3. Passwords and other confidential data as defined by Cambridge College are not to be stored on PDAs or their associated storage devices (such as SD and CF cards.
4. The Cambridge College IT Department reserves the right to require students and employees shut down any form of personally owned technology that has been determined to cause interference with the proper functioning of the College wireless technology.
5. Any PDA that is configured to access Cambridge College resources via wireless or wired connectivity must adhere to the authentication requirements of the College, as found in the Data Security policy and the Responsible Use policy.
6. Employees, contractors, and temporary staff will make no modifications of any kind to College-owned and installed hardware or software without the express approval of the IT Department. This includes, but is not limited to, installation of PDA software on College-owned desktop or laptop computers, connection of sync cables and cradles to College-owned equipment, and use of the College’s wireless network bandwidth via these devices.
7. Employees, contractors, and temporary staff with Cambridge College-sanctioned wireless-enabled PDAs must ensure that their computers and handheld devices are not connected to any other network while connected to Cambridge College’s network via remote access.
8. The PDA-based user agrees to immediately report to his/her manager and the IT Department any incident or suspected incidents of unauthorized access and/or disclosure of College resources, databases, networks, etc.
9. The PDA-based wireless access user also agrees to and accepts that his or her access and/or connection to Cambridge College’s networks may be monitored to record dates, times, duration of access, etc., in order to identify unusual usage patterns or other suspicious activity. As with in-house computers, this is done in order to identify accounts/computers that may have been compromised by external parties.
10. The IT Department reserves the right to suspend without notice any access port to the network that puts the College’s systems, data, users, and clients at risk.
1. Employees using mobile devices and related software for network and data access will, without exception, use secure data management procedures. All mobile device users must ensure all College data stored on the device is encrypted using strong encryption. See the Cambridge College’s Electronic Communication Policy for additional background. Please remember that email communications sent to and from PDAs and similar devices are insecure. Cambridge College policies prohibit the sending and receiving of personally identifiable information by email. This includes employee data as well as student data. Employees agree to never disclose their passwords to anyone, including family members if college work is conducted from home.
2. All users of mobile devices must employ reasonable physical security measures. End users are expected to secure all such devices used for this activity whether or not they are actually in use and/or being carried. This includes, but is not limited to, passwords, encryption, and physical control of such devices whenever they contain college data. Any non-college computer used to synchronize with these devices will have installed anti-virus and anti-malware software deemed necessary by the IT Department. Anti-virus signature files on any additional client machines – such as a home PC – on which this media will be accessed, must be up to date.
3. Passwords and other confidential data as defined by the IT Department are not to be stored unencrypted on mobile devices.
4. Any mobile device that is being used to store Cambridge College data must adhere to the authentication requirements of the College. In addition, all hardware security configurations (personal or College-owned) must be pre-approved by the IT Department before any enterprise data-carrying device can be connected to it.
5. The IT Department will manage security policies, network, application, and data access centrally using whatever technology solutions it deems suitable. Any attempt to disable or bypass said security implementation will be deemed an intrusion attempt and will be dealt with in accordance with Cambridge College’s Responsible Use policy.
6. Employees, contractors, and temporary staff will follow all enterprise-sanctioned data removal procedures to permanently erase College-specific data from such devices once their use is no longer required.
Help & Support
1. Cambridge College’s IT department will support its sanctioned hardware and software, but is not responsible or accountable for conflicts or problems with personally owned PDA devices or other hardware and software.
2. The IT Department reserves the right, through policy enforcement and any other means it deems necessary, to limit the ability of end users to transfer data to and from specific resources on the College network.
3. The IT Department will make every attempt to assist users who wish to configure their PDA
devices to provide access to the College’s communications platform in a secure manner.
4. The IT Department will provide support (limited) to the College email communications application only. This includes email, calendar, and contacts.
5. The College cannot be held responsible for damage or loss of information on a personal PDA device when, at the request of the owner, it is being supported by a representative of the IT Department.
POLICY APPLIES TO
This policy applies to all students, faculty, and staff of the College and to all other users of information technology resources at Cambridge College. These users are responsible for reading, understanding, and complying with this policy.
Individual Responsible for Revision and Implementation: Vice President for Finance and Administration and Director of Information Technology