Common use of BYOD Guidelines for Acquisition and Use Clause in Contracts

BYOD Guidelines for Acquisition and Use. Employees using prior - approved personally - owned devices will not be reimbursed by the University. • Loss, theft, or damage to personally - owned devices will not be reimbursed by the University. This includes, but is not limited to, when the device is being used for University business, on University time, or during business travel. • Employees using personally-owned devices, software, and/or related components to access Xxxxxxx State University data will ensure such devices employ some sort of device access protection such as, but not limited to, passcode, facial recognition, card swipe, fingerprint, etc. • Employees using prior - approved personally - owned devices and related software shall make every attempt to keep these devices and related software protected. • Employees using prior - approved personally - owned devices and related software accessing sensitive data will, in addition to device access protection, not store any sensitive data such as FERPA, HIPPA, etc. on these devices. • Sensitive Xxxxxxx State University - owned data may not be stored on external cloud- based personal accounts, such as Dropbox or Xxx.xxx. • Xxxxxxx State University - provided mobile device management or the equivalent will be implemented. Determination of equivalent measures is reserved to the Xxxxxxx State University Vice President of Information Technology, and/or other delegated designees. Passwords and/or other sensitive data will not be stored unencrypted on mobile devices. • Personally – Owned devices may be subject to the search and review as a result of litigation that involves the University and in accordance with the State of Georgia Open Records Act. • At the time that use of the personally-owned device for Xxxxxxx State business is no longer required the employee will provide documentation to their manager acknowledging and confirming that the device does not contain any Xxxxxxx State University sensitive data • Employees will immediately report to their managers any incident or suspected incidents of unauthorized data access, data or device loss, and/or disclosure of system or participant organization resources as it relates to personally-owned devices. • Managers will immediately report such incidents to the Xxxxxxx State University’s Vice President of Information Technology. • Failure to comply with the Xxxxxxx State University’s Personally - Owned Device Usage policy may result in the suspension of any or all technology use and connectivity privileges, disciplinary action, and/or possible termination of employment. Persons violating this policy may also be held personally liable for resulting damages and civil or criminal charges and Xxxxxxx State University may also refer suspected violations of applicable laws to appropriate law enforcement agencies. • Xxxxxxx State University reserves the right to implement technology to enable the removal of university owned data and tot monitor access to Xxxxxxx State University networks in order to identify unusual usage patterns or other suspicious activity. This monitoring is necessary in order to identify accounts/computers that may have been compromised by external parties. • All employees electing to use their personally - owned device must complete the Information Security Training Employee Declaration. • All employees using mobile devices (personally – owned or Xxxxxxx State University provided must follow the following security guidelines. Like desktop computers, mobile devices (such as iPads, Android tablets, mobile phones, PDAs, and laptop computers) must be appropriately secured to prevent sensitive data from being lost or compromised, to reduce the risk of spreading viruses, and to mitigate other forms of abuse to Xxxxxxx State University’s computing infrastructure. Set an idle timeout that will automatically lock your device if misplaced. Choose a strong password to protect your mobile device. Keep the device’s software (operating, anti- virus, security, encryption, etc.) up-to-date.

BYOD Guidelines for Acquisition and Use.  Employees using prior - approved personally - owned devices will not be reimbursed by the University. •  Loss, theft, or damage to personally - owned devices will not be reimbursed by the University. This includes, but is not limited to, when the device is being used for University business, on University time, or during business travel. •  Employees using personally-owned devices, software, and/or related components to access Xxxxxxx State University data will ensure such devices employ some sort of device access protection such as, but not limited to, passcode, facial recognition, card swipe, fingerprint, etc. •  Employees using prior - approved personally - owned devices and related software shall make every attempt to keep these devices and related software protected. •  Employees using prior - approved personally - owned devices and related software accessing sensitive data will, in addition to device access protection, not store any sensitive data such as FERPA, HIPPA, etc. on these devices. •  Sensitive Xxxxxxx State University - owned data may not be stored on external cloud- based personal accounts, such as Dropbox or Xxx.xxx. •  Xxxxxxx State University - provided mobile device management or the equivalent will be implemented. Determination of equivalent measures is reserved to the Xxxxxxx State University Vice President of Information Technology, and/or other delegated designees. Passwords and/or other sensitive data will not be stored unencrypted on mobile devices. •  Personally – Owned devices may be subject to the search and review as a result of litigation that involves the University and in accordance with the State of Georgia Open Records Act. •  At the time that use of the personally-owned device for Xxxxxxx State business is no longer required the employee will provide documentation to their manager acknowledging and confirming that the device does not contain any Xxxxxxx State University sensitive data •  Employees will immediately report to their managers any incident or suspected incidents of unauthorized data access, data or device loss, and/or disclosure of system or participant organization resources as it relates to personally-owned devices. •  Managers will immediately report such incidents to the Xxxxxxx State University’s Vice President of Information Technology. •  Failure to comply with the Xxxxxxx State University’s Personally - Owned Device Usage policy may result in the suspension of any or all technology use and connectivity privileges, disciplinary action, and/or possible termination of employment. Persons violating this policy may also be held personally liable for resulting damages and civil or criminal charges and Xxxxxxx State University may also refer suspected violations of applicable laws to appropriate law enforcement agencies. •  Xxxxxxx State University reserves the right to implement technology to enable the removal of university owned data and tot monitor access to Xxxxxxx State University networks in order to identify unusual usage patterns or other suspicious activity. This monitoring is necessary in order to identify accounts/computers that may have been compromised by external parties. •  All employees electing to use their personally - owned device must complete the Information Security Training Employee Declaration. •  All employees using mobile devices (personally – owned or Xxxxxxx State University provided must follow the following security guidelines. Like desktop computers, mobile devices (such as iPads, Android tablets, mobile phones, PDAs, and laptop computers) must be appropriately secured to prevent sensitive data from being lost or compromised, to reduce the risk of spreading viruses, and to mitigate other forms of abuse to Xxxxxxx State University’s computing infrastructure. Set an idle timeout that will automatically lock your device if misplaced. Choose a strong password to protect your mobile device. Keep the device’s software (operating, anti- virus, security, encryption, etc.) up-to-date.

BYOD Guidelines for Acquisition and Use. Employees using prior - approved personally - owned devices will not be reimbursed by the University. • Loss, theft, or damage to personally - owned devices will not be reimbursed by the University. This includes, but is not limited to, when the device is being used for University business, on University time, or during business travel. • Employees using personally-personally owned devices, software, and/or related components to access Xxxxxxx State University data will ensure such devices employ some sort of device access protection such as, but not limited to, passcode, facial recognition, card swipe, fingerprint, etc. • Employees using prior - approved personally - owned devices and related software shall make every attempt to keep these devices and related software protected. • Employees using prior - approved personally - owned devices and related software accessing sensitive data will, in addition to device access protection, not store any sensitive data such as FERPA, HIPPA, etc. on these devices. • Sensitive Xxxxxxx State University - owned data may not be stored on external cloud- based personal accounts, such as Dropbox or Xxx.xxx. • Xxxxxxx State University - provided mobile device management or the equivalent will be implemented. Determination of equivalent measures is reserved to the Xxxxxxx State University Vice President of Information Technology, and/or other delegated designees. Passwords and/or other sensitive data will not be stored unencrypted on mobile devices. • Personally – Owned owned devices may be subject to the search and review as a result of litigation that involves the University and in accordance with the State of Georgia Open Records Act. • At the time that use of the personally-personally owned device for Xxxxxxx State business is no longer required the employee will provide documentation to their manager acknowledging and confirming that the device does not contain any Xxxxxxx State University sensitive data • Employees will immediately report to their managers any incident or suspected incidents of unauthorized data access, data or device loss, and/or disclosure of system or participant organization resources as it relates to personally-personally owned devices. • Managers will immediately report such incidents to the Xxxxxxx State University’s Vice President of Information Technology. • Failure to comply with the Xxxxxxx State University’s Personally - Owned Device Usage policy may result in the suspension of any or all technology use and connectivity privileges, disciplinary action, and/or possible termination of employment. Persons violating this policy may also be held personally liable for resulting damages and civil or criminal charges and Xxxxxxx State University may also refer suspected violations of applicable laws to appropriate law enforcement agencies. • Xxxxxxx State University reserves the right to implement technology to enable the removal of university owned data and tot monitor access to Xxxxxxx State University networks in order to identify unusual usage patterns or other suspicious activity. This monitoring is necessary in order to identify accounts/computers that may have been compromised by external parties. • All employees electing to use their personally - owned device must complete the Information Security Training Employee Declaration. • All employees using mobile devices (personally – owned or Xxxxxxx State University provided must follow the following security guidelines. Like desktop computers, mobile devices (such as iPads, Android tablets, mobile phones, PDAs, and laptop computers) must be appropriately secured to prevent sensitive data from being lost or compromised, to reduce the risk of spreading viruses, and to mitigate other forms of abuse to Xxxxxxx State University’s computing infrastructure. Set an idle timeout that will automatically lock your device if misplaced. Choose a strong password to protect your mobile device. Keep the device’s software (operating, anti- virus, security, encryption, etc.) up-to-date.