Apr 19, 2024  
Policies and Procedures Manual 
    
Catalog Navigation
  Publication Home
  Section 1 Vision, Campus Compact and Mission
  Section 2 Governance, Organization and General Policies
  Section 3 Academic Policies
  Section 4 Faculty - Student Policies
  Section 5 Faculty/Staff Business Policies
  Section 6 Personnel Policies
  Section 7 Travel Policies
  Section 8 Facilities, Services and General Information Policies
  Section 9 Safety and Security Policies
  Section 10 Policies and Procedures Forms
  Section 11 College Advisory Councils and Committees
  WSCC Purchasing Manual
  My Portfolio
HELP
Policies and Procedures Manual

08:08:04 Mobile Device E-mail Security

Revision Responsibility: Executive Director of Information and Educational Technologies & Chief Information Officer
Responsible Executive Officer: Vice President for Business & Finance

Purpose

Tennessee State Code 47-18-2901 defines that the institution must have safeguards and procedures to ensure that confidential information is protected on laptops and other mobile devices. Currently, all personally assigned institutionally owned laptops have enterprise drive encryption enabled by IET when the device is received. This policy is intended to ensure the integrity of institutional data that might be stored on other mobile devices whether institutional property or personal property.

Policy

I. Definitions

  • Mobile Device: A computational device that can connect to a wired or wireless network and exchange data with institutional servers. This can include tablet computers and smart phones. Most of these devices are used to connect to the institutional email server for calendar, contact and email information.
    To view a list of compliant operating systems and devices go to http://helpdesk.ws.edu. Devices that are not compliant will be unable to access the institutional email system from the mobile device.

II. Procedures to Enforce Mobile Device Security

Any other mobile device that connects to the institutional email server must respect the current Exchange Active Sync Server requirements. These software requirements require specific security be present and active on the mobile device before communication with the server is allowed. These are:

  1. Password Requirements: The device must have a password placed on it that is of sufficient complexity to protect data resident on the device. For a mobile device, this will not be required to be the same as the users Active Directory password. The minimum size will be 4 characters and/or numbers. The password will not expire but can be changed by the user at any time.
     
  2. Idle device locking: After a period of inactivity, the device will lock and not display data. The user will be required to enter their device password before it can be used.
     
  3. Remote erasure: If a device is lost or stolen, the instituion and/or user will have the ability to erase the mobile device remotely. The owner can log in to the Outlook Web Access (OWA) web site using their Active Directory credentials and choose the option to erase the device. This will erase institutional synced data along with all other information on the device. IET will also be able to assist users with this if they are unable to successfully execute the remote erasure.

1.     User are required to notify the IET helpdesk when a device is missing or stolen

2.     IET reserves the right to initiate remote erasure upon a device when it is known to be missing, stolen, or in possession of an at-risk person

02/13; 09/17

Supplemental Information
Link to Tennessee State Code Annotated 47-18-2901: http://www.michie.com/tennessee/lpExt.dll?f=templates&eMail=Y&fn=main-h.htm&cp=tncode/17630/18746/18c4e/18c50