Jun 06, 2025  
Policies and Procedures Manual 
    
Catalog Navigation
  Publication Home
  Section 1 Vision, Campus Compact and Mission
  Section 2 Governance, Organization and General Policies
  Section 3 Academic Policies
  Section 4 Faculty - Student Policies
  Section 5 Faculty/Staff Business Policies
  Section 6 Personnel Policies
  Section 7 Travel Policies
  Section 8 Facilities, Services and General Information Policies
  Section 9 Safety and Security Policies
  Section 10 Policies and Procedures Forms
  Section 11 College Advisory Councils and Committees
  WSCC Purchasing Manual
  My Portfolio
HELP
Policies and Procedures Manual

08:08:04 Mobile Device E-mail Security

Revision Responsibility: Chief Information Officer
Responsible Executive Officer: Vice President for Business & Finance
Source/Reference:
Tennessee State Code Annotated 47-18-2901

Purpose

Tennessee State Code 47-18-2901 defines that the institution must have safeguards and procedures to ensure that confidential information is protected on laptops and other mobile devices. Currently, all personally assigned institutionally owned laptops have enterprise drive encryption enabled by IET when the device is received. This policy is intended to ensure the integrity of institutional data that might be stored on other mobile devices whether institutional property or personal property.

Policy

I. Definitions

For the purposes of this policy, all definitions are defined in WSCC Information Technology Definitions Policy 08.08.07.

II. Procedures to Enforce Mobile Device Security

Any other mobile device that connects to the institutional email server must respect the current Exchange Active Sync Server requirements. These software requirements require specific security be present, active, and updated on the mobile device before communication with the server is allowed. These are:

  1. Password Requirements:  The device must have a password placed on it that is of sufficient complexity to protect data resident on the device. For a mobile device, this will not be required to be the same as the users Active Directory password. The minimum size will be 4 characters and/or numbers. The password will not expire but can be changed by the user at any time.
  2. Idle device locking:  After a period of inactivity, the device will lock and not display data. The user will be required to enter their device password before it can be used.
  3. Remote erasure: If a device is lost or stolen, the institution and/or user will have the ability to erase the mobile device remotely. The owner can log in to the Outlook Web Access (OWA) web site using their Active Directory credentials and choose to wipe all data from the device or wipe all data related to their Walters State account. IET will also be able to assist users with this if they are unable to successfully execute the remote erasure.
    1. User is required to notify the IET Help Desk when a device is missing or stolen and must attempt to delete data related to their Walters State account.
    2. IET will choose the appropriate data deletion process at its discretion. It reserves the right to initiate remote erasure upon a device when it is known to be missing, stolen, or in possession of an at-risk person or if other attempts are unsuccessful.

02/13; 09/17; 05/21; 10/21; 10/22; 10/23