4000-4-9Acceptable Use of IT Mobile Devices Policy

Issue Date:
May 26, 2016
Supersedes Date:
October 01, 2012

Upon request, the college will provide a copy of this policy in an alternate format.

It is essential that the integrity of the private and confidential client and business data that reside within the Lambton College information system and technology infrastructure be secure and protected. It is incumbent on the College to protect its data from being stored insecurely and, deliberately or inadvertently, accessed inappropriately or damaged. A breach of the data integrity can result in loss of information, damage to critical applications, loss of revenue, and damage to the public image of Lambton College.

Definition

Mobile Device
a small, computing device, typically but not necessarily having a display screen with touch input and/or a miniature keyboard, that can be easily transported by the user to provide computing and internet access at (almost) any location, and may be – although not exhaustively - a smartphone, tablet, wearable technology, netbook, or laptop.

Policy

  1. All Lambton College employees, contractors, visitors, and other agents who use a mobile device to access, store, back up, or relocate any corporate data are bound by this policy. Further, this policy applies to any hardware and related software that could be used to access corporate resources, even when said equipment is not corporately sanctioned, owned, or supplied.
  2. Although employment at Lambton College, and in some instances other relationships (e.g. contractor), may provide access to corporate data and confidential information, this relationship does not guarantee the right to use mobile devices to gain access to corporate networks and information.
  3. It is the responsibility of any employee of Lambton College, or other person who is granted access to the College information system, who uses a mobile device – whether College provided or personal - to gain access to access corporate resources, to ensure that all security protocols normally used in the management of data on conventional storage infrastructure are also applied in conjunction with the mobile device.
  4. This policy is complementary to any previously implemented policies dealing specifically with data access, data storage, data movement, and connectivity of mobile devices to any element of the enterprise network.
  5. All mobile devices attempting to connect to the corporate network through an unmanaged network (e.g. the Internet) will be inspected using technology centrally managed by the Lambton College IT department. Devices that represent any threat to the corporate network or data will not be allowed to connect.
  6. The IT department reserves the right to refuse to connect any mobile device to the corporate infrastructure. The IT department will deny a connection if, in its judgment, such equipment is being used in a manner that puts at risk the corporate infrastructure, data, users, or clients.
  7. The IT department reserves the right to limit the ability of end users to transfer data to and from specific resources on the corporate network.
  8. Any mobile device that is used to conduct Lambton College business must be used appropriately, responsibly, and ethically in the conduct of College or associated business.
  9. Employees using mobile devices and related software for network and data access must use secure data management procedures, including but not limited to the following.
    1. All mobile devices must be protected by a password.
    2. All data stored on the device must be encrypted.
    3. All users of mobile devices must employ reasonable physical security measures. End users are expected to secure all such devices used for this activity whether or not they are actually in use and/or being carried.
    4. All users of mobile devices must follow corporate data removal procedures to permanently erase corporate data from mobile devices once the use of the data or the device is no longer required.
  10. Lambton College will not reimburse employees if they choose to purchase their own mobile devices. Users may not charge or submit expenses for any personal network usage costs.
  11. Any mobile device - issued by the College or used to conduct College business - must be used in a safe manner.
  12. Any mobile device that is being used to store Lambton College data must adhere to the authentication requirements of the College IT department.
  13. Any attempt to contravene or bypass any College security measure will be deemed an intrusion attempt and result in appropriate measures by the IT department including removal of privileges, and discipline and legal sanctions.
  14. In the event of a mobile device being lost or stolen, the user is required to report immediately the loss to the IT department. The department, at its sole discretion, may remotely wipe the device of all data and lock it to prevent access.
  15. The IT Department, at its discretion, may choose not to support hardware and software independently purchased by an end user and not be responsible for resolving conflicts or problems caused by the use of media, hardware, or software independently purchased by a user.
  16. IT may establish audit trails that may be used without notice to the users. Such trails will be able to track the attachment and use of a device, and the resulting reports may be used for investigation of possible security breaches or misuse of the College system or resources. The mobile device user agrees and accepts that his/her access and/or connection to the Lambton College networks may be monitored in order to identify unusual usage patterns or other suspicious activity. This monitoring may be undertaken in order to identify accounts or devices that may have been compromised.
  17. Failure to comply with this policy will be addressed through established discipline policies and procedures. In addition to the sanctions identified in College policies, sanctions specific to the use of mobile devices may be applied and include, but are not limited to, loss of mobile device access privileges, temporary or permanent revocation of access to corporate computing and information system resources, and legal action according to applicable laws and contractual agreements.

For questions or concerns regarding policies, please contact:

Jim Elliott
Director, Quality Assurance & Institutional Research
519-542-7751 x 3489
jim.elliott@lambtoncollege.ca

Back to Top