Purpose
The purpose of this policy is to define standards, procedures, and restrictions for the use and support of Personal Digital Assistant devices (PDAs) that are common in the workplace and may be used by employees of Cambridge College. This policy applies to, but is not limited to, all devices that fit the following device classifications:
- Handhelds running the Apple OS, Android OS, Blackberry OS, Palm OS, Microsoft Windows CE, PocketPC, Windows Mobile, Symbian, or Mobile Linux operating systems and others.
- Mobile devices that are wireless or wired (i.e. connectible using the College wired or wireless network or by a wireless provider network such as Verizon, ATT or Sprint.
- Smartphones and Smartwatches that include PDA functionality.
- Any third-party hardware, software, processes, or services used to provide connectivity to the above.
The policy applies to any mobile/PDA hardware and related software that could be used to access college resources, even if the equipment is not college-sanctioned, owned, or supplied. The overriding goal of this policy is twofold. The first goal is to protect Cambridge College’s technology-based resources (such as College data, computer systems, networks, databases, etc.) from unauthorized use and/or malicious attacks that could result in loss of information, damage to critical applications, loss of revenue or damage to our public image. Therefore, all users employing mobile device/PDA-based technology to access College technology resources should adhere to College-defined processes for doing so. See the Electronic Communication Policy and the Responsible Use Policy (for examples). The second goal of this policy is to make clear the limits that the College places on user support for mobile/PDA devices.
Scope
This policy applies to all Cambridge College employees, including full- and part-time staff, full and part time faculty, contractors, and other agents who utilize College-owned, personally-owned, or publicly-accessible mobile/PDA-based technology to access the College’s data and networks via wired or wireless means. Such access to enterprise network resources is a privilege, not a right. Consequently, employment at Cambridge College does not automatically guarantee the granting of these privileges.
Addition of new hardware, software, and/or related components to provide additional PDA-related connectivity within College facilities will be managed at the sole discretion of the Information Technology Department and the College.
Supported Technology
At this time Cambridge College does not provide support for employee-owned Cell Phones or other mobile devices/PDAs. The Cambridge College IT Department is not able to provide personal consulting to individual employees other than providing a best-effort attempt to assist an employee in their own attempt at connecting a mobile/PDA device to a College IT resource. Such support is limited to time available and will often require the employee to perform upgrades, patches and revisions on their own.
Policy and Appropriate Use
It is the responsibility of any employee of Cambridge College who is connecting to the College’s network via a mobile device/PDA to ensure that all components of his/her connection remain as secure as his/her network access within the office. It is imperative that any wired (via sync cord, for example) or wireless connection, including, but not limited to, mobile/PDA devices and services used to conduct Cambridge College business, be utilized appropriately, responsibly, and ethically. Failure to act accordingly may result in immediate suspension of that user’s account at the sole discretion of the IT Department. Based on this, the following rules should be observed:
1. Employees using mobile devices/PDAs and related software to connect to Cambridge College’s technology infrastructure will, without exception, use secure remote access procedures. This will be enforced through public/private key passwords in accordance with Cambridge College’s Responsible Use policy. Employees agree to never disclose their passwords to anyone, including family members, if college work is conducted from home.
2. All mobile devices/PDAs that are used for college interests must display reasonable physical security measures. Users are expected to secure all handhelds and related devices used for this activity whether or not they are actually in use and/or being carried. This includes, but is not limited to, power-on passwords. Any non-college-owned computers used to synchronize with mobile devices/PDAs will have current antivirus software loaded. Antivirus signature files must be updated on a regular basis.
3. Passwords and other confidential data as defined by Cambridge College, are not to be stored on mobile devices/PDAs or their associated storage devices (such as SD and CF cards).
4. The Cambridge College IT Department reserves the right to require students and employees to shut down any form of personally owned technology that has been determined to cause interference with the proper functioning of the College's wireless technology.
5. Any mobile device/PDA that is configured to access Cambridge College resources via wireless or wired connectivity must adhere to the authentication requirements of the College, as found in the Data Security Policy and the Responsible Use Policy.
6. Employees, contractors, and temporary staff will make no modifications of any kind to College-owned and installed hardware or software without the express approval of the IT Department. This includes, but is not limited to, installation of mobile device/PDA software on College-owned desktop or laptop computers, connection of sync cables and cradles to College-owned equipment, and use of the College’s wireless network bandwidth via these devices.
7. Employees, contractors, and temporary staff with Cambridge College-sanctioned wireless-enabled mobile devices/PDAs must ensure that their computers and handheld devices are not connected to any other network while connected to Cambridge College’s network via remote access.
8. The mobile device/PDA-based user agrees to immediately report to his/her manager and the IT Department any incident or suspected incidents of unauthorized access and/or disclosure of College resources, databases, networks, etc.
9. The mobile device/PDA-based wireless access user also agrees to and accepts that his or her access and/or connection to Cambridge College’s networks may be monitored to record dates, times, duration of access, etc., in order to identify unusual usage patterns or other suspicious activity. As with in-house computers, this is done in order to identify accounts/computers that may have been compromised by external parties.
10. The IT Department reserves the right to suspend without notice any access port to the network that puts the College’s systems, data, users, and clients at risk.
Security
1. Employees using mobile devices and related software for network and data access will, without exception, use secure data management procedures. All mobile device users must ensure all College data stored on the device is encrypted using strong encryption. See the Cambridge College’s Electronic Communication Policy for additional background. Please remember that email communications sent to and from PDAs and similar devices are insecure. Cambridge College policies prohibit the sending and receiving of personally identifiable information by email. This includes employee data as well as student data. Employees agree to never disclose their passwords to anyone, including family members, if college work is conducted from home.
2. All users of mobile devices must employ reasonable physical security measures. End users are expected to secure all such devices used for this activity whether or not they are actually in use and/or being carried. This includes but is not limited to, passwords, encryption, and physical control of such devices whenever they contain college data. Any non-college computer used to synchronize with these devices will have installed anti-virus and anti-malware software deemed necessary by the IT Department. Anti-virus signature files on any additional client machines – such as a home PC – on which this media will be accessed must be up to date.
3. Passwords and other confidential data as defined by the IT Department, are not to be stored unencrypted on mobile devices.
4. Any mobile device that is being used to store Cambridge College data must adhere to the authentication requirements of the College. In addition, all hardware security configurations (personal or College-owned) must be pre-approved by the IT Department before any enterprise data-carrying device can be connected to it.
5. The IT Department will manage security policies, network, application, and data access centrally using whatever technology solutions it deems suitable. Any attempt to disable or bypass said security implementation will be deemed an intrusion attempt and will be dealt with in accordance with Cambridge College’s Responsible Use policy.
6. Employees, contractors, and temporary staff will follow all enterprise-sanctioned data removal procedures to permanently erase College-specific data from such devices once their use is no longer required.
Help & Support
1. Cambridge College’s IT department will support its sanctioned hardware and software but is not responsible or accountable for conflicts or problems with personally owned mobile/PDA devices or other hardware and software.
2. The IT Department reserves the right, through policy enforcement and any other means it deems necessary, to limit the ability of end users to transfer data to and from specific resources on the College network.
3. The IT Department will make every attempt to assist users who wish to configure their mobile device/PDA
devices to provide access to the College’s communications platform in a secure manner.
4. The IT Department will provide support (limited) to the College email communications application only. This includes email, calendar, and contacts.
5. The College cannot be held responsible for damage or loss of information on a personal mobile device/PDA device when, at the request of the owner, it is being supported by a representative of the IT Department.
Policy Applies To
This policy applies to all students, faculty, and staff of the College and to all other users of information technology resources at Cambridge College. These users are responsible for reading, understanding, and complying with this policy.
Individual Responsible for Revision and Implementation:
Vice President for Finance and Administration and Director of Information Technology
Date of Original Implementation: October 2011
Date of Last Revision: April 2024