• Account & Access Management
• Application Services
• Data Center Hosting
• Desktop Management
• Enterprise Connectivity
• Information Security
• Messaging & Collaboration
• Professional Services
• Technology Sales
• Training, Education & Awareness
• Voice Services

OU Norman IT
OU Tulsa IT

Home  |  Online Help  |  Policies  |  Forms  |  Tier Ones

 :: HOME / policies /

Portable Computing Device Security

Supporting documents: Full policy - Standard - Form

All Portable Computing Devices (PCDs), irrespective of device ownership, that are used in conjunction with any computer, data, or network device owned or managed by OU must follow OU policies and standards for the secure use of PCDs.  This includes personal devices that access OU email systems.

Standards:

PCDs must use a logon and/or power-on password

PCDs should not be used to store sensitive information unless absolutely necessary.  Sensitive information should be stored and accessed from a server in the campus enterprise data center that provides appropriate physical security.

PCDs that must store sensitive information must use a Federal Information Process Standard (FIPS) encryption method to protect data from unauthorized disclosure.

Physical safeguards: Appropriate physical security measures should be taken to prevent theft of PCDs and their media or data. 

• Unattended portable computing devices and media must be physically secure. For example, they must be locked in an office, locked in a desk drawer or filing cabinet, or attached to a desk or cabinet via a cable lock system.
• During transportation in a vehicle PCDs must be hidden from view and when possible not left unattended.
• All PCDs used in open, public, or other wise insecure areas must implement the following to the greatest extent possible:
  • A theft deterrent device when left unattended.
  • Reasonable safeguards to prevent unauthorized viewing of log-ins, passwords, and sensitive data

Theft:

• Reporting: Theft of portable computing devices containing sensitive information must be reported immediately to Information Security Services and the OU police. See Form
• Remote data delete: If available, PCDs should employ a remote data delete function to delete information on a device that has been lost or stolen.
• Tracking: It is recommended that devices use remote tracking capabilities.

Wireless: Approved wireless transmission protocols and encryption must be used when transmitting sensitive information.  Sensitive data traveling to and from the PCD must be encrypted during transmission.

Remote Access: Approved remote access services and protocols must be used when transmitting sensitive information.  (See Remote Access Standard).

Disposal and Reuse: PCDs users must follow the Data Disposal and Reuse policy to properly remove data and software from the PCD before its disposal or reuse.

Desktop Standards: Portable devices and media users must follow desktop security standards to the extent technically possible

Manually logoff, lock, or power off the PDC when leaving it unattended, and/or

Enable an automated logoff or password-protected screen saver that locks the device after 15 minutes of inactivity, and/or

Antivirus: Laptop computers must use an approved, functioning, and up to date antivirus program.  Antivirus protection should be considered for other PCDs as the software becomes available and as malicious code is developed for those devices.