Policy Redesign Project

All policies and procedures are being reviewed as part of this project. This document is pending review, but remains in effect until the review is carried out.

Secure Mobile Computing Policy

Establishment: Vice-Chancellor, 5 December 2014
Last Amended: n/a
Nature of Amendment: n/a
Date Last Reviewed: n/a
Responsible Officer: Director, Information Technology Services

1. Objective

The objective of this policy is to:

  • Protect Flinders University-owned mobile computing devices from physical theft or damage;
  • Prevent unauthorised access to the data stored on University-owned mobile computing devices; and
  • Prevent unauthorised access to University systems from personal mobile computing devices.

This policy is written to be consistent with the Information Security Standards AS/NZS ISO/IEC 27001:2006 and AS/NZS ISO/IEC 27002:2006.

2.  Scope

The policy applies to the following types of mobile computing devices used by Flinders University users (including, but not limited to):

  • Notebook and laptop computer equipment;
  • Tablet devices used for data storage, calendars, contacts and task lists;
  • Mobile phones where mobile internet (e.g. 3G) technology is used for email correspondence;
  • Smartphone devices capable of running third-party or downloadable applications (e.g. iPhone, iPad, Android, Blackberry, Windows Mobile, etc.).

The requirements and expectations outlined in this policy apply to any user who is allocated a Mobile Computing Device by the University including (but not limited to), staff, students, contractors, and third parties. This also includes Staff mobile computing devices that are configured to connect to University IT Systems or store University information (including email, documents and other communications).

Student owned mobile computing devices are not in scope of this policy.

3.  Definitions

  • Mobile Computing Device is a portable computing device (laptop) or handheld computing device (mobile phone/smartphone/tablet) as described above;
  • Mobile Device User an individual allocated a Mobile Computing Device to perform their assigned job or role.

4.  Physical Security of Devices

Mobile Device Users must ensure that mobile computing devices are:

  • Never left unattended in a public place or unattended and visible in a vehicle;
  • Physically secured when not in the user’s possession.

Any theft or loss of a University mobile computing device should be reported immediately to the ITS Service Desk on (08) 8201 2345 or ITS Security Services (ictsecurity@flinders.edu.au).

5.  Mobile Data Protection

Information Technology Services are responsible for ensuring mobile computing devices are configured by default to:

  • Encrypt all data stored on the device (where practical);
  • Require passwords/passcodes for device access;
  • Utilise, where possible, up-to-date anti-malware software;
  • Allow remote erase functionality (to be utilised when a device is lost or stolen).

Users must:

  • Abide by the University’s IT Acceptable Use Policy in their use of mobile computing devices;
  • Not rely on mobile computing devices as the sole repository for their data;
  • Ensure data stored primarily on mobile computing devices is backed up to the University network storage system;
  • Not alter the configuration of University mobile computing devices, including the mobile phone carrier arrangements, without approval from ITS;
  • Report any lost or stolen mobile computing devices to their supervisor or the ITS Service Desk

In the event of a lost or stolen device, a security breach, or unacceptable usage (as per the IT Acceptable Use Policy) being detected, ITS may remotely wipe the smart device, returning it to default factory settings.

The University will take no responsibility for the loss of any personal information stored or downloaded on to a University owned or managed smart device (data, photos, music, apps, etc.) in the event of damage or loss.

6.  Mobile Connectivity Services

  • Users are responsible for ensuring mobile computing devices that include mobile internet or phone services funded by the University also comply with the requirements of the Mobile Services Policy.

7.  Compliance and Enforcement

  • Manager, ITS Security Services is responsible for monitoring user compliance with this policy and investigating and reporting breaches of this policy.
  • Supervisors/Managers are responsible for reporting any security incidents or breaches of this policy by staff under their supervision to the ITS Service Desk.
  • Failure by Users to comply with any element of this policy may result in disciplinary action in accordance with the relevant disciplinary procedures. These are:

8.  Related Documents

This policy should be read in conjunction with other relevant University policies, including:

Information Security Policy

IT Asset Management Policy

IT Acceptable Use Policy

Mobile Services Policy