Greater Saskatoon Catholic Schools

I.T. Mobile Device Procedures


1.0†††††† Overview

Generally speaking, a more mobile workforce is a more flexible and productive workforce.For this reason, business use of mobile devices is growing.However, as these devices become vital tools to the workforce, more and more sensitive data is stored on them, and thus the risk associated with their use is growing.Special consideration must be given to the security of mobile devices.


2.0 †††† Purpose

The purpose of this document is to specify GSCS standards for the use and security of mobile devices.


3.0 †††† Scope

This policy covers any mobile device capable of coming into contact with GSCS data and itsí network, including, but not limited to, laptops, notebooks, PDAs, smart phones, and USB drives.

 

4.0 †††† Procedures

4.1†††††† Physical Security

By nature, a mobile device is more susceptible to loss or theft than a non-mobile system.GSCS users should carefully consider the physical security of mobile devices and take appropriate protective measures, including the following:

         All mobile devices must have the autolockoption engaged and be password protected.

 

         Care should be given when moving or transporting mobile devices.

 

         GSCS will evaluate the data that will be stored on mobile devices and consider deploying remote wipe/remote delete technology.This technology allows a user or administrator to make the data on the mobile device unrecoverable.

 

         GSCS will continue to monitor the market for physical security products for mobile devices, as it is constantly evolving.


4.2 †††† Data Security

If a mobile device is lost or stolen, the data security controls that were implemented on the device are the last line of defense for protecting GSCS data.The following sections specify GSCS's requirements for data security as it relates to mobile devices.


4.2.1 Laptops/Tablets

Use of encryption is not required but it is encouraged if data stored on the device is especially sensitive.Laptops/tablets should require a username and password or biometrics for login.


4.2.2 Smart Phones

Use of encryption is not required on smart phones but it encouraged if data stored on the device is especially sensitive.Smart phones must require a password for login.


4.2.3 Mobile Storage Media

This section covers any USB drive, flash drive, memory stick or other personal data storage media.Storage of GSCS data on such devices is discouraged, but their use is permitted and encryption is not required.


4.2.4 Portable Media Players

No GSCS data should be stored on personal media players.


4.2.5 Other Mobile Devices

Unless specifically addressed by this policy, storing GSCS data on other mobile devices, or connecting such devices to GSCS systems, is expressly prohibited.Questions or requests for clarification on what is and is not covered should be directed to the IT Manager.



4.3†††††† Connecting to Unsecured Networks

Users are permitted to connect GSCS-provided computers to public or unsecured networks.Examples of unsecured networks would typically, but not always, relate to Internet access, such as access provided from a home network, access provided by a hotel, an open or for-pay wireless hotspot, a convention network, or any other network not under direct control of GSCS.


4.4†††††† General Guidelines

The following guidelines apply to the use of mobile devices:

         Loss, Theft, or other security incident related to a GSCS-provided mobile device must be reported promptly.

 

         Lost, damaged, or stolen equipment will be the responsibility of the borrower to replace.For the usersí own protection, GSCS-provided mobile device should be added to your home and/or tenant policy for insurance purposes.

 

         Confidential data should not be stored on mobile devices unless it is absolutely necessary.If confidential data is stored on a mobile device it must be appropriately secured and comply with the Confidential Data policy.

 

         Data stored on mobile devices must be securely disposed of in accordance with the Data Classification Policy.

 

         Users are not to store GSCS data on non-GSCS-provided mobile equipment, unless password protected.


5.0 †††† Enforcement

These procedures will be enforced by Superintenents of Education. Violations may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties up to and including termination of employment. Where illegal activities or theft of GSCS property (physical or intellectual) are suspected, GSCS may report such activities to the applicable authorities.


6.0 Definitions

Encryption-The process of encoding data with an algorithm so that it is unintelligible without the key.Used to protect data during transmission or while stored.

Mobile Devices-A portable device that can be used for certain applications and data storage.Examples are laptops, netbooks, PDAs or Smartphones.

Mobile Storage Media-A data storage device that utilizes flash memory to store data.Often called a USB drive, flash drive, or thumb drive.

Password-A sequence of characters that is used to authenticate a user to a file, computer, or network.Also known as a passphrase or passcode.

Portable Media Player-A mobile entertainment device used to play audio and video files.Examples are mp3 players and video players.

Smartphone-A mobile telephone that offers additional applications, such as email.

7.0 Revision History

Revision 1.0, 8/9/2011

Revision 2.0, 8/13/2012