Greater Saskatoon Catholic
Schools
I.T. Mobile Device Procedures
1.0 Overview
Generally speaking, a more mobile workforce is a more flexible and productive
workforce. For this reason, business use
of mobile devices is growing. However,
as these devices become vital tools to the workforce, more and more sensitive
data is stored on them, and thus the risk associated with their use is
growing. Special consideration must be
given to the security of mobile devices.
2.0 Purpose
The purpose of this document is to specify GSCS standards for the use and
security of mobile devices.
3.0 Scope
This policy covers any mobile device capable of coming into contact with GSCS
data and its’ network, including, but not limited to, laptops, notebooks, PDAs,
smart phones, and USB drives.
4.0 Procedures
4.1 Physical Security
By nature, a mobile device is more
susceptible to loss or theft than a non-mobile system. GSCS users should carefully consider the
physical security of mobile devices and take appropriate protective measures,
including the following:
·
All
mobile devices must have the autolockoption engaged and be password protected.
·
Care
should be given when moving or transporting mobile devices.
·
GSCS
will evaluate the data that will be stored on mobile devices and consider
deploying remote wipe/remote delete technology.
This technology allows a user or administrator to make the data on the mobile
device unrecoverable.
·
GSCS
will continue to monitor the market for physical security products for mobile
devices, as it is constantly evolving.
4.2 Data Security
If a mobile device is lost or stolen, the
data security controls that were implemented on the device are the last line of
defense for protecting GSCS data. The
following sections specify GSCS's requirements for data security as it relates
to mobile devices.
4.2.1 Laptops/Tablets
Use of encryption is not required but it is
encouraged if data stored on the device is especially sensitive. Laptops/tablets should require a username and
password or biometrics for login.
4.2.2 Smart Phones
Use of encryption is not required on smart
phones but it encouraged if data stored on the device is especially
sensitive. Smart phones must require a
password for login.
4.2.3 Mobile Storage Media
This section covers any USB drive, flash
drive, memory stick or other personal data storage media. Storage of GSCS data on such devices is
discouraged, but their use is permitted and encryption is not required.
4.2.4 Portable Media Players
No GSCS data should be stored on personal
media players.
4.2.5 Other Mobile Devices
Unless specifically addressed by this policy,
storing GSCS data on other mobile devices, or connecting such devices to GSCS
systems, is expressly prohibited.
Questions or requests for clarification on what is and is not covered
should be directed to the IT Manager.
4.3 Connecting
to Unsecured Networks
Users are permitted to connect GSCS-provided
computers to public or unsecured networks.
Examples of unsecured networks would typically, but not always, relate
to Internet access, such as access provided from a home network, access
provided by a hotel, an open or for-pay wireless hotspot, a convention network,
or any other network not under direct control of GSCS.
4.4 General Guidelines
The following guidelines apply to the use of
mobile devices:
·
Loss,
Theft, or other security incident related to a GSCS-provided mobile device must
be reported promptly.
·
Lost,
damaged, or stolen equipment will be the responsibility of
the borrower to
replace. For the
users’ own
protection, GSCS-provided mobile device should be added to your home and/or
tenant policy for insurance purposes.
·
Confidential
data should not be stored on mobile devices unless it is absolutely
necessary. If confidential data is
stored on a mobile device it must be appropriately secured and comply with the
Confidential Data policy.
·
Data
stored on mobile devices must be securely disposed of in accordance with the
Data Classification Policy.
·
Users
are not to store GSCS data on non-GSCS-provided mobile equipment, unless password
protected.
5.0 Enforcement
These procedures will be enforced by Superintenents of Education. Violations
may result in disciplinary action, which may include suspension, restriction of
access, or more severe penalties up to and including termination of employment.
Where illegal activities or theft of GSCS property (physical or intellectual)
are suspected, GSCS may report such activities to the applicable authorities.
6.0 Definitions
Encryption-The process of encoding data with an algorithm so that it is
unintelligible without the key. Used to
protect data during transmission or while stored.
Mobile Devices-A portable device that can be used for certain
applications and data storage. Examples
are laptops, netbooks, PDAs or Smartphones.
Mobile Storage Media-A data storage device that utilizes flash memory to
store data. Often called a USB drive,
flash drive, or thumb drive.
Password-A sequence of characters that is used to authenticate a user to
a file, computer, or network. Also known
as a passphrase or passcode.
Portable Media Player-A mobile entertainment device used to play audio
and video files. Examples are mp3
players and video players.
Smartphone-A mobile telephone that offers additional applications, such
as email.
7.0
Revision History
Revision 1.0, 8/9/2011
Revision
2.0, 8/13/2012