The increased use of mobile technologies allows users to access and use sensitive University data from any location. There are a wide variety of smartphones and tablet computers that can process and store data.
To protect this data, the University must ensure that appropriate safeguards are in place and maintained.
Here are eight controls that must be observed by users when using smartphones and tablets to process university data:
- Smartphones and tablets must require authentication to access data on the device
- Screen locking that requires re-authentication must be enforced upon 15 minutes of non-usage/idle time
- Only store sensitive data on mobile devices for the duration of a valid business justification for doing so
- Access to sensitive information owned by or entrusted to the University must not be divulged to un-authorized individuals
- When storing sensitive data on removable media, the removable media must employ encryption
- Ensure that sensitive data is removed from smartphones and tablets when it is no longer needed
- Never use unsecure networks/technologies; e.g.; SMS texting, instant messaging, email and BlackBerry PIN-to-PIN, to transmit sensitive data
- In the event that a University owned smartphone or tablet device is lost, report it immediately to ITS Service Desk to have the device remotely wiped
There is a Carleton policy on Mobile Technology Security that encompasses, portable computers, portable storage media, smartphones and tablets. Read the full policy here:
https://carleton.ca/secretariat/wp-content/uploads/Mobile-Technology-Security-Policy.pdf