an Information Technology Services Policy
Tenn. Code Ann. § 47-18-2901 specifies that state agencies must have safeguards and procedures to ensure that confidential information is protected on laptops and other portable devices. Currently, all university owned laptops have enterprise drive encryption enabled by Information Technology Services (ITS) when the device is received. This policy is intended to ensure the integrity of university data that might be stored on other portable devices used by ETSU faculty and staff regardless of whether the device is university property or personal property. This policy does not apply to students not employed by the university.
Portable Computational Device: A computational device that can connect to a wired or wireless network and exchange data with university servers. This can include tablet computers and smart phones. Most of these devices are used to connect to the university email server for calendar, contact, and email information.
Any portable device used by faculty or staff that connects to the ETSU email server must respect the current Active Sync Policy. This software policy requires specific security be present and active on the portable device before communication with the server is allowed. These are:
The device must have a password placed on it that is of sufficient complexity to protect data resident on the device. For a portable device, this will not be required to be the same as the individual user's ETSU Active Directory password. The minimum length will be 4 characters and must include at least 1 alpha character, 1 numeric digit, and 1 special character. The password will not expire but can be changed by the user at any time.
After 30 minutes of inactivity, the device will lock and not display data. The user will be required to enter their device password to unlock the device.
If a device is lost or stolen, the user will have the ability to erase all data on the portable device remotely. This is done by logging into the Outlook Web Access (OWA) server. ITS will also be able to assist users with this if they are unable to successfully execute the remote erasure.
Approved: Information Technology Governance Council
Reviewed: May 2016
Updated: May 2016