ECA- Mobile Computing and Storage Devices
Advances in computer technology, mobile computing, and storage devices have become useful tools in meeting the various student, employee, educational and business needs of the District. These mobile computing and storage devices are especially susceptible to loss, theft, hacking, and the distribution of malicious software (malware) because they are easily portable and can be used anywhere. As mobile computing and storage devices become more widely used, it is necessary to address security issues in order to protect the information resources, technology, and equipment of the District.
Therefore, the South Sanpete Board of Education has established this Policy in order to control and monitor mobile computing and storage devices, to minimize the risk of loss or exposure of the District’s sensitive information, and to reduce the risk of acquiring malware infections on District computers.
- Handheld Wireless Device: A communication device small enough to be carried in the hand. Various brands are available, and each performs some similar or some distinct functions. It can provide access to other Internet services, can be centrally managed via a server, and can be configured for use as a phone or pager. In addition, it can include software for transferring files and for maintaining a built-in address book and personal schedule. PDAs, iPods, iPads, tablets, netbooks, and laptops are all examples.
- Mobile Devices: Device or medium that is readable and/or writeable by users and is able to be moved from computer to computer without modification to the computer. Mobile media devices include, but are not limited to: PDAs, USB port devices, CDs, DVDs, cameras, MP3 players (iPods), flash drives, removable hard drives, modems, handheld wireless devices, wireless networking cards, and other existing or future media devices.
- Guest Network: A guest network or VLAN (Virtual Local Area Network) will be set up in each school as needed. This will allow access to the network but separate from the school’s network or VLAN. Guest networks will be filtered and require authentication for logging activity. The guest network and school’s networks will not have access to the other, helping to insure the integrity and reliability of the school’s network.
- This Policy applies to all District employees, students, consultants, vendors, contractors, and others who choose to use mobile computing and storage devices on the District’s network. Each District employee and student will review the Policy annually in conjunction with the Acceptable Use and Internet Safety Policies.
- It is the Policy of South Sanpete School District that mobile computing and storage devices containing or accessing the information resources of the District must be approved prior to connecting to the District’s information systems. This pertains to all devices regardless of ownership. Devices not owned by the District may only access guest networks.
- Mobile computing and storage devices either personally owned or District owned, that may connect to or access the District’s information systems must be pre-approved before using. A risk analysis for each new media type shall be conducted and documented by the School/District Technology Specialist prior to its use or connection to the District’s network.
- Technical personnel and users, which include employees, consultants, vendors, contractors, and students, shall have knowledge of, sign, and adhere to the Computer Use and Information Security Policy Agreement. Compliance with other applicable policies, procedures, and standards is mandatory.
- Students who bring personal storage devices (such as flash drives) to school may only plug these devices into computers with software that will prevent against unwanted workstation changes. The school/District also reserves the right to review the files on these devices before students use them. This review shall be done by the School Site Specialist or the District Technology Director.
- Portable computing devices and portable electronic storage media that contain confidential, personal, or sensitive information must use encryption or equally strong measures to protect the data while it is being stored. Confidential or sensitive data shall never be stored on a personal device.
- Charges for repair due to misuse of equipment or misuse of services may be the responsibility of the user, as determined on a case-by-case basis by District or Regional Technology Specialists at CUES.
- Minimum Requirements by Users
a. Employees and students shall report lost or stolen mobile computing and storage technologies that are owned by the District or have sensitive District information on them.
b. The District shall approve all new mobile computing and storage technologies that may connect to the District’s information systems.
c. The District’s technical personnel must first approve any non-departmental owned device that may connect to the District’s network.
d. Devices not owned by the District shall only connect to the guest networks.
- Penalties for Improper Use
Any violation of this Policy or applicable State and Federal Laws may result in appropriate student or employee discipline in accordance with District policies and the disciplinary measures outlined in the District Acceptable Use Policies: ECA, ECB, and ECC EC-2 In addition, the site administrator/supervisor or systems administrator may limit, suspend, or revoke access to electronic resources at any time. All penalties for improper use will also be documented and placed in the employee’s file or a student’s records.