Additional Restrictions on Personally Owned Devices

Standard number: UMD-DS-01
Date issued: 2-16-2015
Date last reviewed: 8-25-2015
Version number: 1.0
Approval authority: Office of UM-Dearborn Director of IT Strategy & Operations Information and Infrastructure Assurance
Responsible office: Office of UM-Dearborn Director of IT Strategy & Operations Information and Infrastructure Assurance

I. Purpose

The university engages in research, teaching, clinical, and administrative activities that encompass a large variety and volume of sensitive regulated data. Supporting these institutional missions increasingly requires sharing applications and data across multiple systems including various personal devices which are utilized in order to access various types of sensitive regulated data.

The purpose of this standard is to further restrict the fashion in which the University of Michigan-
Dearborn handles and secures sensitive regulated data when it is being accessed by means of any personally owned device. All contents and specifics of SPG 601.33 are still applicable and enforced. In addition to SPG 601.33, UM-Dearborn has opted to enact several additional restrictions in order to help ensure adequate data security and management.

II. Scope and Authority

This Standard applies to all departments, institutes, centers, and faculty, researchers, staff, students, and workforce members of the UM-Dearborn. Information and Infrastructure Assurance, a division of Information and Technology Services, is responsible for the maintenance and interpretation of this standard.

III. Governing University Policies

The following university SPGs govern this standard:

IV. Standard

In addition to all of the specifics described in the governing policy, SPG 601.33, the following additional restrictions are required to be implemented:

  • Devices must be password protected. (Complex passwords are highly recommended)
  • Full device encryption must be enabled (automatic for Apple iOS when password enabled, instructions for Android and all other devices to be provided.)
  • You must be prepared to prove you've deleted sensitive information from your personally owned devices upon changing and/or leaving employment with the university.

Policy owned by: Information Technology Services