Winthrop University Tablet Policy
Introduction and Purpose
With the introduction and growth of tablet computing, opportunities for users to be productive, access data, and communicate effectively has increased tremendously. Because tablets are highly portable and are high profile targets for theft (hardware and data), departments should apply due diligence handling and securing tablets. This document outlines the procedures for obtaining, using, and maintaining records for tablet hardware and services paid for with Winthrop University funds.
The use of the term “tablet” in this document includes Winthrop University owned devices that include a touch screen, but do not possess a built in cell phone and do not include a permanently attached physical keyboard. Examples of tablets include the iPad, iPad mini, Nexus Tablet, Microsoft Surface, Kindle Fire, etc. For the purposes of this document, the term “tablet” shall not apply to cell phones, smart phones, laptops, notebooks, and netbooks, since those devices are covered under separate policies.
Before purchasing a tablet model that has not been previously utilized by the department, users should consult with the Manager of User Support Services to obtain advice on the appropriate device to procure. This step is necessary to determine which type of device is most appropriate to the department’s needs and to also discuss the level of support available for the type of device selected. Winthrop University’s User Support technicians are not experienced with every type of tablet available. Therefore, the level of support available will vary based on the equipment selected.
Maintenance of Records for Hardware and Services
The department purchasing tablet equipment and services must maintain an inventory of the tablets and any data plan subscriptions. Each tablet must be entered into an inventory maintained by the department. At a minimum, the inventory must include the device model and serial number, person the device is assigned to, date of assignment and a signature of the person receiving the equipment. If there is a data plan subscription on the device or if a data plan subscription is added later, details of the plan cost, carrier, and term shall also be recorded in the inventory.
Tablet inventory records should be made available for audit upon request by the University Auditor, appropriate dean’s office, vice president’s office, or Information Technology office.
Individual users shall exercise precautions handling, storing, and securing tablets. Tablets should not be left unattended in unsecured locations under any circumstances. Theft tracking software that is provided for free by the manufacturer must be installed (e.g. Find My iPad) on all university owned tablets, even if other third party tracking programs are loaded. In addition, PREY software (also known as Operation CLAW) should be loaded onto the tablet if available for the model tablet being used. PREY instructions are available on the Campus Police website. Users needing assistance with tracking software may contact the IT Service Desk.
Winthrop University inventory tracking software must also be installed on all university owned tablets if available for the model tablet being used. The IT Service Desk should be contacted to "push" the installation of inventory tracking software.
The increased flexibility and portability of a tablet means there are also more opportunities for data to be stolen, lost, or inadvertently exposed. If sensitive data (such as student records, employee records, personally identifiable information, etc.) is stored on the tablet, an appropriate level of security must be applied. Furthermore, users must adhere to any relevant policies regarding the storage and use of sensitive information. Users should also be aware of and adhere to policies, grant rules, laws, and other compliance issues related to the use and transportation of data contained within tablets (e.g. a federally funded grant may not allow the transportation of grant funded research data to certain foreign countries). Users should note that policies are frequently updated and added that pertain to data security and personally identifiable information. Users are responsible for complying with all applicable policies, rules, and laws.
If any sensitive data is stored or accessed on a tablet, the following additional steps must be taken:
- A password must be used upon tablet wake up and before accessing any systems from the tablet.
- Passwords must not be stored (must not be memorized by the tablet) and must be entered each time an authenticated application (such as Wingspan) is accessed, regardless of the application.
- Any sensitive data stored on the tablet or stored in the cloud must be encrypted and password protected.
- The tablet must automatically lock after 5 minutes of inactivity.
Tablets are considered complementary to the laptop or desktop system already supplied by the University. Tablets are not currently part of the central IT serviced hardware refresh cycle.
Return of Tablet Equipment
Upon separation from the University, the tablet user should immediately turn in their tablet equipment to their supervisor or appropriate designee. The department inventory should be updated to indicate return of the equipment and availability for use by another employee. If any sensitive data needs to be purged, the IT Service Desk is available to assist in removing data.
Policy approved January 17, 2013.