1608 Mobile Device Management Policy

Responsible Official: 
Chief Information Officer
Responsible Office: 
Office of the Provost
Effective Date: 
December 9, 2014
Revision Date: 
December 9, 2014

Scope

This policy covers all Users and External Mobile Devices, as defined below.

Policy Statement

Members of the Yale community often rely on External Mobile Devices to perform aspects of their work at the University. Yale permits the use of External Mobile Devices when they allow members of the Yale community to perform their work with greater efficiency and do not present a security risk to Yale Information, as defined below.  The purpose of this policy is to establish the responsibility of Users and Information Technology Services (“ITS”) to maintain the security of Yale Information that is created, stored, accessed, or transmitted by means of an External Mobile Device.

Definitions

User: A Yale faculty member, staff member, student, or trainee acting in his or her role as a Yale employee, or a Yale student or trainee providing a service to Yale or to others as part of his or her education or training.

Yale Information:  Information created, stored, accessed, or transmitted by a User, except the following:

  • information which by University policy is owned, licensed, or otherwise legally controlled by a Yale User; or 
  • information created or received by faculty members while participating in the peer review of (i) a manuscript, (ii) a sponsored research application, or (iii) the qualifications of a person seeking employment at another institution.

Mobile Device: Equipment such as a computer, laptop, tablet, cell phone, smartphone, personal digital assistant, or similar product that can be moved from place to place by an individual and is used to create, store, access, or transmit Yale Information.

External Mobile Device: A Mobile Device that is not purchased, distributed, and managed by Yale, including, but not limited to, Mobile Devices that have been:

  • purchased by the User with non-Yale funds;
  • purchased by the User with research funds; or
  • purchased by a Yale school or department but not yet reviewed by ITS for compatibility with the Yale network or Yale policies. 

IT Systems: Servers, personal computing devices, applications, printers, networks (virtual, wired, and wireless), online and offline storage media and related equipment, software, and data files that are owned, managed, or maintained by Yale. For example, IT Systems include institutional and departmental information systems, faculty research systems, computer workstations and laptops, the University’s campus network, and computer clusters.

Policy Sections

1608.01 Responsibility of the User

All Users are responsible for using External Mobile Devices in accordance with

  • Policy 1607, Information Technology Appropriate Use;
  • Policy 1601, Information Access and Security;
  • Procedure 1608 PR.01, Security Standards for Mobile Devices and External Devices setting out specific security requirements for External Mobile Devices; and
  • any policies governing (i) the Yale Information that his or her External Mobile Device is creating, storing, accessing, or transmitting or (ii) the Yale IT System or service to which his or her External Mobile Device is connected.

1608.02 Responsibility of ITS

ITS shall publish and maintain up-to-date security requirements for the secure use of External Mobile Devices, including Procedure 1608 PR.01, Security Standards for Mobile Devices and External Devices, and shall assist Users in meeting those requirements.