Policy. Mobile Phone Use Policy. Contents

Transcription

1 Policy Mobile Phone Use Policy Contents Introduction 2 Policy Scope 2 Policy Intent 2 Policy provisions / principles 2 Eligibility 2 Business Functions 2 Issuing Mobile Devices 3 Using a University-owned Device 3 Replacing an existing device 3 Authorised Usage 3 Monitoring 4 Security 4 Text Messaging 4 Approved by: University Operations Board Date first published: Jan-2015 Version No. 2.0 Date updated: Jun-2015 Owner: Information Systems Technology Review Date: Jun-2016 This document has been designed to be accessible for readers. However, should you require the document in an alternative format please contact the Academic Quality Directorate Buckinghamshire New University

2 Introduction 1 Mobile computing devices are becoming increasingly powerful and affordable. Their small size and functionality are making these devices ever more desirable to replace traditional desktop devices in a wide number of applications. However, the portability offered by these devices may increase the security exposure to groups using the devices. 2 Bucks New University provides mobile phones and other mobile devices to staff members and business functions where there is a demonstrated business need. The purpose of this document is to establish guidelines regarding eligibility, usage and management of University owned mobile services. Policy Scope 3 This policy applies to all mobile devices financed by the University and any personal devices that are used to receive University business. Policy Intent 4 This policy is produced to provide a clear instruction on the authorisation and usage of mobile devices, guidance on safety and security and to limit corporate financial and any other liability for the University s Telecommunications. Policy provisions / principles Eligibility Individual Staff Members 5 Bucks New University will provide an appropriate mobile device to those members of staff where it is deemed necessary for the execution of the duties of the position. Application for new mobile devices will be made and authorised by the departmental budget holder. Other individuals 6 Mobile devices will not normally be issued to students, contract employees, temporary staff or consultants. Any other requests must be submitted with an appropriate business case. Business Functions 7 There are occasions where a mobile device will be allocated to a business function rather than an individual, especially to align with the Health and Safety Policy. These devices will be used by a group of people as necessary. The mobile device will be issued to one member of the team (Head of Department/manager) who will responsible for ensuring that its use and security complies with this policy. Buckinghamshire New University Page 2 of 5

3 Issuing Mobile Devices 8 All mobile device requests must be made through IT Services via the appropriate form. These requests will include a list of required services, to ensure the correct device is provided to facilitate the users University role. The device will need to be signed for by the employee it is issued to. Using a University-owned Device 9 The individual user is responsible for providing IT Services, all data relating to the user of the mobile device whenever any relevant details are changed. 10 If the device is allocated to a different user for any reason, the device must be taken to IT Services, who will wipe all the previous users details and configure the device for the new user. 11 If the device is no longer needed, or an employee is leaving it must be returned, along with any accessories, to IT Services. Secure data will be removed from the device which will then be returned or disposed of as required. 12 IT Services support a small range of mobile devices and will allocate them as appropriate. The device must be secured and conform to the Mobile Control Policy and Systems Security Policy Replacing an existing device 13 The University will replace the device where there is a justified reason in conjunction with any 3 rd party service provider eg Vodafone. In circumstances where it has been shown that the employee s lack of care contributed to the loss of or damage to the device, then the employee may be required to contribute to the replacement cost. 14 All contracts will be reviewed on a 24 month basis. Authorised Usage 15 Mobile devices owned by the University are to be used appropriately, responsibly and ethically. 16 The following must be observed: In the event of loss or theft, the employee is responsible for immediately contacting IT Services to have the number disabled. University mobile phones are for University business purposes. Personal usage should be kept to a minimum and be reimbursed to the University. Private usage on the University mobile phone will be invoiced to the department who will bill the user. All technology allowing charges to be redirected to the University will be for the sole use of business purposes. University mobile phones must not be used to call premium call charge services, premium SMS services and non-work related use of social media. University mobile phones must not be used for the purpose of illegal transactions, harassment, obscene behaviour, or any other activity that would breach any University policy. Employees must not use a University mobile phone while operating a motor vehicle unless it is fitted with a hands-free kit. Buckinghamshire New University Page 3 of 5

4 The employee will be responsible for any fines incurred as a result of traffic regulation breaches. Use of data services from mobile phones will be restricted unless necessary for the role of the user. Monitoring 17 Summary usage reports are regularly reviewed by IT Services for the purpose of monitoring compliance with this policy. Excessive usage or expensive calls can be automatically flagged up by the network provider. IT Services will check with Department Head and itemised bill can be issued if requested. Where unauthorised calls have been made the user will be asked to reimburse the University (Itemised bills for an individual mobile phone will be made available to the direct line manager where there is reasonable suspicion of misuse). The user will be expected to pay for any personal calls/text messaging. Security Physical 18 Unattended mobile computing devices must be physically secured. This means they must be locked in an office, locked in a desk drawer or filing cabinet, or attached to a desk or cabinet via a cable lock system. Software 19 Laptops and other mobile computing devices that access Bucks New University s Network Infrastructure shall have active and up-to-date anti-malware and firewall protection. On devices that it is available, Personal firewalls shall be installed and activated on mobile and/or employee owned devices that connect to the Internet when outside Bucks New University s network and which are also used to access our network. Passwords 20 Modern devices provide access to the user s contacts, and calendar, which may contain confidential, and sometimes, personal information. These data fall under the Data Protection Act and the University may be subject to financial penalties and reputational damage if lost or accessed by an unauthorised person. Due to the small size of these devices, they are likely to be carried into places a laptop would not be, and therefore the user must ensure that the device is physically secure at all times. 21 Each device is provided with a password/pin facility securing access which must be enabled at all times as a minimum security measure. Loss of Device/Damage 22 Loss of any device used for business purposes must be reported to IT Services immediately. This may help to prevent unauthorised usage of the device and possible breach of the University s Data and Systems Security Policy. If necessary the device can be remotely wiped. Text Messaging 23 Text messaging is an effective and efficient method of communication and is permitted via a University mobile phone, subject to similar limitation to voice calls. Users should Buckinghamshire New University Page 4 of 5

5 be aware that each text message sent carries a cost and therefore, must not be used as a chat medium. Text messages must be business related only unless otherwise authorised. 24 All users and their managers must be aware that usage will be monitored on an ongoing basis. 25 It is an unavoidable fact that the SMS text messaging service is used to propagate junk and unsolicited messages. Although receiving these messages does not incur a charge, they often ask you to make a phone call, normally to a premium rate number, to claim a prize, etc. This type of message should be recognised as spam and immediately deleted. Do not respond or reply to these messages. Buckinghamshire New University Page 5 of 5