College Owned Computing Device Policy

Tags policy

Purpose

SUNY New Paltz provides staff with access to computing devices. Along with the privilege of using College owned computing devices comes additional responsibility to safeguard the data they contain, and to protect them from potential theft or damage. This policy addresses actions that must be taken in order to secure the college's physical property, and the data the college has been entrusted with by our students, faculty, staff, alumni, and donors.  It includes end-user responsibilities, and responsibilities of the issuing department and Information Technology Services.

All College-owned computing devices are governed by this policy, including systems made available as primary workstations, assigned within a department office, or purchased through grant funds. This policy should be read and thoroughly understood prior to acquiring and using College-owned computing devices.

Scope

This policy is applicable to all current College staff, faculty, or administrators, and students who are using College Owned computing devices provided to them by a College department.  This policy is not applicable to systems in computer labs.

Policy

College-owned computing devices are state property and are primarily for college work. They should not be used for personal projects or entertainment.

User Responsibilities

  • The user shares responsibility for the security of all College data stored on, or carried with, the device.
  • The user is responsible to make sure that operating system, application, anti-virus updates are applied in a timely manner.
  • Do not install any unapproved software, or alter the hardware of the device without prior approval from New Paltz IT. Alteration includes any functional changes, upgrades, or cosmetic changes (such as application of stickers or labels).
  • New Paltz IT may require access to the device, which may include leaving it with the IT staff for a period of time, for repairs, maintenance, troubleshooting, etc. If such a request is made, the user must comply within a reasonable amount of time.
  • Users are responsible for keeping appropriate backups of their data. For more details, see Acceptable Uses and Privacy Policy.
  • Users are responsible for notifying IT as soon as possible regarding the following:
    • Physical damage
    • Loss or theft
    • Suspected security or malware issue(s)
    • System or software errors
  • With regards to mobile devices:
    • Each user is responsible for the physical security of that device, regardless of whether the device is used at the office, at one's place of residence, or in any other location such as a hotel, conference room, car, or airport. Users are expected to provide reasonable care and effort to protect the device.
    • The equipment may not be transported as checked luggage on public transportation. The user is to keep the equipment in their possession at all times while travelling.
    • Carrying/protective cases should be used to protect the devices.
    • Do not store devices in a locked car or car trunk, as severe temperatures may damage it, and the car may be broken into if the device can be seen.
    • College-owned computing devices must not be taken out of the country without the explicit approval of either the Chief Information Officer or the Information Security Officer, in addition to the Chair, Director, Dean, etc, of the owning department.
  • Employees who are taking administrative leave must have prior approval from Human Resources and their immediate supervisor if they are retaining any college issued device while on leave.
  • Faculty members who will be on sabbatical must have approval from their Dean or the Vice President of Academic Affairs before taking the device with them on sabbatical.
  • Upon resignation, termination, retirement, non-renewal or other separation of employment, any computing devices, peripherals, carrying cases, etc, must be returned to the issuing department either on or before the last day of work.
  • Users are explicitly prohibited from taking any College computing device off-campus without prior approval from their department. Any removal of desktop computers from the campus must also by authorized by the CIO or their designee.

IT Responsibilities

  • In the case of maintenance or repairs causing an extended period where the device is unavailable, IT will provide a loaner device to minimize any disruption of work.
  • Before providing the device to the end-user, IT will ensure it is securely configured.
  • IT will provide support and assistance in a timely manner for any College provided hardware, or College supported software.
  • Before conducting any major hardware or software maintenance or repairs, IT staff will make backups of the data on the system if possible, as per the Acceptable Uses and Privacy Policy.
  • IT will implement and maintain procedures to update, maintain, and enhance the availability, integrity, security and data protection provided by the device.

Issuing Department Responsibilities

  • Computing devices have a reasonable lifetime.  If a device has exceeded its reasonable lifetime (as determined by IT), the device will have to be appropriately retired.  Departments may wish to consult with IT about an appropriate replacement schedule for their computing devices.
  • Departments should ensure that a copy of this policy is provided to any staff members.  For those who have primary or exclusive use of a mobile device, the department should retain a signed statement that acknowledges receipt and awareness of this policy.
  • The issuing department must notify IT before transferring primary usage of a device to another individual.  IT will review and reconfigure as appropriate.
  • The department responsible for the mobile device must maintain basic records of who has which device and for what period of time.
  • Upon receipt of equipment from a faculty or staff member, the department assumes all user responsibilities until the device is transferred to an end-user.

Liability

  • All users are personally responsible for full repair or replacement cost if the device is damaged or made inoperable by misuse or negligence.
  • Departments that have loaned devices to students or student organizations for use will be liable for the replacement cost of the device should it become stolen, lost, or damaged while in the student's possession, or if it is not returned. 
  • Failure to follow this policy and these procedures may result in loss of computer privileges, and/or revocation of the College issued devices.

Reporting Loss or Theft

  • Report a theft immediately to the appropriate local law enforcement authority (University Police if on campus) and IT as soon as the theft has been discovered.
  • A copy of the police report must be provided to IT

 

Definitions

College owned computing device: For the purposes of this policy, college owned computing device refers to any computing device purchased by SUNY New Paltz, purchased with grant money for the use by SUNY New Paltz sponsored programs, or by the Research Foundation of SUNY where the primary use is by SUNY New Paltz faculty or staff members.  

Issuing department: This is the department which has actually purchased the device for use by their staff.

Mobile device: Includes laptops, smartphones, tablets, or any other computing device commonly brought out of the office by users.

Malware: Any malicious code including viruses, worms, trojan horses, botnets, and rootkits

 

Related Policies

Details

Article ID: 20995
Created
Wed 12/7/16 9:44 AM
Modified
Tue 4/16/19 12:42 PM