With the introduction and growth of tablet computing, opportunities for users to be productive, access data, and communicate effectively has increased tremendously. Because tablets are highly portable and are high profile targets for theft (hardware and data), departments should apply due diligence handling and securing tablets. This document outlines the procedures for obtaining, using, and maintaining records for tablet hardware and services paid for with Winthrop University funds.
The use of the term "tablet" in this document includes Winthrop University owned devices that include a touch screen, but do not possess a built in cell phone and do not include a permanently attached physical keyboard. Examples of tablets include the iPad, iPad mini, Nexus Tablet, Microsoft Surface, Kindle Fire, etc. For the purposes of this document, the term "tablet" shall not apply to cell phones, smart phones, laptops, notebooks, and netbooks, since those devices are covered under separate policies.
Before purchasing a tablet model that has not been previously utilized by the department, users should consult with the Manager of User Support Services to obtain advice on the appropriate device to procure. This step is necessary to determine which type of device is most appropriate to the department's needs and to also discuss the level of support available for the type of device selected. Winthrop University's User Support technicians are not experienced with every type of tablet available. Therefore, the level of support available will vary based on the equipment selected.
The department purchasing tablet equipment and services must maintain an inventory
of the tablets and any data plan subscriptions. Each tablet must be entered into
an inventory maintained by the department. At a minimum, the inventory must include
the device model and serial number, person the device is assigned to, date of assignment
and a signature of the person receiving the equipment. If there is a data plan subscription
on the device or if a data plan subscription is added later, details of the plan cost,
carrier, and term shall also be recorded in the inventory.
Tablet inventory records should be made available for audit upon request by the University
Auditor, appropriate dean's office, vice president's office, or Information Technology
office.
Individual users shall exercise precautions handling, storing, and securing tablets.
Tablets should not be left unattended in unsecured locations under any circumstances.
Theft tracking software that is provided for free by the manufacturer must be installed
(e.g. Find My iPad) on all university owned tablets, even if other third party tracking
programs are loaded. In addition, PREY software (also known as Operation CLAW) should
be loaded onto the tablet if available for the model tablet being used. PREY instructions
are available on the Winthrop University Police Department website. Users needing
assistance with tracking software may contact the IT Service Desk.
Winthrop University inventory tracking software must also be installed on all university
owned tablets if available for the model tablet being used. The IT Service Desk should
be contacted to "push" the installation of inventory tracking software.
The increased flexibility and portability of a tablet means there are also more opportunities
for data to be stolen, lost, or inadvertently exposed. If sensitive data (such as
student records, employee records, personally identifiable information, etc.) is stored
on the tablet, an appropriate level of security must be applied. Furthermore, users
must adhere to any relevant policies regarding the storage and use of sensitive information.
Users should also be aware of and adhere to policies, grant rules, laws, and other
compliance issues related to the use and transportation of data contained within tablets
(e.g. a federally funded grant may not allow the transportation of grant funded research
data to certain foreign countries). Users should note that policies are frequently
updated and added that pertain to data security and personally identifiable information.
Users are responsible for complying with all applicable policies, rules, and laws.
If any sensitive data is stored or accessed on a tablet, the following additional
steps must be taken:
Tablets are considered complementary to the laptop or desktop system already supplied by the University. Tablets are not currently part of the central IT serviced hardware refresh cycle.
Upon separation from the University, the tablet user should immediately turn in their
tablet equipment to their supervisor or appropriate designee. The department inventory
should be updated to indicate return of the equipment and availability for use by
another employee. If any sensitive data needs to be purged, the IT Service Desk is
available to assist in removing data.
Policy approved January 17, 2013.
