ISO Position Paper
Position Title: Accessing University Systems and The Use of Personal Devices
Position Audience: All faculty, staff, and affiliates
Contact: Information Security Office: [email protected]
Position Release Date: November 15, 2017
Last Update: March 22, 2023
Members of the University community have inquired about accessing University systems using their personal devices.
It is the position of the Information Security Office that access to University systems should only be conducted through approved University-owned and managed devices. Personal devices introduce security risks to the University infrastructure and data and should not be used to access University files and applications. For both security and business continuity reasons, only University-owned and managed devices should be used when working remotely or on campus.
University email is specifically excluded from this position. With the reminder that Restricted and Confidential data should NEVER be communicated in email without encryption, it is considered acceptable to use personal computers and phones to access University email (with the provided security precautions indicated below).
Personal devices should use a vendor-supported operating system with an active firewall and antivirus (AV) software (where possible). Operating systems must have all relevant security updates applied within 30 days of release by the vendor.
Supported operating systems
Data classification: Public