Bring Your Own Device Policy NIU

Bring Your Own Device (BYOD) Policy

Policy Approval Authority	President
Responsible Division	Division of Information Technology
Responsible Officer(s)	Chief Information Security Officer
Contact Person	Fred Williams fwilliams@niu.edu
Primary Audience	Faculty Staff
Date Submitted to Policy Library Committee	09-25-2019
Status	Active
Proposed Adoption Date	11-01-2019
Effective Adoption Date	11-01-2019
Last Review Date	03-22-2021
Policy Category/Categories	Finance / Risk Management Information Technology

Policy

Northern Illinois University (NIU) grants its employees the privilege of purchasing and using smartphones, tablets, laptops or other mobile devices of their choosing at work for their convenience. NIU reserves the right to revoke this privilege if users do not abide by the policies and procedures outlined below.

This policy is intended to protect the security and integrity of NIU’s private or restricted data and technology infrastructure. View NIU’s data classification guidelines for more information on what constitutes private or restricted data (link: https://doit.niu.edu/doit/about/policies/data-classification.shtml).
Limited exceptions to the policy may be granted due to variations in devices and platforms.

Acceptable Use

No matter the device in use, all NIU students, faculty and staff must abide by NIU’s Acceptable Use Policy (link: https://www.niu.edu/policies/policy-documents/acceptable-use-policy.shtml.

Security

• All mobile devices such as laptops, tablets, smartphones, or USB-connected drives and devices used to view, process, or store NIU private or restricted data must be encrypted. Most modern smartphones are encrypted by default, but many laptops are not. The Division of Information Technology (DoIT) recommends Microsoft Bitlocker for Windows laptops and Apple’s FileVault for Mac laptops.
• All mobile devices used to view or process NIU private or restricted data must have the ability to be remotely wiped in case of loss, theft, or NIU detects a data breach and exfiltration of NIU private or restricted data.
• In order to prevent unauthorized access, devices must be password protected using the features of the device and a strong password is required to access the company network.
• The device should lock itself with a password or PIN if it’s idle for no more than fifteen minutes.

• All due diligence must be used to keep personal use from work use on the same device or across devices. One of the best ways to accomplish this is to create and use a completely separate user account for work purposes only. If a separate account cannot be created for work use, then maintain separate web browsers for work and personal use. Do not sync a personal web browser account with a work account or device.

Reimbursement for Personal Devices

• At management discretion, NIU offers cellphone stipends for employees who are required to use personal smartphones for work purposes. (link: https://www.niu.edu/policies/policy-documents/cellular-service-stipend-policy.shtml

Risks and Disclaimers

• While NIU will take every precaution to prevent the employee’s personal data from being lost in the event it must remote wipe a device, it is the employee’s responsibility to take additional precautions, such as backing up email, contacts, photos, music, etc.
• NIU reserves the right to block individual devices from accessing the NIU wired or wireless networks.
• Lost or stolen devices used to view or process NIU private or restricted data must be reported to NIU within 24 hours by submitting an incident at https://it.niu.edu or calling the IT Service Desk at 815-753-8100. Employees are responsible for notifying their mobile carrier immediately upon loss of a device.

Comments

There are no comments to show.

Policy Categories

Contact Us

Rebecca Hunt, Ph.D.
University Policy Librarian
Health Services Building, 226
815-753-9021
policy-library@niu.edu