Bring Your Own Device (BYOD) Policy

Policy Approval Authority President
Responsible Division Division of Information Technology
Responsible Officer(s) Associate Vice President and Chief Information Officer
Contact Person Marisa Benson, mbenson1@niu.edu
Primary Audience Faculty
Staff
Date Submitted to Policy Library Committee 09-25-2019
Status Active
Proposed Adoption Date 11-01-2019
Effective Adoption Date 11-01-2019
Last Review Date 09-25-2019
Policy Category/Categories Finance / Risk Management
Information Technology

Policy


Northern Illinois University (NIU) grants its employees the privilege of purchasing and using smartphones, tablets, laptops or other mobile devices of their choosing at work for their convenience. NIU reserves the right to revoke this privilege if users do not abide by the policies and procedures outlined below.

This policy is intended to protect the security and integrity of NIU’s private or restricted data and technology infrastructure. View NIU’s data classification guidelines for more information on what constitutes private or restricted data (link: https://doit.niu.edu/doit/policies_root/data-classification.shtml).
Limited exceptions to the policy may be granted due to variations in devices and platforms.

Acceptable Use

No matter the device in use, all NIU students, faculty and staff must abide by NIU’s Acceptable Use Policy (link: https://www.niu.edu/policies/policy-documents/acceptable-use-policy.shtml).

Security

• All mobile devices such as laptops, tablets, smartphones, or USB-connected drives and devices used to view, process, or store NIU private or restricted data must be encrypted. Most modern smartphones are encrypted by default, but many laptops are not. The Division of Information Technology (DoIT) recommends Microsoft Bitlocker for Windows laptops and Apple’s FileVault for Mac laptops.
• All mobile devices used to view or process NIU private or restricted data must have the ability to be remotely wiped in case of loss, theft, or NIU detects a data breach and exfiltration of NIU private or restricted data.
• In order to prevent unauthorized access, devices must be password protected using the features of the device and a strong password is required to access the company network.
• The device should lock itself with a password or PIN if it’s idle for no more than fifteen minutes.

Reimbursement for Personal Devices

• At management discretion, NIU offers cellphone stipends for employees who are required to use personal smartphones for work purposes. (link: https://www.niu.edu/policies/policy-documents/cellular-service-stipend-policy.shtml)

Risks and Disclaimers

• While NIU will take every precaution to prevent the employee’s personal data from being lost in the event it must remote wipe a device, it is the employee’s responsibility to take additional precautions, such as backing up email, contacts, photos, music, etc.
• NIU reserves the right to block individual devices from accessing the NIU wired or wireless networks.
• Lost or stolen devices used to view or process NIU private or restricted data must be reported to NIU within 24 hours by submitting an incident at https://it.niu.edu or calling the IT Service Desk at 815-753-8100. Employees are responsible for notifying their mobile carrier immediately upon loss of a device.
Back to top of page