The purpose of this guideline document is to give direction and guidance on how to securely setup and operate Calvin College ("College") owned iPads. It is also recommended that those who use personal iPads for College purposes do so in a secure manner by following appropriate guidelines when possible.
Who needs to know
- IT support staff
- Anyone who uses a Calvin provided iPad
- Anyone who uses a personal iPad for Calvin College Business
- College provided devices should have a College Asset tag.
- A passcode to gain access into the device is required. This helps prevent unauthorized individuals from gaining access to the device.
- An idle timeout lock is required. This ensures that the device will automatically prompt for a passcode if left idle and unattended. The current idle timeout is 15-20 minutes.
- All software should be regularly patched, including the operating system and installed "Apps". This helps protect the device from attack and compromise.
- Do not "jailbreak" or "root" your device. "Jailbreaking" and "rooting" introduces instabilities and increases the risk of malware infections.
- College provided devices must be joined to the CIT mobile managed environment. This helps configure and maintain device security and privacy settings. Removal or disabling of the management software is prohibited. See the Responsible Use of Technology Policy Appendix C (http://www.calvin.edu/it/policies/AUP.pdf)
- College provided devices will be a part of a remote wiping service and is also recommended for personal devices that are used for College business. This will assist in locating or wiping the device if lost or stolen.
- If the device is lost or stolen Campus Safety and the CIT Service Desk should be contacted. Local law enforcement may also need to be contacted.
- Confidential college data should not be stored on the device for privacy, security, and compliance reasons. Confidential data includes but is not limited to Social Security Numbers, credit card numbers (PCI-DSS), financial / banking information (GLBA), Health records (HIPAA), Student protected education records (FERPA). See the Responsible Use of Technology Policy Appendix B for further definition of "Confidential" (http://www.calvin.edu/it/policies/AUP.pdf)
- The College, through the Information Security Office and CIT reserves the right to periodically inspect and audit the device for proper security configuration and compliance.
Adam Vedra, Information Security Officer
Henry Devries III, VP of Information Services
October 2011, guideline created