Return to accessibility navigation at the top of the page.

Pima County Community College District Standard Practice Guide

SPG Title:  Portable Computer Security
SPG Number:  SPG–5702/AD
Effective Date:  11/13/06
Approval Date:  11/13/06
Review Date(s):  2/7/12
Revision Date(s):
Schedule for Review and Update:  Annually
Unit Responsible for Review & Update:  Information Technology
Sponsoring Unit/Department:  Vice Chancellor for Information Technology
Board Policy Title & No.:  Information Technology Resource Management, BP-5702
Legal Reference:
Cross Reference:


Purpose

The purpose of this SPG is to establish minimum standards for the protection of College-owned portable computing devices and the data that resides on them.

Definitions

A.      Portable computing devices, such as laptops, notebooks, tablets, PDAs, telephones and other handheld devices are vulnerable to damage, theft or loss by nature of their portability.  Each device, as well as the data stored on or accessed by the device, needs to be secured in order to protect confidential and sensitive information that is often stored on it.

B.      Physical security denotes safeguarding the portable device itself from theft or from physical damage caused by falls, abuse of electrical cords, exposure to liquids or food particles, exposure to particulates, overheating, electrical spikes, and proximity to strong magnetic fields.

C.      Data security denotes safeguarding from unauthorized access all data and software residing on the portable device, as well as any on the College network to which the device may connect.  This includes but is not limited to:  College email, the College Intranet, data files, and commercial software.

D.      Data security methods involve password protection, encryption, keeping the device within the employee’s physical proximity at all times, and other means.

Procedures and Responsibilities

A.      Users must secure portable computing devices from unauthorized physical and data access.  Specific strategies for physically securing portable devices include but are not limited to:  never leaving a device unattended in a public setting; transporting them as carry-on luggage whenever possible while traveling; keeping them covered or otherwise out of sight while locked in vehicles; using cables to secure the device to a desk whenever possible.

B.      All portable computing devices should be kept up to date with the latest security patches, virus-scanning software and virus data files, and firewalls.

C.      Encryption methods will be used on all business-critical or sensitive information related to the College.  The portable device should contain only that College data needed during travel.  Power-on passwords should always be enabled when possible. The display screen should be locked and the device physically-secured by cable if it is to be left unattended even for brief periods of time.

D.      Theft or loss of a portable computing device must be immediately reported to the local authorities, department supervisor and the IT department from which the equipment was obtained.