#HHSN268201100025C
IOI Title:
Document Number:
IOI-06-008-V1
Document Storage Location:
M:\INTERMACS 2011-2015\6 Information Security\2 IOI Public\IOI-06-008-V1 Mobile Device.Docx
IOI Author:
Robert Kasco
Approved by:
David Naftel
Position:
ISS2
Position:
DCC Director
Approved Date:
3-7-2012
Effective Date:
3-7-2012
Last Edited Date:
3-21-2013
Page 1 of 3
IOI-06-008-V1
Mobile Device
1.
PURPOSE AND SCOPE
The purpose of the INTERMACS Mobile Device Policy is to establish the rules for the use of mobile computing devices. These rules are necessary to preserve the integrity, availability and confidentiality of
INTERMACS information. Any questions or comments about this policy should be directed to INTERMACS management or UAB Data Security.
This policy applies to all INTERMACS employees, or individuals’ external to INTERMACS who own or operate a mobile device that communicates with UAB’s equipment, networks, or stores UAB data in any way.
2.
APPLICABLE REGULATION AND POLICIES
Listed below are the minimum guidelines when using a mobile device. Users must also follow additional guidelines are defined in the INTERMACS Mobile Device standard.
INTERMACS sensitive data should not be stored on portable computing devices. However, in the event that there is no alternative to local storage, all sensitive UAB data must be encrypted using approved encryption techniques and password protected.
INTERMACS sensitive data must not be transmitted via wireless communication to or from a portable computing device unless approved wireless transmission protocols along with approved encryption techniques are utilized.
All remote access to INTERMACS information resources must use a UAB approved communication channel (e.g., Virtual Private Network (VPN), and web-based access to resources provided using the web, etc.).
Computer systems not owned by UAB that require network connectivity must conform to
UAB’s information security policies and procedures.
All mobile computing devices must have approved virus and spyware detection/protection software along with personal firewall protection (where applicable).
Unattended portable computing devices must be physically secured.
3.
PERSONNEL / RESPONSIBILITIES
All INTERMACS Employees.
4.
DEFINITIONS
NA.
5.
PROCEDURE
Contact INTERMACS ISO for further information.
6.
SCHEDULE
Permanent Anytime.
7.
SUPPORTING DOCUMENTATION AND RESOURCES http://www.uab.edu/it/home/component/k2/item/107-encryption
Page 2 of 3
8.
REVISION HISTORY
Revision Author
01 Robert Kasco
Revisions Made
New IOI
IOI-06-008-V1
Mobile Device
Effective Date
03-07-2012
Page 3 of 3