Skip to main content
Search

Fordham IT

In This Section

Members of the University community should respond to the daily VitalCheck prompt at least 30 minutes prior to entering campus.

Internet of Things Policy

Version 1.2

Purpose

The purpose of this policy is to ensure the confidentiality, integrity, and availability of the University’s IT Resources by regulating the use of Internet of Things (IoT) devices and connecting them to the appropriate University network.

Scope

This IT policy, and all policies referenced herein, shall apply to all members of the University community, including faculty, students, administrative officials, staff, alumni, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.

Policy Statement

  • In support of University functions, the Faculty/Staff must make an official request to use an IoT device or collection of devices specified in the Internet of Things for Faculty/Staff Networks procedure.
  • All other Users must request IoT device connections per the procedures in the Internet of Things for Public Networks.
  • The University has classified the IoT networks into the following groups:
    • Administrative/Restricted (i.e., University-owned and managed devices, contracted services),
    • Building management systems (e.g., specialized instruments, HVAC, elevators), or
    • Community devices owned and operated by faculty or staff (e.g., televisions, Apple TV®, Chromecast™).
    • Student-owned devices on the public network.
  • Faculty/Staff IoT device requests must be reviewed and connected to the appropriate network as deemed necessary by the University Information Security Office (UISO) and Network Engineering and Operations (NEO).
    • IoT devices must only be connected to a segregated and controlled network segment.
    • IoT networks must be monitored to identify abnormal traffic and emergent threats.
  • IoT devices should have a process for updating software firmware as stated in the Vulnerability Management Policy, as applicable.

Definitions

IT Resources include computing, networking, communications, application, telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.

The Internet of Things are physical objects (e.g., vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators) that communicate, sense, or interact with their internal states or the external environment via network connectivity.

Related Policies and Procedures

Implementation Information

Review Frequency Annual
Responsible Person Director, IT Risk and Data Integrity
Approved By CISO
Approval Date 09/12/2018

Revision History

Version
Date
Description
1.0
09/12/2018
Final
1.1
01/05/2020
Updated policy statement
1.2 10/06/2020 Updated purpose and policy statement 

Policy Disclaimer Statement

Deviations from policies, procedures, or guidelines published and approved by the University Information Security Office (UISO) may only be done cooperatively between the UISO and the requesting entity with sufficient time to allow for appropriate risk analysis, documentation, and possible presentation to authorized University representatives. Failure to adhere to UISO written policies may be met with University sanctions.