Skip to main content

Mobile Device Management Policy

Version 2.0

Purpose

The purpose of this policy is to define the use of mobile devices when accessing Fordham University’s IT Resources.

Scope

This policy, and all policies referenced herein, shall apply to all members of the University community including faculty, students, administrative officials, staff, alumni, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.

Policy Statement

  • Users must adhere to this policy and all University policies while using mobile devices to access IT Resources, including non-Fordham owned devices.
  • In conjunction with the appropriate University administrative official, the University Information Security Office, without prior notification, may prevent mobile devices from accessing IT Resources to the extent such access interferes with the functionality of IT Resources or constitutes a violation of any University policy.

Fordham University-Owned Mobile Devices

  • Mobile devices issued to employees of the University are to be used for business purposes only and remain the property of Fordham University.
  • All requests for mobile devices must be made using a service request and approved by the budget administrator (Dean, Executive Director level, or above).
  • University-owned mobile devices must be returned to the approving University department or budget administrator, upon leaving the department, or when the device is no longer needed to conduct University business.

 Bring Your Own Devices (BYOD)

  • When accessing University IT Resources with a personal mobile device, the User must follow the data classification policies per the Data Classification Policy and Data Classification Guidelines and is subject to the rules governing data.
  • The University does not accept liability for the maintenance, backup, or loss of data stored on Users’ personal mobile devices.
  • Users are responsible for backing up all software and data to appropriate backup storage systems.
  • The University is not liable for the loss, theft, or damage of any User’s personal mobile devices, including, but not limited to when the device is being used for University business or during business travel.
  • The User’s personal mobile device may be subject to disclosure in the event of litigation, and the User will be required to cooperate with the University in providing access to the device for that purpose.

Terms and Conditions

Users of mobile devices that access IT Resources, which include non-Fordham owned devices, must comply with the following security and risk management measures:

  • If your device is lost, stolen, or compromised, you must report it immediately to IT Customer Care (ITCC) at 718-817-3999 or HelpIT@fordham.edu.
  • Fordham IT provides security and risk management software for accessing IT Resources.  
  • The University does not accept liability for any damages due to the installation of the software mentioned above on non-Fordham owned devices.
  • All devices must be secured using a PIN (6-digit minimum) or other password protection.
  • All devices must enable automatic lockout for idle devices for (5) five or fewer minutes, where possible.
  • All devices must have remote wipe capability installed and enabled, where possible.
  • Users of mobile devices that access IT Resources will be subject to remote locking or data wiping of lost, stolen, or otherwise compromised devices. To implement these security requirements, Users may contact ITCC.

User Code of Conduct

Users of mobile devices that access IT Resources, which include non-Fordham owned devices, are expected to take reasonable measures to protect the security and integrity of that data, including:

  • Following the rules in the Wireless Use Policy,
  • Protecting the physical security of the device,
  • Maintaining the software configuration of the device (i.e., operating system or installed applications),
  • Installing an up-to-date and secure operating system and application software as they become available,
  • Following rules of Fordham Protected or Fordham Sensitive data per the Data Classification Policy and Data Classification Guidelines,
  • Ensuring the device’s security controls are not subverted via hacks, jailbreaks, security software changes, or security setting changes and working with the ITCC to test and validate any configuration, application, or settings.

Definitions

IT Resources include computing, networking, communications, application, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.

Non-Fordham owned mobile devices are User’s personal removable electronic storage devices (e.g., USB flash drives, and external hard drives) and computing devices (e.g., laptops, tablets, and cell phones) used as BYOD for University business.

University-owned mobile devices are removable electronic storage devices (e.g., USB flash drives, and external hard drives) and computing devices (e.g., laptops, tablets, and cell phones) owned or leased by Fordham University and used by the Fordham University community.

Related Policies and Procedures

Implementation Information

Review Frequency Annual
Responsible Person CISO
Approved By Administrators Council
Approval Date January 15, 2016

Revision History

Version
Date Description
1.2 01/15/2016 Supersedes June 18, 2013
2.0 06/29/2020 Updated to include a BYOD section