Mobile Device Acceptable Use Policy

• IT reserves the right to refuse, by physical and non-physical means, the ability to connect mobile devices to District and District-connected infrastructure. IT will engage in such action if it feels such equipment is being used in such a way that puts the District’s systems, data, students, staff, and faculty at risk.
  
  
• Prior to initial use on the District network or related infrastructure, all mobile devices must be registered with IT. WCCCD District IT will maintain a list of approved mobile devices, related software applications, and utilities as needed. Devices that are not on this list may not be connected to District infrastructure. Although IT currently allows only listed devices to be connected to District infrastructure, it reserves the right to update this list in the future.
  
  
• End users who wish to connect such devices to non-college network infrastructure to gain
  access to college data must employ, for their devices and related infrastructure, security measures deemed necessary by the IT department, such as updated software, anti-virus software, and personal firewall. District data is not to be accessed on any hardware that fails to meet WCCCD’s established IT security standards. All mobile devices attempting to connect to the District network through an unmanaged network (i.e., the Internet) will be inspected using technology centrally managed by WCCCD’s IT department. Devices that have not been previously approved by IT, are not in compliance with IT’s security policies or represent any threat to the District network or data will not be allowed to connect. Laptop computers or personal PCs may only access the District network using a Virtual Private Network (VPN) connection.

• Without exception, employees using mobile devices and related software for network and data access will use secure data management procedures. All mobile devices must be protected by a strong password. See the WCCCD’s password policy for additional details. Employees agree never to disclose their passwords to anyone.
  
  
• All users of mobile devices must employ reasonable physical security measures. End users are expected to secure all such devices used for this activity whether or not they are actually in use and/or being carried. This includes, but is not limited to, passwords, encryption, and physical control of such devices whenever they contain WCCCD data. Any non-District computers synchronizing with these devices will have installed anti-virus and anti-malware software deemed necessary by WCCCD’s IT department. Anti-virus signature files on any additional client machines – such as a home PC – on which this media will be accessed must be up to date.
  
  
• IT will centrally manage security policies, network, application, and data access using whatever technology solutions it deems suitable. Any attempt to contravene or bypass said security implementation will be deemed an intrusion attempt and will be dealt with in accordance with WCCCD’s overarching security policy.
  
  
• Employees, contractors, Full-time faculty, part-time faculty, and temporary staff will follow all WCCCD-sanctioned data removal procedures to permanently erase WCCCDspecific data from such devices once their use is no longer required.
  
  
• If a lost or stolen mobile device is lost, the user must report this to IT immediately. The device will be remotely wiped off all data and locked to prevent access by anyone other than IT. If the device is recovered, it can be submitted to IT for reprovisioning.
  
  
• Employees, contractors, Full-time faculty, part-time faculty, and temporary staff will make no modifications of any kind to WCCCD-owned and installed hardware or software without the approval of the WCCCD Division of Information technology. This includes, but is not limited to, any reconfiguration of the mobile device.
  
  
• Division of Information Technology reserves the right, through policy enforcement and any other means it deems necessary, to limit the ability of end users to transfer data to and from specific resources on the WCCCD network.

Division of Information Technology can and will establish audit trails and these will be accessed and used without notice. Such trails will be able to track the attachment of an external device to a PC, and the resulting reports may be used for investigation of possible breaches and/or misuse. The end user agrees to and accepts that his or her access and/or connection to WCCCD’s networks may be monitored to record dates, times, duration of access, etc., in order to identify unusual usage patterns or other suspicious activity. This is done in order to identify accounts/computers that may have been compromised by external parties. In all cases, data protection remains WCCCD’s highest priority.

Failure to comply with the Mobile Device Acceptable Use Policy may, at the full discretion of the College, result in the suspension of any or all technology use and connectivity privileges, disciplinary action, and possibly termination of employment.