In response to the increasing use of personally owned computing devices (POCD) by employees for American College of Education (ACE) business purposes, ACE has established an official bring your own device (BYOD) policy. The purpose of this policy is to define the appropriate use and procedures for using POCDs on ACE networks, systems, and applications.
This policy applies to any user who makes a wired, wireless, VPN, or web interface connection from a POCD to an ACE network, system, or application.
BYOD is a rapidly changing technology and ACE reserves the right to modify this policy, including eliminating all support for BYOD, at any time. ACE IT may elect to implement additional requirements or processes to safeguard the College resources (e.g. mobile device management (MDM), enforcing separation of ACE data from personal data, remotely removing ACE data, additional registration processes, or requiring advanced authentication to access systems).
In order to support the BYOD model while appropriately managing ACE’s risk, the following policies are established.
Risks, Liabilities, Disclaimers
Employees who participate in BYOD accept the following risks, liabilities, and disclaimers:
- At no time does the College accept liability for the maintenance, backup, or loss of data on a personal device. It is the responsibility of the equipment owner to backup all software and data to other appropriate backup storage systems.
- Persons violating this policy may also be held personally liable for resulting damages and civil or criminal charges. ACE will comply with any applicable laws regarding data loss or breach notification and may also refer suspected violations of applicable laws to appropriate law enforcement agencies.
- The College shall NOT be liable for the loss, theft, or damage of POCD. This includes, but is not limited to, when the device is being used for College business, on College time, or during business travel.
- ACE Technology Department provides security for the “ACE Guest” wireless network in each office. (While in an ACE office, employees using a POCD should use the “ACE Guest” wireless network.)
- At no time does the College accept liability for the security of a POCD.
- At ACE Technology Department reserves the right to implement technology such as Mobile Device Management to enable the removal of ACE owned data.
- POCD may be subject to the search and review as a result of litigation that involves the College.
Employees who participate in BYOD must adhere to this policy and all College policies while using a POCD device. Employees who participate in BYOD must:
- Not store ACE data on personally owned computing devices as it could result in a violation of FERPA or any other Federal or State Law.
- POCD may be subject to the search and review as a result of litigation that involves the College. Destroy, remove, or return all data, electronic or otherwise belonging to ACE, once their relationship with ACE ends or once they are no longer the owner or primary user of the POCD. (E.g. the sale or transfer of a POCD to another person).
- Remove or return all software application licenses belonging to ACE when the POCD is no longer used for ACE Business.
- Immediately notify ACE Technology Department of any theft or loss of a POCD containing data or software application licenses belonging to ACE.
- At no time may a POCD be connected to the secure ACE network without prior approval from the ACE Technology Department.
Devices and Support
In general, any POCD may be connected to the “ACE Guest” wireless network provided its use does not disrupt any College resources or business continuity.
The Technology Department will prioritize the support of ACE owned computing devices, systems, and application; and provide only limited support for POCD. Limited support for POCD devices is defined as:
- Maintaining the availability of the “ACE Guest” wireless network.
- Maintaining the availability of the authentication systems for the “ACE Guest” wireless network.
- Verifying authentication credentials are valid.
- Troubleshooting connectivity or authentication issues on POCD.
- Configuration of POCD for communication with ACE systems and applications
- Configuration of VPN and/or Remote Desktop access to ACE computing resources.
- Providing software application support when reasonably possible.
Examples of POCD support not provided include, but are not limited to:
- Troubleshooting device performance or hardware problems
- Troubleshooting software applications or cloud services not owned or subscribed to by ACE
- Installing OS upgrades, OS patches, or ACE owned software on POCD
- Backing up device data or migrating data to a new device
- Removing malware or spyware
Currently, no security restrictions or Mobile Device Management (MDM) solution has been implemented for ACE. However, the ACE Technology Department reserves the right to implement such restrictions or solutions. ACE Technology Department may perform security scans against any personally owned device that accesses ACE networks. The ACE Technology Department may, without notification, prevent or ban POCD which disrupt any College computing resources or are used in a manner which violates any College policies.
Any reimbursement claims for purchases associated with personally owned computing devices is subject to ACE reimbursement policies and procedures Furthermore:
- Computer technology purchased for personal use will not be reimbursed by the College.
- Loss, theft, or damage to personally owned computing devices will not be reimbursed by the College.
Suspected violations of this policy will normally be handled through ACE disciplinary procedures applicable to the relevant user. ACE may suspend a user’s access to the “ACE Guest” network, “ACE” network, wired network, or any systems or applications, prior to the initiation or completion of such disciplinary procedures, when it reasonably appears necessary to preserve the integrity, security, or functionality of College computing resources or to protect ACE from liability. ACE may also refer suspected violations of applicable laws to appropriate law enforcement agencies. ACE’s VP of Technology shall be the primary contact for the interpretation, enforcement and monitoring of this policy and the resolution of problems concerning it. Any legal issues concerning the policy shall be referred to the appropriate officials for advice.