Mobile Devices

Policy Name: Mobile Devices
Policy Number: 03-05-023
Accountable Senior Administrator: Associate Vice President, Information Technology
Issued: January 2023
Last Updated: October 2022

Policy Statement

Members of the NJCU community, identified as having a valid need for a mobile device to conduct University business, may be issued a University-owned device with authorization from senior administration and pursuant to rules, regulations and guidelines established by the University. The use of personal mobile devices to conduct University business is also subject to rules, regulations and guidelines set forth in this policy.

Reason for the Policy

In recognition that mobile devices have become a common vehicle for conducting University business in the teaching and learning environment, a policy is needed to address the prudent and responsible use of such devices in order to protect the University and the Users accessing IT resources with these devices.

Stakeholders Affected by Policy

Members of the NJCU community who use or access, locally or remotely, IT resources. This includes:

Faculty
Staff
Students
Authorized guests (e.g., visitors, vendors/contractors, event attendees, etc.)

Definitions

Broadband Hotspot - a portable, “on-the-go” device that provides connectivity to other devices using a process called tethering

Emergency Situation - an officially declared University emergency and/or a situation where there is an impending safety or security risk/threat to the University community and/or public

IT Resources - data and voice networks; communication systems; technology infrastructure; computing facilities; hardware; software; information systems; data; databases; cloud-based and, Software as a Service (SaaS) systems; and any related technology support services

Mobile Devices - devices that are portable, equipped with or without a data plan, and used for the purpose of conducting University business

NJCU-Owned Mobile Devices - devices such as smartphones, laptops, tablets, and broadband hotspots owned or leased by NJCU and used to conduct University business
Personal Mobile Devices - devices used to conduct University business such as smartphones, laptops, tablets, and broadband hotspots, and removable electronic storage devices

Users - individuals who use or access, locally or remotely, NJCU IT resources

Policy Text

The use of mobile devices to conduct University business is to support the University in the advancement of its mission, goals and objectives. Devices must be used responsibly, ethically and in compliance with all related University policies, and applicable laws and regulations. This policy sets forth the rules and regulations for effective management and responsible use of mobile devices.

NJCU-Owned Mobile Devices

NJCU may issue an NJCU-owned device to members of the University community who satisfy eligibility requirements established by the University. Distribution is on a limited basis. Devices must be used to conduct University business. However, minimal personal use is permitted.

Requests for devices must be justified and authorized by the respective supervisor and approved by the respective department head and divisional vice president. Devices that use a data plan must be managed solely through the Department of Information Technology (IT). Members of the NJCU community are not authorized to enter into contractual arrangements with wireless providers or procure smartphones on their own. IT will monitor data usage for devices with a data plan.

Eligibility -To be eligible for an NJCU-owned mobile device, an individual must be a University employee who meets one or more of the following requirements:

The need to access IT resources at all times or during non-business hours
The need to communicate in emergencies and/or in time sensitive situations
Working in locations where electronic, telecommunications, and other computing devices are not readily available
Travel as part of the employee’s job responsibilities

In emergency situations, for the purpose of business continuity, a mobile device may be temporarily loaned to any member of the NJCU community who demonstrates need. Loans are for a specified period of time as determined by the University. Justification for such loans must be provided by the employee’s supervisor and authorized by the respective vice president.

In some instances, departments may be assigned devices for distribution to staff when applicable. Justification and authorization must be provided.

Students requesting loaner equipment to complete coursework must submit requests online

Contract and temporary employees are not eligible for NJCU-owned devices.

Return of Mobile Devices to the University - NJCU-owned devices are the property of the University. NJCU community members must return devices to the Department of Information Technology upon leaving the University, leaving the department, or when the device is no longer needed to conduct University business. Smartphone numbers will not be transferred to personal accounts.

Personal Mobile Devices

Costs related to personal devices or services to conduct NJCU business will not be the responsibility of the University.
NJCU does not accept liability for the maintenance, backup, or loss of data stored on personal devices.
The University is not liable for the loss, theft, or damages to personal devices including instances when devices are used for University business or during business travel.

Lost, Stolen, or Compromised Mobile Devices

Lost, stolen, or compromised devices (personal or University-owned) must be reported to the immediate supervisor, Public Safety and to the Department of Information Technology.

Preserving Information on Mobile Devices

In accordance with federal and state law, information stored on mobile devices (personal or University owned) may be subject to disclosure in the event of litigation or anticipated litigation. As such, all electronically stored information related to that litigation must be preserved. Users may be required to provide the University with access to their devices for this purpose. Electronically stored information on a mobile device (personal or University-owned) may be considered a government record for the purposes of the Open Public Records Act, and may be subject to disclosure upon request. Electronically stored information on a mobile device is subject to the records retention laws governing New Jersey state agencies.

Users accessing IT resources using personal devices must also follow the rules and guidelines set forth in the responsible use section of this policy.

Responsible Use

Users accessing IT resources via NJCU-owned and personal mobile devices are expected to take reasonable measures to protect the security and integrity of those resources and services.

Protecting the physical security of the device
Backing up all software and data to appropriate backup storage systems
Installing and maintaining an up-to-date and secure operating system and application software as they become available
Ensuring device security controls are not subject to hacks, security software or setting changes. Users should work with the Department of Information Technology to test and validate any configuration, application, or setting
Following the rules set forth in the NJCU wireless policy, data classification guidelines and all other policies and procedures listed in the Related Policies, Guidelines and Documents section of this policy

Additional Security Measures

Devices used to access IT resources must not be shared with anyone other than an NJCU employee.
Devices must be secured using passcode, biometric, pattern, or facial recognition security protocols.
Devices must be equipped with security and risk management software. A list of such software used by NJCU IT can be found on the NJCU Information Security web page. The University does not accept liability for any damages that result from installation of such software on non NJCU-owned devices.
Devices must enable automatic lockout for idle devices.
Devices must have remote wipe capability installed and enabled.
Devices must be enabled using the “find my device” setting to help recover devices that may be lost or stolen.

Procedures

Employees Requesting NJCU-owned Mobile Devices

Employees requesting a device for work-related purposes must submit a request with a justification and approval from the department head to the IT Help Desk for purchase and setup assistance. For loaner device requests, Help Desk staff will determine availability and fulfill the request.

Requests that will incur a cost (e.g., devices with data plans) must also be approved by the divisional vice president. If approved, the written request with approvals should be submitted to the IT Help Desk for fulfillment by the Mobile Device Coordinator.

Departments Requesting NJCU–owned Mobile Devices

Department heads may request devices for distribution to employees for business- related purposes, as needed (e.g., recruitment). Department heads must submit a request with a justification to the IT Help Desk for purchase and setup assistance. For loaner device requests, Help Desk staff will determine availability and fulfill the request.

Department heads are responsible for maintaining the safety and security of department devices and for educating staff about responsible use. Employees are responsible for following this policy when a device is in their possession.

Students Requesting a Laptop, Tablet, and/or Broadband Hotspot

When mobile devices are available, students may request loaners through GothicNet, the University’s portal.

Requests are reviewed by IT and an e-mail confirmation is sent to the student with a date, time and location for pickup. Students are required to electronically sign an agreement (available on GothicNet) detailing terms and conditions for responsible use and procedures for returning the device at the end of the term of the agreement.

Students needing further assistance should contact the Help Desk.

Violations

Any member of the NJCU community violating this policy may be subject to disciplinary action. This includes but is not limited to revoking eligibility for an NJCU-owned device and access to IT resources if deemed in the best interest of the University. Vendors/Contractors violating this policy may be subject to contract termination.

Responsibility

Associate Vice President for Information Technology - provides general oversight of the Mobile Device policy

Department of Public Safety - manages the process for lost, stolen or compromised devices

IT Help Desk Staff - facilitates the distribution and return of mobile devices (including loaners)

IT Security Analyst - provides security and risk guidelines, standards and regulations for responsible device use

Mobile Device Coordinator - orders and sets up devices, troubleshoots individual mobile device issues, fields questions, arranges international calling provisions, and provides fiscal oversight which includes: reviewing and monitoring data usage: and arranging and negotiating cost-effective data plans

Senior Director of Networks and Information Security - monitors data usage, identifies cost savings, researches new opportunities, and authorizes payment to vendors

Vice Presidents and Department Heads - provide approval and oversight of device use in their respective divisions and departments

Contact for Questions

Associate Vice President for Information Technology
Department of Information Technology
Email: it@njcu.edu

Senior Director of Networking and Information Security
Department of Information Technology
Phone 201 200-3350

IT Help Desk
Email: helpdesk@njcu.edu

IT Security Analyst
Department of Information Technology
Phone: 201 200-3350

Mobile Device Coordinator
Department of Information Technology
Phone: 201 200-3479