TTUHSC IT Policies
1.4.14 PORTABLE COMPUTING
TTUHSC has seen a significant increase in the use of the Portable Computing Devices
(laptops, Personal Digital Assistant’s (PDA), smart phones, USB drives, and USB flash
drives) at the Institution. This policy is intended to provide guidance for Portable
Computing Device utilization.
Portable Computing Devices are inherently at risk for theft and security vulnerability.
In cases where there is a justifiable business need or requirement for confidential
information, such as patient information, confidential student information, grades,
etc., to be stored or transferred to a Portable Computing Device appropriate security
measures must be implemented as listed below.
- Confidential information shall not be stored, downloaded, or leave the Institution
unless there is a need to access this information away from the Institution. Authorization
will need to be obtained by each individual from the information owner. Information
owner responsibilities, definition, and more information can be found in Policy 1.1, I.T. Resource Management and Responsibilities.
- Confidential information shall not be shared with others who do not have a job-related
need for this information.
- Confidential information should not be copied to or stored on a portable computing
device, removable media, or a non-state owned computing device that is not encrypted.
- The Portable Computing Device must be password protected using the security feature
provided on the Portable Computing Device and there should be no sharing of the password.
- Removable media such as memory cards must not be used to store confidential information.
- A Desktop PC that is used for synching must have approved antiviral software installed,
and require user log on.
- Whenever there is no longer a job related need to access or store this confidential
information, it must be deleted.