TTUHSC IT Policies
1.4.14 PORTABLE COMPUTING
TTUHSC has seen a significant increase in the use of the Portable Computing Devices (laptops, Personal Digital Assistant’s (PDA), smart phones, USB drives, and USB flash drives) at the Institution. This policy is intended to provide guidance for Portable Computing Device utilization.
Portable Computing Devices are inherently at risk for theft and security vulnerability. In cases where there is a justifiable business need or requirement for confidential information, such as patient information, confidential student information, grades, etc., to be stored or transferred to a Portable Computing Device appropriate security measures must be implemented as listed below.
- Confidential information shall not be stored, downloaded, or leave the Institution unless there is a need to access this information away from the Institution. Authorization will need to be obtained by each individual from the information owner. Information owner responsibilities, definition, and more information can be found in Policy 1.1, I.T. Resource Management and Responsibilities.
- Confidential information shall not be shared with others who do not have a job-related need for this information.
- Confidential information should not be copied to or stored on a portable computing device, removable media, or a non-state owned computing device that is not encrypted.
- The Portable Computing Device must be password protected using the security feature provided on the Portable Computing Device and there should be no sharing of the password.
- Removable media such as memory cards must not be used to store confidential information.
- A Desktop PC that is used for synching must have approved antiviral software installed, and require user log on.
- Whenever there is no longer a job related need to access or store this confidential information, it must be deleted.