Guideline for Mobile Devices

I.  Purpose

The purpose of this document is to provide guidance for protecting university information resources from unauthorized access or disclosure when using mobile devices.

II.  Scope

This guideline is applicable to UNC Charlotte faculty and staff as well as other authorized users who utilize a laptop computer or other mobile computing device (e.g., smartphones, tablets) to access or store university information resources.  Every authorized user of university information resources has a responsibility to take appropriate measures to safeguard that information.

III.  Contacts

Direct any general questions about this guideline to your unit’s Information Security Liaison. If you have specific questions, please contact ITS Information Security Compliance at ISCompliance-group@uncc.edu.

IV.  Guidelines

Mobile devices used to access university information resources are at increased risk of data exposure due to loss, theft or compromise.  To mitigate this risk, additional safeguards must be applied to mobile devices used to access university non-public information.

  • Keep your mobile devices with you at all times or store them in a secured location when not in use.  Do not leave your mobile devices unattended in public locations (e.g., airport lounges, meeting rooms, restaurants, etc.).
  • Mobile devices should be password protected and auto lockout should be enabled. Configure the device with a PIN, pattern, or password-enabled lock screen.
  • Implement a remote wipe feature, if available for the device. 
  • Enable PIN or secondary password if available on mobile apps accessing university non-public information.
  • If using a public Wi-Fi network, use the university VPN service when accessing sensitive university information.
  • Ensure your laptop and/or tablet has current anti-virus software and operating system and application updates and patches. 
  • Wipe or securely delete data from your mobile device before you dispose of it.
  • Lost, stolen, misplaced or compromised mobile devices should be immediately reported to ITS and the local IT administrator for your area.
  • Follow the University’s Guideline for Reporting Information Security Incidents
  • Follow the University’s Guideline for Data Handling with respect to data stored on your mobile device. 

NOTE:  If traveling abroad with a laptop or other mobile device, please contact the Office of Research Compliance, Export Control for further guidance and information on applicable restrictions and/or procedures.

V.  Personally-Owned Devices

If an employee elects to access university information resources via a personally-owned mobile device, they must accept and adhere to the security policies governing information security and acceptable use as well as the corresponding standards and guidelines defined by the university.  Failure to do so could put university information at risk.

Related Resources

ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.

Revision History

Initially approved by Information Assurance Committee   5/8/15
Updated   10/31/16