Policy on Accessing University IT Resources from Personally-owned Computing Devices

Policy Category: Division of Technology Services

Effective Date: 08/30/2021; Updated 9/13/2023

Responsible Officer: Vice President of Technology & Chief Information Officer

History: Policy on Accessing University IT Resources from Personally Owned Computing Devices, 2021

Responsible Office: Digital Technology Services

Location: Link

Purpose

This policy sets for the procedures and expectations regarding the accessing IT resources owned by Wentworth Institute of Technology (university) from Personally owned computer devices.

Scope/Applicability

This policy applies to any student or employee who uses a personally owned computing device to create, view, process, or store Wentworth information or access Wentworth technology resources.

Legal

n/a

Policy

Personally owned computing devices such as smartphones, desktop computers, tablets, and laptops, are important tools for the Wentworth Institute of Technology (henceforth known as “the university” or “Wentworth”) community to conveniently access IT services and digital information assets. However, these computing devices may also represent a risk to the confidentiality and integrity of Wentworth information due to a lack of standard security controls. Without appropriate safeguards, personally owned computing devices present an unacceptable risk in that they can result in compromise of the confidentiality, integrity, and availability of Wentworth information, IT assets, and services due to sub-standard security.

Wentworth permits authorized users to access Wentworth technology resources with personally owned computing devices that meet the security and configuration requirements, rules, and responsibilities outlined in this policy and are used in a manner consistent with all Wentworth policies, particularly the Information Technology Resource Acceptable Use Policy and Stewardship of Information Policy. Employees who willfully disregard this policy may have their personally owned devices blocked from accessing Wentworth technology resources.

Definitions

• Authorized Users: All Wentworth departments and all faculty, staff, students, contractors, student employees, and anyone with access to Wentworth information technology resources. 
• Personally owned Computing Device: Electronic computing devices not owned or managed by Wentworth and capable of accessing, storing, or manipulating Wentworth information, or connecting to Wentworth systems or applications, especially in an untethered manner (i.e., through a Wi-Fi connection). This includes laptop/notebook computers, smart phones, tablets, and any other mobile computing or communications device with wireless connectivity. 

Procedures

Compliance 

Authorized users must agree to all Terms of Use or other user agreement presented when attempting to connect to the Wentworth network with their personally owned computing device and before accessing any Wentworth technology resource. 

Wentworth reserves the right to block access to Wentworth technology assets from any personally owned computing device that shows signs of putting Wentworth data or technology at risk or violating Wentworth policy. 

The Information Technology Acceptable Use Policy, and any other applicable Wentworth policy, remains in effect when accessing Wentworth technology resources from any personally owned computing device. 

Authorized users must not download information from Wentworth that is classified as either Private or Restricted onto their personally owned computing device. If such information is mistakenly downloaded, it must be deleted immediately. 

Authorized users must report suspected unauthorized access of Wentworth data via their personally owned computing device to Technology Services immediately. 

Authorized users must adhere to all applicable state and federal laws when using a personally owned computing device to access Wentworth resources or store Wentworth non-public data. 

Users of Wentworth technology resources must enable the following security features on their personally owned computing device before accessing any Wentworth technology resource in order to facilitate policy compliance and lower risks to both their own and the Wentworth’s data: 

• Authentication (secured with Wentworth approved standards for PIN, password, multi-factor authentication, etc.) 
• Lock-screen 
• Personal computers: commercial anti-virus software installed and up to date 
• Latest manufacturer application and operating system updates installed 

Enforcement

Failure to comply with this policy may result in temporary suspension or permanent loss of privileges with respect to access to Wentworth Data and/or Information Systems. 

Exceptions

Exceptions to this policy must receive written approval from the Chief Information Officer, with guidance from the Associate Vice President for Technology Services, and documented. Policy exceptions will be reviewed on a periodic basis for appropriateness. 

Additional Information & Related Documents

• Information Technology Resource Acceptable Use Policy 
• Stewardship of Information Policy 

Interpretation & Revision

Any questions of interpretation regarding this policy shall be referred to the Chief Information Officer. They will be the final authority regarding the interpretation of this policy.   

This policy shall be reviewed annually; however, minor changes and updates can be made at any time.    

Wentworth will typically apply the policy in place at the time it receives a report concerning the respected policy.   

Review and Revision History

This updated policy was drafted by representatives from the Digital Technology Services. This policy was reviewed by Cabinet approved by the President on 9/13/2023. 

This policy updates the Policy on Accessing University IT Resources from Personally Owned Computing Devices, 2021 

Below is additional history related to the policy: