Personal Communication Devices and Voic Procedure

Transcription

1 Personal Communication Devices and Voic Procedure Reference No. xx Revision No. 1 Relevant ISO Control No Issue Date: January 23, 2012 Revision Date: January 23, 2012 Approved by: Title: Ted Harvey Director, Technology Services Version History Version # Version Date Author Summary of Changes 1.0 Jan Ted Harvey Approvals Name Title Date of Approval Version No. Ray Hoppins Associate Superintendent, System Services Distribution Name Title Date of Issue Version No. Personal Communication Devices Document Control Document Title Document Location Server Security Procedure Personal Communication & Voic Procedure Page 1

2 Table of Contents 1.0. Overview Purpose Scope Risks Procedure Detail Issuing Procedure Voic Loss and Theft Security Student Privacy Personal Use PCD Safety Disposal of PCD Enforcement Procedure Governance Definitions References...7 Personal Communication & Voic Procedure Page 2

3 1.0. Overview 2.0. Purpose This document describes Information Security's requirements for Personal Communication Devices and Voic for Chinook s Edge Scope This Procedure applies to any use of Personal Communication Devices and Chinook s Edge Voic issued by Chinook s Edge and used for Chinook s Edge business Risks 5.0. Procedure Detail 5.1. Issuing Procedure Personal Communication Devices (PCDs) will be issued only to Chinook s Edge personnel with duties that require them to be in immediate and frequent contact when they are away from their normal work locations. For the purpose of this Procedure, PCDs are defined to include handheld wireless devices, cellular telephones, laptop wireless cards and pagers. Effective distribution of the various technological devices must be limited to persons for whom the productivity gained is appropriate in relation to the costs incurred. Handheld wireless devices may be issued, for operational efficiency, to Chinook s Edge personnel who need to conduct immediate, critical Chinook s Edge business. These individuals generally are at the school administration, executive and management level. In addition to verbal contact, it is necessary that they have the capability to review and have documented responses to critical issues. messages may be periodically monitored to ensure the service is being used appropriately. All mobile device users agree and understand that usage may also be monitored to record dates, times, duration of access and so on in order to identify suspicious activity or potential breach of security. Personal Communication & Voic Procedure Page 3

4 5.3. Voic Voic boxes are issued to all Chinook s Edge teacher personnel and many support personnel as a method for others to leave messages when they are not available. A PIN must protect Voic boxes; this must never be the same as the last four digits of the telephone number of the voic box. Voic may also be delivered to an employees inbox. In such cases this procedure applies to that message Loss and Theft Files containing confidential or sensitive data may not be stored in PCDs unless protected by approved encryption. Confidential or sensitive data shall never be stored on a personal PCD. Charges for repair due to misuse of equipment or misuse of services may be the responsibility of the employee, as determined on a case-by-case basis. The cost of any item beyond the standard authorized equipment is also the responsibility of the employee. Should the PCD be lost or stolen, the incident must be reported to Technology Services as soon as possible. The exchange system will then be used to clear any copies of that may be on the device Security As the integrity of data on mobile is the sole responsibility of the user, commonsense physical security measures should be employed at all times to prevent theft or loss. For example, in order to prevent unauthorized access, such as in the event of loss, theft, etc. PCDs must be secured with an access password or biometric control. This should include a default timed logout to ensure no unauthorized access if the device were left unattended. All mobile device users agree to immediately report any incident or suspicion of unauthorized access and/or disclosure of corporate data or resources to the Director of Technology Services Student Privacy PCD s may be used to access confidential information via systems such as Powerschool, Fido, etc. However confidential information in the form of reports, exported files, or any other persistent or non-volatile format must not be stored on the PCD. Personal Communication & Voic Procedure Page 4

5 Voic should not be played in a public place or in such a manner to allow casual or intentional eavesdropping Personal Use PCDs and voic are issued for Chinook s Edge business. Personal use should be limited to minimal and incidental use PCD Safety Conducting telephone calls or utilizing PCDs while driving can be a safety hazard. Drivers should use PCDs while parked or out of the vehicle. If employees must use a PCD while driving, Chinook s Edge requires the use of hands-free enabling devices, such as a Bluetooth headset. These may be issued to authorized Chinook s Edge personnel who have received approval. Care must be taken to avoid being recorded when peering Bluetooth adapters, (Bluetooth 2.0 Class 1 devices have a range of 330 feet) Disposal of PCD PCD s that are no longer operational, have been replaced or retired must be delivered to Technology Services. To ensure the security of confidential / personal information contained on mobile devices, the device will eitherbe destroyed and disposed of in accordance with CESD s disposal procedures, or all data will be securely erased and the device repurposed Enforcement Compliance Authorized personnel within Chinook s Edge will perform audits on a regular basis. The Director of Technology Services, in accordance with the Audit Procedure, will manage audits. Technology Services will filter findings not related to a specific operational group and then present the findings to the appropriate support staff for remediation or justification. Every effort will be made to prevent audits from causing operational failures or disruptions. The responsibility for implementing this Procedure belongs with all users of these devices and services. Responsibility for ensuring that new and existing systems remain in compliance with this Procedure resides with the Chinook s Edge Technology Director. Personal Communication & Voic Procedure Page 5

6 If any employee is found to have breached this security Procedure, they may be subject to disciplinary action. Any violation of the Procedure by a temporary worker, contractor or supplier may result in the termination of their contract or assignment Procedure Governance The following table identifies who within CESD is Accountable, Responsible, Informed or Consulted with regards to this Procedure. The following definitions apply: Responsible the person(s) responsible for developing and implementing the Procedure. Accountable the person who has ultimate accountability and authority for the Procedure. Consulted the person(s) or groups to be consulted prior to final Procedure implementation or amendment. Informed the person(s) or groups to be informed after Procedure implementation or amendment. Responsible Director Technology Services Accountable Associate Superintendent System Services Consulted Technology Committee Informed All CESD Employees, All Contractors, All temporary workers. Personal Communication & Voic Procedure Page 6

7 8.0. Definitions TERM / DEFINITION DMZ - De-militarized Zone. A network segment external to the corporate production network. Server - For purposes of this Procedure, a Server is defined as an internal Chinook s Edge Server. Desktop machines and Lab equipment are not relevant to the scope of this Procedure References Personal Communication & Voic Procedure Page 7