Georgetown University-Provided Mobile Device Policy
STATEMENT

Mobile devices are a key resource for Georgetown University due to the nature of mobility in the work place to enable communication in areas or situations where conventional telephones or network access is not available or accessible. To ensure communications throughout the University at all times, the University will issue and manage mobile devices in accordance with this policy.

APPLICABILITY

All provisioning and use of University-issued mobile devices to members of the University community based in the United States is governed by this policy.

GUIDING PRINCIPLES/PURPOSE

This University-Provided Mobile Device Policy, and supporting documentation, guidelines, and procedures, provides a framework to provision mobile devices for institutionally sanctioned uses while preserving the security, privacy, and integrity of Georgetown University Information. All members of the University community are stakeholders in this process.

Georgetown University is committed to protecting the confidentiality, integrity, and availability of its information. To achieve these goals, University-issued mobile devices must be secured in accordance with policy, legal, regulatory, and best practice standards as defined in the Standards for the Use of a University-Issued Mobile Device.

Use of a University-provided mobile device and supporting services is intended for official University business by members of the University community based in the United States. Except as otherwise provided in the Reimbursement Policy – Business and Travel, the University will not reimburse individuals for costs associated with non-university owned or provided mobile devices.  This includes, but is not limited to, monthly service, feature charges, usage charges, taxes, fees and surcharges.

This Policy complements and supports other University policies that protect the University’s information assets and resources including, but not limited to, the Information Security Policy, the Information Classification Policy, the Record Retention Policy, the Acceptable Use Policy, and the Policy on the Use, Collection, and Retention of Social Security Numbers.

ADMINISTRATION AND IMPLEMENTATION

University-provided mobile devices may be assigned to campus individuals or departments based in the United States for whom the nature of their work requires mobility and who have a more explicit need to have access to or to be readily accessible by others. The justification for service should have a clear connection to the user’s job responsibilities such as Senior Administration, on-call or afterhours support, frequent business related travel, field and mobile campus staff, or emergency response team members.

University-provided mobile devices may not be issued to student workers, contractors, or to others without a compelling use for this technology.

University-provided mobile devices will be administered through the University’s mobile device management program. The authorized recipients may not tamper with or circumvent these administrative settings.

The individual to whom the university-provided mobile device is assigned is responsible for taking appropriate steps to secure the phone and notifying UIS if the phone is lost, stolen or misplaced pursuant to the Standards for the Use of a University-Issued Mobile Device. The department is responsible for covering replacement costs.

University-provided mobile devices may only be used by the authorized recipient. Authorized University-issued mobile device recipients must return their assigned devices when leaving the University or when a change in responsibilities removes them from eligibility. All data must be completely removed from the returned mobile devices by a Georgetown University Technology Service Provider in conjunction with University Information Services before any mobile device can be re-assigned to another authorized recipient of the University community or when the authorized recipient leaves the University.

Departmental Business Officers manage the financial aspects of procuring and administering University-provided mobile devices, as detailed in the Standards for the Use of a University-Issued Mobile Device. In accordance with the Financial Affairs policy 129-12: Employee Mobile Devices Tax Compliance, departmental business office or financial managers will be responsible for retaining and submitting all forms to maintain tax compliance. All costs associated with university-owned and issued mobile devices will be borne by the department that requests the devices and supporting services. These costs include, but are not limited to, equipment and accessories purchase, equipment replacement, service activation, monthly service and feature charges, usage charges, insurance, taxes and surcharges.

However, it is recognized that personal communications is necessary. Consistent with campus telephone usage, costs associated with personal use of the University-issued mobile device that exceed the subscribed usage plan must be reimbursed, on a monthly basis, by the authorized University-issued mobile device recipient. Reimbursements to the departmental budget for overage related to personal use will not exceed the carrier’s charges to the University. These reimbursements will be completed pursuant to the University’s Office of Financial Operations procedures and as outlined in the Standards for the Use of a University-Issued Mobile Device.

Existing university-provided mobile devices and supporting services may be transferred between the four master service agreements at the end of the term or service activation period with departmental finance approval. All charges, fees, or equipment changes are the responsibility of the department.

RESPONSIBILITIES
  • Authorized University-issued mobile device recipients
    • Compliance with the Standards for the Use of a University-Issued Mobile Device
    • Reporting lost, stolen, or damaged devices as specified in the Standards for the Use of a University-Issued Mobile Device
  • Departmental Business Officers or Financial Analysts,
    • Retaining and submitting all forms to maintain tax compliance
    • Compliance with Financial Affairs policy 129-12: Employee Mobile Devices Tax Compliance
  •  TSPs
    • Completely remove all data from the returned mobile devices
  • UIS
    • Manage and support the Mobile Device Management Program
ENFORCEMENT

Pursuant to the Georgetown University Human Resources Confidential Information Policy, employees who violate the University’s Mobile Device Policy and its associated procedures may be subject to disciplinary action. Unauthorized access or disclosure of legally protected information may result in civil liability or criminal prosecution.

DEFINITIONS

For clarification on the terms used in this document, please refer to the Office of Information Services Policy Definitions, Roles, and Responsibilities. Terms used in this policy include:

  • Authorized University-issued mobile device recipients
  • Departmental Business Officers or Cost Center Managers
  • Device Service
  • Technology Service Providers (TSPs)
  • University-Provided Mobile Device
RESOURCES

Information and resources supporting this Policy, including best practices for the use of mobile devices, are available on the Georgetown University Information Security Web site. Relevant policies and procedures include:

Standards for the Use of a University-Issued Mobile Device
Policy on the Use, Collection, and Retention of Social Security Numbers by Georgetown University
Georgetown University Record Retention Policy
Georgetown University Information Classification Policy
Georgetown University Human Resources Confidential Information Policy
Georgetown University Acceptable Use Policy
Office of Information Services Policy Definitions, Roles, & Responsibilities
Office of Information Services Procedures for the Protection of University Information

APPROVAL HISTORY

Approved by David Smith, University Information Security Officer, June 10, 2013

REVIEW CYCLE

This policy will be reviewed and updated as needed, but at least annually, unless changes in institutional policy or relevant law or regulation dictate otherwise.

REVISION HISTORY