TCU BYOD Policy

I.    Introduction:

In response to the increasing use of personally owned computing devices (POCD) by employees for TCU business purposes, TCU has established an official bring your own device (BYOD) policy. The purpose of this policy is to define the appropriate use and procedures for using personally owned computing devices on a TCU Network.

II.    Applicability:

This policy applies to any user who makes a wired or wireless network connection from a POCD to the “TCU Guest” or “TCU Personal” network.

BYOD is a rapidly changing technology and TCU reserves the right to modify this policy, including eliminating all support for BYOD, at any time. TCU IT may elect to implement additional requirements or processes to safeguard the University’s Computing Resources (e.g. mobile device management (MDM), enforcing separation of TCU data from personal data, remotely removing TCU data, additional registration processes, or requiring a PIN number to access systems).   The most current version of this policy will be posted on Information Technology’s website.

III.    Policy Statement:

In order to support the BYOD model while appropriately managing TCU’s risk, the following policies are established.

Risks, Liabilities, Disclaimers

Employees who elect to participate in BYOD accept the following risks, liabilities and disclaimers:

  • At no time does the University accept liability for the maintenance, backup, or loss of data on a personal device. It is the responsibility of the equipment owner to backup all software and data to other appropriate backup storage systems before requesting assistance from IT.
  • Persons violating this policy may also be held personally liable for resulting damages and civil or criminal charges. TCU will comply with any applicable laws regarding data loss or breach notification and may also refer suspected violations of applicable laws to appropriate law enforcement agencies.
  • The University shall NOT be liable for the loss, theft, or damage of POCD.  This includes, but is not limited to, when the device is being used for University business, on University time, or during business travel.
  • TCU Information Technology provides only limited security for the TCU Guest and TCU Personal networks and at no time does the University accept liability for the security of a POCD.
  • TCU Information Technology will maintain wise financial stewardship of the University’s resources by assessing the employee’s usage of a POCD in proportion to their usage of TCU provisioned computing device. TCU IT, at its discretion, may elect to discontinue providing a TCU provisioned computing device if it is no longer reasonably needed.
  • TCU Information Technology reserves the right to implement technology such as Mobile Device Management to enable the removal of TCU owned data.
  • POCD may be subject to the search and review as a result of litigation that involves the University.

User Responsibilities

Employees who elect to participate in BYOD must adhere to this policy and all University policies while using a POCD device on a TCU Network.   In particular, the TCU Code of Conduct Policy available on the Human Resources website and the TCU Network and Computer Usage Policy and the TCU Sensitive Personal Information (SPI) Policy available on the Information Technology (IT) website must be followed.

Employees who elect to participate in BYOD must:

  • Not store TCU SPI data on personally owned computing devices
  • Destroy, remove or return all data, electronic or otherwise belonging to TCU, once their relationship with TCU ends or once they are no longer the owner or primary user of the POCD. (E.g. the sale or transfer of a POCD to another person)
  • Remove or return all software application licenses belonging to TCU when the POCD is no longer used for TCU Business
  • Notify TCU Risk Management of any theft or loss of a POCD containing data or software application licenses belonging to TCU
  • At no time may a POCD be connected to the secure TCU networks (E.g. Faculty/Staff, TCU FSWPA2, TCU Secure) without prior approval.

Devices and Support

In general, any computing device may be connected to the TCU Guest or TCU Personal networks provided its use does not disrupt any University Computing Resources or violate the Network and Computer Usage Policy.

Information Technology will prioritize the support of TCU owned computing devices and production information systems and provide only limited support for POCD.   Limited support for POCD devices is defined as:

POCD support for both the TCU Guest and TCU Personal networks:

  • Maintaining the availability of the TCU Guest and TCU Personal networks
  • Maintaining the availability of the authentication systems for the TCU Guest and TCU Personal networks.
  • Verifying authentication credentials are valid.

Additional POCD support for the TCU Personal network only:

  • Troubleshooting connectivity or authentication issues on POCD.
  • Configuration of POCD for communication with TCU Email system (e.g. Exchange ActiveSync).
  • Configuration of VPN and/or Remote Desktop access to TCU Computing Resources.
  • Providing software application support when reasonably possible as determined by IT. Note: It is the responsibility of the device owner to have and provide authentic, individually owned and registered software before any assistance will be provided
  • Ensuring wireless network compatibility for officially supported device types as listed on Information Technology’s website. IT will strive to ensure compatibility for all major devices according to market share. Should you have any concerns regarding compatibility, please consult with Information Technology prior to purchasing any devices you intend to use on the TCU Personal network.

Examples of POCD support not provided include, but are not limited to:

  • Troubleshooting device performance or hardware problems
  • Troubleshooting software applications or cloud services
  • Installing OS upgrades, OS patches, or TCU owned software on POCD
  • Backing up device data or migrating data to a new device
  • Removing malware or spyware

Security

Currently, no security restrictions or Mobile Device Management (MDM) solution have been implemented for the TCU Guest or TCU Personal networks. However, TCU Information Technology reserves the right to implement such restrictions or solutions.

TCU IT may perform security scans against any personally-owned device that accesses TCU networks in accordance to the TCU Network and Computer Usage Policy. IT may, without notification, prevent or ban POCD which disrupt any University Computing Resources or are used in a manner which violates any University policies.

Reimbursement

Any reimbursement claim for purchases associated with personally owned computing devices is subject to the TCU Computer Technology Acquisition Policy and the Reimbursement Policy and Procedures for University-Related Business Expenses which can be found in the TCU Faculty and Staff Handbook. Furthermore:

  • Computer technology purchased for personal use will not be reimbursed by the University.
  • Computer technology purchased with personal funds, regardless of the intended use, may not be reimbursed by the University, without prior approval by Information Technology and Finance and Administration. This includes, but is not limited to, software or technology services, including repair or technical support services.
  • Loss, theft, or damage to personally owned computing devices will not be reimbursed by the University.

IV.    Enforcement

Suspected violations of this policy will normally be handled through TCU disciplinary procedures applicable to the relevant user.  TCU may suspend a user’s access to the TCU Guest network, TCU Personal network, or any University Computing Resources, prior to the initiation or completion of such disciplinary procedures, when it reasonably appears necessary to preserve the integrity, security, or functionality of University Computing Resources or to protect TCU from liability. TCU may also refer suspected violations of applicable laws to appropriate law enforcement agencies.

The University’s Chief Technology Officer shall be the primary contact for the interpretation, enforcement and monitoring of this policy and the resolution of problems concerning it.  Any legal issues concerning the policy shall be referred to the appropriate officials for advice.   Employees may appeal the resolution of problems in regarding this policy via the University’s Conflict Resolution Policy.

Approved Chancellor’s Cabinet – May 2014

Last Updated – June 2014

a