Highline College

Connect with Highline College

Winter quarter starts January 6. View the class schedule and enroll today for the best selection of classes.

4.3 Mobile Device Encryption Standard

Home/IT Security/IT Security Policy/4.3 Mobile Device Encryption Standard
4.3 Mobile Device Encryption Standard 2024-03-25T12:19:54+00:00

4.3 Mobile Device Encryption Standard

 

4.3.1. Overview

See Purpose.

 

4.3.2. Purpose

The purpose of this standard is to establish the types of devices and media that need to be encrypted, when encryption must be used, and the minimum standards of the software used for encryption.

 

4.3.3. Scope

This standard applies to all Highline College employees, contractors, workforce members, vendors and agents with a Highline College-owned device or workstation connected to the Highline College network or a personally-owned mobile device or workstation that could contain Protected Data or Personally Identifiable Information (PII).

 

4.3.4. Standard

4.3.4.1 Devices and Media Requiring Encryption

Whole disk encryption is required for all laptops, workstations, and portable drives that may be used to store or access Protected Data or PII.

4.3.4.2 Software

ITS will install software that is capable of encrypting the entire hard drive. Encryption must meet Highline College Encryption Standard.

 

4.3.5. Compliance

4.3.5.1 Compliance Measurement

ITS will verify compliance to this standard through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the standard owner.

4.3.5.2 Exceptions

Any exception to the standard must be approved by ITS in advance.

4.3.5.3 Non-Compliance

An employee found to have violated this standard may be subject to disciplinary action, up to and including termination of employment.

 

4.3.6. Related Standards, Policies, and Processes

4.2 Encryption Standard

 

4.3.7. Revision History

Date By Summary