4.3 Mobile Device Encryption Standard
4.3.1. Overview
See Purpose.
4.3.2. Purpose
The purpose of this standard is to establish the types of devices and media that need to be encrypted, when encryption must be used, and the minimum standards of the software used for encryption.
4.3.3. Scope
This standard applies to all Highline College employees, contractors, workforce members, vendors and agents with a Highline College-owned device or workstation connected to the Highline College network or a personally-owned mobile device or workstation that could contain Protected Data or Personally Identifiable Information (PII).
4.3.4. Standard
4.3.4.1 Devices and Media Requiring Encryption
Whole disk encryption is required for all laptops, workstations, and portable drives that may be used to store or access Protected Data or PII.
4.3.4.2 Software
ITS will install software that is capable of encrypting the entire hard drive. Encryption must meet Highline College Encryption Standard.
4.3.5. Compliance
4.3.5.1 Compliance Measurement
ITS will verify compliance to this standard through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the standard owner.
4.3.5.2 Exceptions
Any exception to the standard must be approved by ITS in advance.
4.3.5.3 Non-Compliance
An employee found to have violated this standard may be subject to disciplinary action, up to and including termination of employment.
4.3.6. Related Standards, Policies, and Processes
4.3.7. Revision History
| Date | By | Summary |