Added and Amended Policies >> Series 700 Information Resources >> 7.5.16 Safeguarding Data

7.5.16 Safeguarding Data

A. Purpose

To enhance approaches to cybersecurity consistent with our obligations as a state agency, to protect our patients, our business, our intellectual property assets and our ability to fulfill our mission.

B. Persons Affected

All University of Texas at Tyler (the “University”) students, faculty, staff, patients, visitors, volunteers, contracts, and vendors.

C. Definitions

N/A

D. Policy

• Only University owned computers and IT-managed mobile devices will be permitted on the internal IT network. A guest network for patients and visitors is available.

• All University business, including all research and IP-related work, must be conducted on University asset-tagged and encrypted devices, IT-managed mobile devices, or University managed applications.
• All non-university owned devices should use the Guest network.
• Any exceptions to devices allowed on the internal network must be approved by ISO.

• Ports on all University-owned computers, laptops and other equipment that connect storage devices (USB and external drives) to the network is considered a risk to the University.  These risks will be evaluated and as a result, the use/availability of these ports and USB-enabled storage devices may be disabled.  OneDrive, an institutionally approved cloud-based storage solution, is available to all employees.
• University employees traveling internationally no longer will be able take their individually assigned institutional devices. Instead, employees must request and obtain loaned devices from the IT department. Upon return, IT must be contacted immediately to collect and wipe the device, and employees must not connect them to the network.
• Information Technology related international travel for the Health Science Center and the University vary slightly.  
  • Health Science Center employees must request and obtain loaned devices from the IT department when traveling internationally. Upon return, IT must be contacted immediately to collect and wipe the device, and employees must not connect them to the network.
    • Devices also must be requested if an employee is travelling internationally on personal time and they plan to connect to University resources (i.e. network, email, Office365, SharePoint, etc.).
  • University employees must request and obtain loaned devices from the IT department when travelling internationally to countries found on the restricted country list. Upon return, the devices must be returned to IT to wipe the device. Employees must not connect the device to the network upon return.
    • When travelling internationally to countries not found on the restricted country list, employees are permitted to take their university issued device.

E. Enforcement

Violation of this policy may result in disciplinary action that may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of the University Information Resources access privileges, civil, and criminal prosecution.

F. References

• Texas Government Code, Section 2054.517
• University of Texas System Policy UTS 165, Standard 11 

G. Review Responsibilities and Dates

The Division Head for this Policy is the Chief Information Security Officer and this Policy shall be reviewed every two (2) years or sooner, if necessary, by the Division Head or their designee.