Policies -Laptop Security Policy

__________________________________________
Physical Security
IT purchases warranties for tier 1 machines for the length of the lease.  This will cover normal breakage, e.g. battery, keyboard, hard disk, etc.  It may not cover negligence (e.g. dropping or liquid spills), and does not cover lost or stolen computers.

If the computer damage is not covered by warranty, the faculty or staff member is responsible for the cost of repairs or replacement.

If a Pitzer computer is stolen from a normal secured Pitzer campus location (e.g. locked office), Office of Information Technology will replace the computer.

If the computer is lost or stolen from a non-secured Pitzer location, or any location off-campus, the faculty or staff member is responsible for the cost of replacement.

Data Availability
A laptop is subject to malfunction, and also to being lost or stolen.  It is the user’s responsibility to ensure that any essential data stored on the laptop is properly and securely backed up and recoverable.  This applies to data or information of any kind whose loss would impair the interests of Pitzer College.  Secure cloud storage is recommended instead of local storage on the laptop.

Note: Pitzer College is exploring options for a supported cloud storage service. Service is expected to be deployed during the 2014-2015 academic year.

Data Confidentiality
There are sensitive or confidential consequences, including legal, financial and/or business processes, should sensitive data be revealed to non-authorized persons.  FERPA or HIPAA protected data are but two examples. Users will be held accountable for any failure to follow data security policies listed here in the event of a data breach.

  1. The user must not store any sensitive or protected data on a laptop without properly encrypting the data and obtaining written permission from their respective administrators.  Full disk encryption is recommended.
  2. The user must refrain from storing passwords, even implicitly, on the laptop wherever possible.  Use of a password management application is recommended, provided the password to that application is NOT stored on the laptop in any way.
  3. If the laptop is lost or stolen, the user must report the loss immediately to the IT department.  The user must also immediately change his/her Pitzer password, as well as any other password that might possibly be compromised through the lost laptop, such as the password to a personal email account or web service.