Guideline for Laptops and Handheld Mobile Devices

I. Purpose

The purpose of this document is to provide guidance for protecting university information resources from unauthorized access or disclosure when using laptops or handheld mobile computing devices.

II. Scope

This guideline is applicable to UNC Charlotte faculty and staff as well as other authorized users who utilize a laptop or handheld mobile computing device to access or store university information resources. Every authorized user of university information resources has a responsibility to take appropriate measures to safeguard that information.

III. Contacts

Direct any general questions about this guideline to your unit’s Information Security Liaison. If you have specific questions, please contact OneIT Information Security Compliance at ISCompliance-group@charlotte.edu.

IV. Guidelines For Laptops

Laptop computers used to access university information resources are at increased risk of data exposure due to loss, theft or compromise. Remember to keep your laptop with you at all times or store it in a secured location when not in use. Do not leave your laptop unattended in public locations (e.g., airport lounges, meeting rooms, restaurants, etc.). The following safeguards should be applied to laptops:

• If accessing sensitive university information and systems with a laptop, you must use a university owned and managed device, configured according to the university’s Guideline for Security of Endpoints.
• If working remotely, follow the Guideline for Remote Access.
• Before surplusing a laptop, wipe or securely delete data following the university’s Guideline for Hardware and Media Disposal.
• Lost, stolen, misplaced or compromised laptops should be immediately reported to OneIT and the IT administrator for your area.
• Refer to the university’s Guideline for Reporting Information Security Incidents and follow the university’s Guideline for Data Handling with respect to data stored on your laptop.
• If traveling abroad with a laptop, contact the Office of Research Protections and Integrity, Export Control, for further guidance and information on applicable restrictions and/or procedures.

V. guidelines for handheld mobile Devices

NOTE: Handheld mobile devices are defined as portable computing devices that are running an operating system optimized or designed for mobile computing, such as Android, Apple’s iOS, or Windows Mobile (e.g., smartphones, tablets).

If using a smartphone or tablet to access university information, the following security guidelines should be followed:

• Configure the device with a PIN, pattern, or password-enabled lock screen.
• Enable an automatic screen timeout for inactivity.
• Ensure your device has current operating system, security, and application updates.
• Enable a remote wipe feature, if available for the device.
• Lost, stolen, misplaced or compromised smartphones or tablets should be immediately reported to OneIT and the IT administrator for your area.
• Refer to the university’s Guideline for Reporting Information Security Incidents and follow the university’s Guideline for Data Handling with respect to data stored on your device.
• If traveling abroad with a smartphone or tablet, contact the Office of Research Protections and Integrity, Export Control, for further guidance and information on applicable restrictions and/or procedures.

Related Resources

• University Policy 311 Information Security
• University Policy 602.10 Mobile Communication Device Allowances
• University Policy 101.22 Flexible Work and Telework Arrangements for SHRA and EHRA Non-Faculty Employees
• Guideline for Reporting Information Security Incidents
• Standard for Mobile Devices
• Guideline for Security of Endpoints
• Guideline for Remote Access
• Guideline for Hardware and Media Disposal
• Guideline for Data Handling
• ISO/IEC 27002

ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.

Revision History

Initially approved by Information Assurance Committee 5/8/15
Updated 5/4/23