Bring Your Own Device (BYOD) Policy Frequently Asked Questions

Personally owned computing devices (“personal devices”) include desktop or laptop computers as well as mobile devices, such as cell phones or tablets, that are owned and managed by you, personally. The purpose of this new policy is to make sure that your devices meet the minimum requirements before they are granted access to Clemson University IT Resources and Systems. Here is the link to the new BYOD Policy for your reference. These frequently asked questions will be updated as necessary.

1. What software do I need installed on my personal device to access University IT Resources?
   • Personal Desktop/Laptop – A current manufacturer-supported Operating System (OS) with up-to-date security updates applied and antivirus software installed.
     
     
   • Mobile Devices – A current manufacturer-supported operating system with current security updates applied.

What do I need to do? Verify that your personally owned device has all the latest updates installed.

For Mac OS devices, go to System Settings, then General and Software Update to verify that your Operating System is updated.

For Windows OS devices, go to Settings, then Windows Updates to verify that your Operating System is updated.

For Android mobile devices, go to Settings, then System and System Updates to verify that your Operating System is updated.

For iPhone devices, go to Settings, then General and Software Update to verify that your Operating System is updated.

2. What security settings do I need to have configured on my personal device?
   • Personal Desktop/Laptop – The device must have a password, PIN, or biometric login enabled. Password and PIN must meet Clemson’s Strong Password Guidelines. Disk encryption must also be enabled such as BitLocker or FileVault.
     
     
   • Mobile Devices – The device must have either a strong password, 6-digit PIN (minimum), or biometric login enabled. Disk encryption must also be enabled.

Newer Android devices are encrypted by default when a lock screen is set up. For older Android devices, you can enable encryption in the device’s settings. You can check if your device is encrypted by going to Security in the device’s settings.

For iPhone devices, encryption is enabled automatically when you set up a passcode.

What do I need to do? Make sure that your personal device has a strong password or at least a 6-digit PIN or biometrics setup to login to your device and that you have encryption enabled.

3. How does Clemson determine if my personal device meets the BYOD security requirements?

When you authenticate to a Clemson system using DUO or connect to the Clemson network, our tools verify that a device’s security settings and application inventory meet the security standards, before granting it access to Clemson IT Resources and Systems.

4. What access will Clemson have on my personal device?

The University will not have access to any personal content on the personal device. These processes will just look at a device’s security settings, network information, and application inventory to ensure that it meets the security standards before granting it access to Clemson IT Resources and Systems.

5. If my device does not meet the BYOD security requirements, what will happen?

Devices that do not meet security requirements will not be able to access specific University IT Resources and Systems.

What do I need to do: If your personal device doesn’t meet the requirements, options include making adjustments to the device as outlined above or acquiring an alternate device that does meet the requirements.

6. What can I do if I don’t want to change the settings or software on my personal device?
   • Personal Desktop/Laptop – The Citrix Virtual Desktop Interface can provide an alternative managed way to access a Clemson IT Resource from a personal device.
     
     
   • Mobile Devices – Access to University IT Resources and Systems will be limited.

What do I need to do? If you choose not to update your personal device to meet the BYOD security requirements you can use an approved Citrix Virtual Desktop Interface as a possible alternative.

7. Can I use a personal device to access cloud-hosted content that includes Confidential or Restricted data?

You may access cloud-hosted solutions, but you cannot download or save Confidential or Restricted data to your personal device.

8. What should I do if I have Confidential or Restricted data on a personal device?

You should immediately delete any Confidential or Restricted data stored on the personal device.

9. What do I do if my personal device is lost or stolen?

Report it immediately using the Missing Device Report Form from the CCIT Cybersecurity website.

NOTE: If you need help with any of the above solutions, you can contact the CCIT Service Center or your IT Consultant for assistance.

Key Points

General

The Bring Your Own Device (BYOD) policy provides the standards and rules of the BYOD program for Clemson University employees using personally owned computing devices to access University IT Resources and Systems.

Purpose

• Ensure that personal devices meet the University security standards
• Manage the distinction between personal and work data on personal devices
• Outline how personal devices interact with University IT Resources and Systems
• Ensure the University retains ownership over University-owned data even on personal devices, which can be crucial in cases of employee departures or legal disputes.

Usage

A personal device must not be used as the primary means to create, store, send, or receive University data.

A personal device should not be used to access Confidential or Restricted data (see Data Classification policy) as part of your job duties. If a University-owned device is unavailable, an approved University remote access solution must be used.

Do not use a personal device to access University IT Resources when prohibited by policy, regulation, or law.

Confidential or Restricted data must not be downloaded or transferred to a personal device.

Legal/University Requirements

Any University Data on a personal device that is subject to document requests (e.g., Freedom of Information Act or Family Educational Rights and Privacy Act) or document production (e.g., warrants, subpoenas, court orders) must be provided upon the request of the University. Access and review of personal devices subject to such requests or orders is limited to the scope necessary to comply with the request or order.

The University reserves the right to implement technology to enable the access, review, and removal of University Data from personal devices.

Restrictions

The University may remove access to University IT Resources and remove University-installed software from the personal device at any time when doing so is in the best interest of the University.

Violations of this policy may result in the personal device being restricted from the University IT Resources and Systems.