Bring Your Own Device Policy

Overview

This policy applies to all personal electronic devices which are used to access UCL systems or to store, process or transmit UCL information. The use of such devices to create and process University information and data creates issues in the area of information security. UCL must ensure that it remains in control of the data for which it is responsible.

The fundamental requirement is that UCL information and systems are protected from unauthorised access. The level of risk should drive what is acceptable for using a personal device to access information on UCL systems. This guidance describes the key security aspects to consider in order to maximise the business benefits of BYOD whilst minimising the risks. UCL intends to allow access to its information by its users, but also must meet its legal, contractual and duty of care obligations.

Contents include

• Personal Device Security
• Use and Maintenance
• Data Governance
• Actions on discovering device loss or unauthorised access

Who should read this policy

• All staff
• Contractors
• Temporary staff
• Students
• Visitors
• Managers
• Teaching staff
• Student support staff
• Researchers

Policy

https://www.ucl.ac.uk/information-security/sites/information-security/files/byod.pdf