[ skip to content ]

More Information about this image

Handbook and paperwork for the newly hired.

Old Dominion University

Information Technology Standard

02.2.0 Workplace Device Technologies Standard

Date of Current Revision or Creation: November 1, 2021

The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion University Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.

  1. Purpose

    The purpose of this compliance standard is to provide the University community with a clear understanding of the proper practices in the use of various communication technologies available in the workplace.

    This standard seeks to ensure that University content is appropriately protected.

  2. Definitions

    Institutional Data - Recorded information that documents a University business-related transaction or activity by or with any appointed board member, officer, or employee of the University. Regardless of physical form, characteristic, or source, the recorded information is a University record if it is produced, collected, received or retained in pursuance of law or in connection with the transaction of University business. The medium upon which such information is recorded has no bearing on the determination of whether the recording is a University record. University records include but are not limited to personnel records, student records, academic records, financial records, patient records and administrative records. Record formats/media include but are not limited email, electronic databases, electronic files, paper, audio, video and images.

    Protected Information is data subject to special precautions in its storage, usage and transmission as classified in University Policy #3504, Data Administration and Classification Policy.

    Social Engineering is the term used for the practice of manipulating people to reveal private or sensitive information as a way to circumvent security.

    User includes anyone who accesses and uses the Old Dominion University information technology resources.

  3. Standards Statement

    Old Dominion University provides a communication network offering data, video and voice devices and facilities for use by individuals and groups. The use of communication resources is permitted if users are aware of the information security issues involved and act in compliance with relevant regulations.

    Clear Desk Practice

    All protected information must be removed from the desk or other public areas and locked in a drawer or file cabinet when the workstation is unattended and at the end of the workday. All protected information must be stored in lockable drawers or cabinets. File cabinets containing protected information must be locked when not in use or when not attended. Keys used to access protected information must not be left at an unattended work area.

    Providing Services or Instructions by Telephone

    Instruction and service information is routinely provided by University employees by telephone. The University prohibits the release of private information. Be aware of all relevant policies and procedures when sharing information by telephone. Use a verification procedure to assist in determining the identity of the caller. Be aware of techniques, such as social engineering, used to gain information by deception.

    Recording Telephone Conversations

    Federal and state laws require that all parties must be informed in advance if calls are recorded (save and except Virginia, where only one party's consent is required so long as all parties are within that state). Quality assurance calls should identify that monitoring used to improve training. Recorded material must be safeguarded from unauthorized access and disclosure.

    Clear Screen Practice

    Computers and displays should be logged off or protected by a screen and keyboard locking mechanism controlled by a password or similar user authentication mechanism when unattended or protected by key locks, passwords or other controls when not in use. Passwords must not be posted on or under a computer or in any other accessible location.

    Printers and Facsimile Transmissions

    Prevent the unauthorized use of photocopiers, facsimiles, multifunctional and other reproduction technology. Designate a responsible individual to handle secure photocopies and faxed communications. Copies of documents containing protected information must be immediately removed from printers and facsimile machines. Whenever possible, use printers with that use University ID cards or authentication that limit use to only those who originate the document. To the extent possible, isolate the devices to a secure location accessible only to authorized employees.

    For facsimile transmissions, use cover sheets that clearly identify the intended recipient and the total number of pages faxed. Use caution when sending or receiving confidential information by fax by confirming the number before dialing, requesting confirmation and reviewing activity reports. Confidential communications should explicitly state that the fax should not be distributed, copied or disclosed to any unauthorized person. Instructions on the handling of facsimile communications received in error should be provided on the cover sheet.

    Removable Storage Media

    Removable media should be encrypted if storing protected information. Protected information should be locked away from the workstation when not required and at the end of the workday. Protected information must be stored in lockable drawers or cabinets.

    Mobile Devices

    Mobile devices should follow the practices described in ITS Standard 02.9.0 Mobile Device Management Standard.

    Conference Calls/ Videoconferencing

    Use caution when discussing sensitive content. Public communication lines can be compromised. If conference calls or videoconferences are required on a regular basis, or if confidential data is discussed; use appropriate encryption on the lines. It is important to establish a procedure to verify the identities of the parties participating in a conference call.

  4. Procedures, Guidelines & Other Related Information

    Federal and State Law

    University Policy 3505 - Information Technology Security Policy

    University Policy 3700 - Records Management Policy

    University Policy 4100 - Student Record Policy

  5. History

    Date Responsible Party Action
    October 2009 ITAC/CIO Reaffirmed
    October 2010 ITAC/CIO Reaffirmed
    October 2011 ITAC/CIO Reaffirmed
    April 2012
    		 IT Policy Office Revised for clear screen policy, clear desk and printers
    December 2012 IT Policy Office
    		 Numbering revision
    August 2013 IT Policy Office
    		 Departmental Name update
    August 2015 IT Policy Office/ISO Scheduled review, reaffirmed
    December 2018 IT Policy Office/ISO Scheduled review, reaffirmed; definitions and links checked, wording updated.
    November 2021 IT Policy Office Definitions and links checked.

Contact

IT Project Management

IT Project Management coordinates the efforts and resources of ODU ITS to produce effective, quality solutions for the University's students.

Student Computing

Faculty & Staff Computing

Site Navigation

Experience Guaranteed

Enhance your college career by gaining relevant experience with the skills and knowledge needed for your future career. Discover our experiential learning opportunities.

Academic Days

Picture yourself in the classroom, speak with professors in your major, and meet current students.

Upcoming Events

From sports games to concerts and lectures, join the ODU community at a variety of campus events.