Bring your own device policy

1.0 Purpose 

This policy defines the acceptable use of personally owned devices by University users when accessing, creating, modifying and deleting University data to ensure compliance with cyber security standards. 

2.0 Scope 

This policy does not apply to students. 

Any device that is not centrally managed by Information Services is classed as a Bring Your Own Device (BYOD) device. 

This policy covers the use of BYOD electronic devices to access the University systems and data. Such devices include, but are not limited to, smart phones, tablets, laptops, and PCs. 

This policy applies to use in all locations, including at home and via VPN. 

3.0 Policy 

3.1 Acceptable use of user-owned devices 

3.1.1 Standard connectivity for BYOD devices will provide internet access, but access to AU resources and services including Microsoft 365 (such as Email and Teams) will be restricted. For full access devices will need to connect to the GlobalProtect VPN service. Android devices are able to make use of Work Profiles without the need for VPN access. 

3.1.2 All devices that are accessing University data or services must: 

• be running a current operating system, still being supported by the vendor (Android / Linux / Mac / Windows / iPad/iOS / iPhone/iOS)
• have anti-virus and anti-malware protection installed
• have a firewall installed/enabled (Windows / Mac / Linux)  
• log on to your device with a username/password or PIN used only by you, or biometrics (Windows / Mac) 
• not use an account with administrative privileges for day-to-day use 
• be set to lock when left unattended (Linux / Mac / Windows)
• comply with the JANET Acceptable use policy 

3.1.3 Users are required to conduct work-related, online activities in line with the University’s IT related policies and Information Services regulations. This requirement applies equally to BYOD. 

3.1.4 Users must not download or store University data on BYOD devices, removable media, or personal cloud storage.

3.1.5 All users must confirm that they have read and agreed to this policy and have provided an inventory of their devices at the following link: https://myaccount.aber.ac.uk/protected/byod. This process must be completed annually. Users who have not completed the agreement will not be able to access AU resources on BYOD.

3.2 Compliance Checking of User-Owned Devices  

3.2.1 Access to AU resources via the GlobalProtect VPN will be subject to additional compliance checking to confirm details outlined in 3.1.2.  Any device that is considered a risk to the network will be subject to restricted access until conditions outlined in 3.1.2 are met. 

3.2.2 For Android devices, compliance checking will be performed by the Work Profile to ensure that the device is compliant with the conditions outlined in 3.1.2 before allowing access to AU resources. 

3.3 Support 

The University takes no responsibility for supporting, maintaining, repairing, insuring or otherwise funding employee-owned devices, or for any loss or damage resulting from support and advice provided.  

Help and advice is available on a ‘reasonable endeavours’ basis, via Information Services.  

Support FAQs are maintained at https://faqs.aber.ac.uk/  

Associated Policies 

• Network Management Policy 
• JANET Acceptable Use Policy 
• Remote Access Policy 
• VPN Policy 

 This Policy is maintained by Information Services, was last reviewed in July 2022 and is due for review in August 2023