Mobile Devices Policy for Baghdad University

1.Introduction
Mobile devices such as smart phone and tablets offer great flexibility and improved
productivity for employees. However, they can also create added risk and potential
targets for data loss. As such, there use must be in alignment with appropriate
standards and encryption technology should be used when possible.

2.Purpose
This document describes Information Security's requirements for encrypting data at
rest on Baghdad University mobile devices.

3.Scope
This policy applies to any mobile device issued by Baghdad University or used for
Baghdad University business which contains stored data owned by Baghdad
University.

4.Policy Statements
All mobile devices containing stored data owned by Baghdad University must use
an approved method of encryption to protect data at rest. Mobile devices are
defined to include laptops, PDAs, and cell phones.
Users are expressly forbidden from storing Baghdad University data on devices
that are not issued by Baghdad University, such as storing Baghdad University
email on a personal cell phone or PDA.
4.1 Laptops
Laptops must employ full disk encryption with an approved software encryption
package. No Baghdad University data may exist on a laptop in plaintext.
4.2 PDAs and Cell phones
Any Baghdad University data stored on a cell phone or PDA must be saved to an
encrypted file system using Baghdad University-approved software. Baghdad
University shall also employ remote wipe technology to remotely disable and
delete any data stored on a Baghdad University PDA or cell phone which is
reported lost or stolen.

Page 1

4.3 Keys
All encryption keys and pass-phrases must meet complexity requirements
described in Baghdad Universitys Password Protection Policy.
4.4 Loss and Theft
The loss or theft of any mobile device containing Baghdad University data must be
reported immediately.

Standards:
Password Protection Policy

Roles & Responsibilities

5.1. IT Services are responsible for the implementation of this

policy and facilitating staff and student compliance and will,
wherever possible, put in place procedures to configure security
measures on mobile devices.
5.2. All staff and students at BU are responsible for safeguarding
the security of BU data and in doing so must adhere to the BU
Data Protection Policy and the Data Protection Act 1998. For a
further explanation of the definitions of data and examples of
data that require protection, please refer to the BU Information
Security Policy.
5.3. As part of that wider responsibility to safeguard data within
BU, all staff and students who access BU data using mobile
devices are responsible for ensuring compliance with this policy.

Enforcement

Failure to comply with this policy will be investigated in

accordance with BU Disciplinary Procedure. Sanctions for
violations of the policy may include:

Page 2

 Civil litigation for mobile device non-return

Criminal Action for failing to return, replace or recompense
mobile device non-return
Other sanctions in line with the Universitys Disciplinary
Procedure for misconduct and gross misconduct.
Cost of replacing lost/stolen equipment charged to relevant
department

7 Revision History
Date of
Responsible
Change

Summary of Change

Mar 2015

Updated and converted to new format.

BU Policy Team

Contact information

Office of the President

info@uobaghdad.edu.iq
baghdadunv2@yahoo.com
Affairs of the citizens
citizen.affairs@uobaghdad.edu.iq

Page 3