OUHSC Student Device Encryption and Compliance


On this page:

Medical Residents: The OUHSC Student Device Encryption program does not apply to medical residents. Medical residents that are not provided with a university or OU Health device should contact the Office of Compliance with usage questions.

OU policy requires device encryption on laptop computers that may store sensitive or confidential information (e.g., SSN and financial information, patient information). For laptops used by OU Health Sciences Center Students, the presumption is that the device may be used for this purpose; therefore, OU policy requires all student devices have the built-in encryption always turned on while you are a Health Sciences Center Student.  Students must enable encryption by January 16, 2024. The instructions below outline how to encrypt your device and set it up for encryption management.

These responsibilities apply to Approved Personal Devices:

  • You are responsible for any and all University data saved to this device. Using a personal device DOES NOT remove you from responsibility to protect University data.
  • In the event you believe your device might be compromised, you must immediately notify OU IT of the potential security risk.
  • If you lose or misplace your device, you must immediately notify OU IT of the potential security risk.
  • When you graduate, you must delete University data and notify OU IT that your device will no longer be used.

Important Notes Before Proceeding with Student Device Encryption and Compliance

  • All users are encouraged to backup their data to alternate locations. Your account has access to OneDrive; however, OneDrive access is removed 30 days post graduation.
  • Windows users - Store your personal BitLocker key in a secure location and always accessible location (not your OUHSC account). When turning on BitLocker you will be presented with a BitLocker key. OU IT is not able to access your personal BitLocker key. Your device will need to be re-imaged if you forget your personal BitLocker key. OU IT is not responsible for lost data as a result of re-imaging or forgetting the BitLocker key.
  • Windows users - Store your Windows Education Key in a secure location and always accessible location (not your OUHSC account). When upgrading from Windows Home to Windows Education you will be presented with a personal Windows Education Key. OU IT is not able to access your personally assigned key.

Encryption and Registration Steps

  1. Backup Your Data
  2. Encrypt your device.
  3. Once your device has completed its encryption, install the HSC Student Sassafras/KeyAccess IT Asset Management agent.
  4. Locate your Computer Name and Serial Number using KeyAccess.
  5. Complete the Student Encryption Certification Form.
  6. Save your Encryption Certification and Upload to Complio.


Encryption Pop Up

If you've installed Sassafras and do not have encryption turned on you will receive the following Pop Up. Please review the encryption steps (above) with specific attention to turning on BitLocker (Windows) or FileVault (Mac).


Frequently Asked Questions

Q: Will OU IT complete the encryption and compliance program for me? 

The OUHSC Student Device Encryption and Compliance program is designed to be self-service. The backup, encryption, and compliance steps are to be completed by the device owner. OU IT is here to assist you with technical errors encountered during the compliance process; however, we will direct users to the OUHSC Student Device Encryption and Compliance steps and KB articles to ensure successful compliance via self-service.

Q: How quickly should I receive the encryption certification form after submitting the request? 

The encryption certification email will be delivered AFTER OU IT confirms compliance with the program. OU IT checks the Serial Number you provided against the Serial Number checking in on the Sassafras agent. The process is automated and will provide communication throughout the process. User can expect to receive 4 different message types. Resolved (meaning you are in compliance), Submission Received (meaning we received your submission and are attempting to match your Serial Numbers), Still Looking (meaning we haven't matched your Serial Number and provide you with steps to ensure you provided the correct Serial Number), and Withdrawn (meaning we could not match your Serial Number after 7 consecutive days).

If you are unable to locate the emails, please visit this article to find a copy of your certification.

Q: What is device encryption, and what does it do? 

Encryption is a technology that protects the contents of your device from unauthorized access by converting it into unreadable code. It is a stronger level of protection than other security features, such as user logins. Device encryption encrypts all existing data and any new data once encryption is enabled; therefore it does not require users to encrypt certain folders or files. 

Q: Why is device encryption important? 

The main value of device encryption is in protecting data if the device is lost or stolen. Because laptops are portable and thus more likely to be stolen, we are requiring laptop encryption. Several dozen OU laptops are lost or stolen each year, and it is important that any sensitive data on these laptops not be compromised. A simple log-in does not protect the underlying data and it must be encrypted to be secure. 

Q: Is device encryption common practice? 

OU has had an institutional laptop encryption program since 2016 like other academic medical centers and most universities. It is considered a basic requirement for HIPAA compliance and commonly required for handling other forms of sensitive information. 

Q: Must I encrypt my device? 

All faculty, staff, and students at OU must encrypt any laptop computer that is to be used as part of University Business. All Health Sciences Center Students must encrypt any laptop computer used while at OU.  Additionally, OU encourages all Students to encrypt their laptop computer.  Laptops often store data in temporary files, email attachments, and downloads, and therefore device encryption is the only way to secure data against loss or theft.  

Q: What type of encryption software does OU use? 

OU uses Microsoft’s BitLocker Drive Encryption for devices running Windows 10/11 Education or Pro or above and Apple’s FileVault for devices running Macintosh OS X. Both of these encryption solutions are native to the respective operating system and offer significant improvement in system performance. Mobile devices, such as tablets and smartphones, are encrypted using native device encryption when enrolled in the OU Secure Mobile Policy.   

Q: How long does it take to encrypt my hard drive? 

It takes about 20 minutes to enable the encryption software and can then take several hours to complete the encryption, during which time you can use your computer normally. Once the encryption process is complete, there should be no disruptions or significant performance issues while you work.

Q: What is the purpose of the Sassafras agent?

The Sassafras agent is a lightweight and discreet application that provides a high-level hardware and software inventory of a computer. OU IT is only using Sassafras to report on the current status of Bitlocker (PC) or FileVault (Mac) encryption.  Sassafras is not used to monitor or control any user activity.  Data coming from Sassafras is unidentifiable and matched by an automated process to the information you supply during the cerification process to verify encryption status only.  The only data that is used outside the system is device encryption status, computer manufacturer, and operating system family; this is only shared with university administrators for the purpose of monitoring program compliance.



Article ID: 3016
Mon 8/14/23 3:35 PM
Fri 6/7/24 12:26 PM