Working Securely

Please review Data Classification to understand the different types of University data and their regulatory requirements.

OU IT encourages the utilization of a University owned device when conducting University business. End User devices may not be used to store University Data unless required for University business process and must be encrypted. The End User Device Security Policy defines the following requirements for personally owned devices:

  1. Devices must be password-protected and use an automated logoff or password-protected screensaver that locks the device after 15 minutes inactivity.  
  2. Devices must be regularly patched and updated, including all installed 3rd party software applications.
  3. If the device will be used to store (e.g., documents, files, etc.) University data (PII, FERPA, GLBA, PHI, etc.) and the device is lost or stolen, the device owner must report the theft or loss to OU IT immediately.
  4. The device must be encrypted with BitLocker or FileVault if you plan to store University data.  *Note: Keep the recovery key backed up and protected. The device owner is responsible for periodically checking the status of encryption (we recommend taking a screenshot quarterly) that can provide proof of encryption is the device is lost or stolen.  
  5. Install anti-virus software.  Keep the anti-virus software up-to-date and configured to scan every 12 hours and when opening email attachments.  OU does not provide anti-virus software for personally owned devices at this time.

**Important Note for Windows Users**

Windows Home is not an approved Operating System for storing university data. If you are using Windows Home you can either Upgrade Windows Home to Windows Pro or use MyDesk (VDI)

Encrypting your Personal Computer's Hard Drive

Please follow Encrypting Your Personal Computer's Hard Drive to ensure your personal device is encrypted.