Mobile Communications Device Policy
POLICY NUMBER: ITSC-MC001
This policy was originally approved on: January 9, 2013
This version was approved on: January 9, 2013
This version takes effect from: February 1, 2013
This policy defines and establishes guidelines for employee eligibility and responsibilities associated with the use of College-owned Mobile Communications Devices (MCD) as defined below. This policy also defines formal processes for the approval and procurement of an MCD, thereby reducing unnecessary MCD costs to the College and ensuring the confidentiality of College information.
MCDs are provided to improve customer service and to enhance business efficiencies. MCDs are not a personal benefit and shall not be a primary mode of communication, unless they are the most cost-effective means to conduct College business. In order to facilitate the objectives of this policy, the College may enter into contracts with telephone and data service providers. During the period when one or more of these contracts is in force, the College will only purchase MCDs for employee use on the basis of these contracts, unless a specific exception is granted by the appropriate Vice President or Dean.
This Policy will be reviewed on or about August 15th of each odd-numbered fiscal year beginning in 2015 with recommendations for revision forwarded to the Director of Business Services by June 15th of each odd year.
Data Security Committee - A committee comprised of the Personal Information Security Officers, the Vice President and General Counsel, the Director of Student Financial Services, the Vice President for Human Resources and the Controller whose role is to identify and assess internal and external risks to the security, confidentiality, and integrity of sensitive paper and electronic records which contain Personal Information.
Department/Division Head - The Director/Manager of the department in which the employee works, or that individual’s designee. When this is ambiguous, the appropriate College Vice President or Dean is to be consulted for clarification.
ITSC – Information Technology Service Center
Mobile Communications Device (MCD) - An MCD is an electronic handheld device that integrates the functionality of a mobile phone, personal digital assistant (PDA), and other information applications. Mobile phones, or smartphones, with PC-like functionality having features like email and internet browsing are MCDs. Examples include: iPhones, and Android or Windows Mobile phones. For purposes of this policy, the MCDs considered in scope are limited to these devices.
Personal Information - An individual’s first name and last name or first initial and last name in combination with one or more of the following data elements: social security number, driver’s license number or state-identification card number, or financial account number, or credit or debit card number, with or without any required security code, access code, personally identifiable identification number or password, that would permit access to a person’s financial accounts.
Sensitive Information – Data whose disclosure would not result in any business, financial or legal loss but involves issues of personally identifiable credibility, privacy or reputation. The security and protection of this data is dictated by a desire to maintain staff, faculty, and student privacy.
This policy affects faculty and staff who are authorized to use an MCD and associated wireless services for College business and who receive a College issued MCD. This policy also governs MCDs acquired via grants and contracts awarded in Babson College’s name.
Policy Content and Guidelines
In general, Babson College will own MCDs or will carry MCD contracts for assignment to individual employees in limited cases as specified below. Employees are expected to use a College issued MCD for Babson College business.
Mobile Communications Device Eligibility Criteria
Eligibility for an MCD for Babson employees is determined by (but not limited to) the following criteria:
Institutional, time-sensitive decision making: An employee whose responsibility includes making critical decisions with widespread impact for the College.
Frequent job-related travel: An employee who travels on a routine or regular basis in the course of performing job-related responsibilities.
Need for mobility: An employee who typically works in the field or at sites where access to a telephone is not readily available and is deemed necessary for work responsibilities.
Emergency response: An employee who is contacted and/or must respond in the event of an emergency (24x7) or is required on a regular basis to be available or on call during non-business hours.
Need for real-time data and communication: The employee’s position requires they check their email and/or calendar with significant frequency when away from the office and must be available to speak with contacts at times when he/she is away from the office. This includes speaking with contacts that are located in other time zones outside of the employee’s normal work day.
Eligibility is not based on title or position at the College. Exceptions or additions to the above criteria and which are based upon business necessity must be approved by the employee’s Department Head, in conjunction with the Director, IT Support Services.
Employees Meeting Eligibility Requirements With a College Issued MCD
Stipends will not be issued to employees in lieu of obtaining a College issued MCD. Check reimbursements to employees for business calls made on personal MCDs will not be processed by Accounts Payable (A/P) if the employee has a College issued MCD. A/P Reimbursements for business calls made on a personal MCD will only be provided if the employee is not eligible to receive a College issued MCD. Employee monthly payments to MCD vendors will not be accepted on the employee’s College issued Procurement Card (Pcard). The ITSC will make monthly vendor payments to the appropriate MCD plan providers for all billing charges approved by the Department Heads.
Department/Division Head Responsibilities
The Department/Division Heads are responsible for confirming eligibility and approval of MCDs distributed within her/his department or division. At least once a year, IT Service Center will provide Department Heads with a list of current, authorized users of MCDs in order to confirm their continued eligibility for a College issued device.
The ITSC will provide advice on the most appropriate MCD equipment, will determine appropriate plans, and will maintain overall responsibility for the distribution and billing for all MCDs. The Department/Division Head (or designee) is responsible for reviewing the monthly billing charges for MCDs provided within the Telecommunications monthly billing report and ensuring that overages, as a result of personal use, are paid by the employee. A detailed breakdown of billing charges is available from the ITSC upon request. If an employee is terminated, resigns, transfers or for any reason is no longer eligible for an MCD, the Department/Division Head (or designee) will return the MCD to the ITSC. When applicable, the ITSC may transfer the MCD to another employee within the Department/Division or to a new employee hired within ninety (90) days.
Use of MCDs for Personal Calls: Babson College provides MCDs to employees primarily for the purpose of conducting College business. However, with the recent updates to IRS regulations, the use of College owned and issued equipment to make or receive occasional, personal calls is allowed under reasonable circumstances and in the event of an emergency. Employees must realize that although personal calls made within the domestic calling region and under the usage limits provided by the employee’s plan do not result in additional charges, they do count toward the overall time limits established under the service agreement for all College employees. It is expected that the plan chosen will provide adequate coverage for all normal business needs and for any overage. Long distance or other charges realized by the employee for personal calls shall be the responsibility of the employee.
Employees who are eligible for a College owned and issued MCD may also transfer their personal phone number to the College plan in order to receive the existing College plan benefits while employed at Babson. Employee requests to transfer personal phone numbers must be approved and made in writing by the department manager before the College owned and issued MCD is ordered by ITSC, and personal phone numbers cannot be transferred after the phone has been ordered. If an employee’s personal phone number is still under contract with his or her service provider, the employee is responsible for any cancellation fees that are charged by the service provider. Upon leaving the College, it is the employee’s responsibility to transfer the personal phone number back to his or her individual plan. Please contact the ITSC for further information.
MCD Data Plans: Data plans for MCDs are provided for the purpose of conducting College business. Although personal use of data plans may not result in additional charges, it may count toward the overall limits established under a service agreement. It is expected that the plan chosen will provide adequate data coverage for all normal business needs and any overage or other added charges realized by the employee for personal use shall be the responsibility of the employee.
International Calls and Travel: Employees needing international voice and data services should contact the ITSC at x4357 or firstname.lastname@example.org at least two weeks in advance of any such need. Where possible, international voice and data services will be activated only for the duration of the travel period and will be deactivated at the end of the travel period. Whenever possible, Wi-Fi networks should be used and cellular voice/data plans reserved for special needs while traveling and when Wi-Fi is not available. International MCD voice and data coverage is not guaranteed, and it is the responsibility of the employee to determine if there is voice and data coverage in the countries that will be visited. All calls made and received, regardless of duration, and all text/media messages sent and received are charged at an additional roaming rate when traveling internationally, and the cost is the responsibility of the employee’s Department/Division. Data usage may be charged additional fees when roaming internationally, the cost of which is the responsibility of the employee’s Department/Division.
Other Costs: Employees are responsible for the costs associated with applications (apps) and media not originally included with a device. Departments may have need for additional applications beyond what is provided with basic service plans, but these costs will be billed separately.
MCD Use While Driving: Employees must comply with state and municipal laws regarding the use of MCDs while driving.
MCD Loss or Theft: Employees utilizing MCDs are required to notify Public Safety at 781-239-5555 immediately upon the loss or theft of their device. Public Safety will contact the ITSC (x4357) to ensure that all technically feasible actions are implemented to secure any confidential information on the device. If theft is suspected, employees must promptly file a police report and cooperate with law enforcement to ensure that Babson College’s interests, including its interests in preserving Personal Information, are respected and protected. For more information, please reference the Babson College Personal Information Security Plan, Adopted as of February 25, 2010 (See link on Babson Portal, https://fusionmx.babson.edu/Fusebox/index.cfm?method=Auth.DeliverPDF&intPDFID=8).
Voice and data plan billing and use patterns for College-owned MCDs is not private. The College has the right to monitor all bills. The ITSC will review the usage for employees on a regular basis to ensure the most cost effective plans are in place. The ITSC may, when required, review billing with the employee’s supervisor to confirm whether it is being used in an appropriate manner.
Employees must take into account that MCD voice transmissions are not secure and they should use discretion in relaying Personal Information and sensitive or confidential Babson College business related information over an MCD. No Personal Information shall be stored on an MCD without the express written permission of the Data Security Committee. No MCD containing Personal Information should be used during international travel.
When you use a College-issued MCD (or when you use a personal MCD for College business), you agree to certain things:
You agree to use a password on the MCD;
You agree that the College shall have the ability to “remotely wipe” the MCD;
You agree not to disable any encryption program or application required for the encryption of College e-mail;
You agree that the College may amend this policy at any time;
You agree that any email you send or receive through a MCD, whether using a College e-mail account or another e-mail account (including “personal” accounts such as Gmail, Yahoo, Hotmail, Verizon, Comcast, or the like) is subject to this Policy;
You should not consider any e-mail, contacts, calendars or other information or any pictures, music or other data sent on, received through or stored on your College-issued MCD to be private;
You agree that all business data and intellectual property (copyrighted works, trade secrets, trademarks, patents) of the College remains the property of College and are subject to the College’s Intellectual Property Policies.
MCD Program Management
The relationship with mobile communications device (MCD) providers shall be managed through the IT Service Center (ITSC). The ITSC will place all orders for MCDs and services with the contracted vendor and will take delivery of the equipment. The ITSC will negotiate all plan services and will contact employees who have ordered equipment when the hardware arrives. Employees should expect to become familiar with their MCDs through vendor documentation and website assistance. The ITSC support staff will set up the MCD for access to College email and calendar services and will provide other basic assistance as necessary. Employee monthly payments to MCD vendors will not be accepted on the employee’s College issued Procurement Card (Pcard). The ITSC will make monthly vendor payments to the appropriate MCD plan providers for all billing charges approved by the Department Heads.
There will be no automatic upgrades to newer MCD models. Standard contracts require the use of the MCD for a period not less than two years. All MCD replacements or upgrades, for whatever reason, are billed to the employee department and must have written Department Head approval. Damaged MCDs should be returned to the IT Service Center, Horn 220.
All requests for a mobile communications device (MCD) are completed utilizing the Babson College Mobile Communications Device Request Form, which is available through the IT Service Center. The form should be completed and sent to the IT Service Center, Horn 220 or email@example.com. No requests will be honored without the proper signatures. It is the responsibility of each Department Head making the request to inform the employee of the Mobile Communications Device Policy. Employees provided with a College owned MCD are required to sign an Acknowledgement of Receipt at the IT Service Center.
Revocation of MCD Privileges
Use of a College MCD is a privilege that may be revoked at any time for inappropriate conduct. Any abuse of these policies may result in revocation of MCD access and disciplinary action. All MCDs will be returned to the ITSC by the Department/Division Head (or designee) upon termination of employment or upon revocation of MCD access.
Failure to comply with this policy regarding the use of MCDs may result in disciplinary action, including but not limited to, termination of mobile device privileges and collection of any fees associated with the abuse of this policy.
President’s Cabinet or Finance & Operating Committee
Chief Financial Officer
Chief Information Officer
The following person may be approached on a routine basis in relation to this policy:
Director, IT Support Services