View Document

User Device Security Standard

This is the current version of this document. You can provide feedback on this policy to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Purpose

(1) This document outlines minimum requirements for computers, laptops, tablets, phones or any other
devices used to:

  1. connect to the RMIT network; or
  2. access or generate data for legitimate University purposes.
Top of Page

Section 2 - Authority

(2) Authority for this document is established by the Information Technology and Security Policy.

Top of Page

Section 3 - Scope

(3) This Standard applies to all individuals who access the RMIT network or RMIT data.

Top of Page

Section 4 - Standard

Corporate (RMIT-Owned) Devices

(4) Device procurement must comply with the Business Expenses Policy.

(5) All new mobile services and devices must be arranged through ITS using the approved mobile device process.

(6) Information Technology Services (ITS) is responsible for:

  1. ensuring all new or replacement corporate mobile devices and associated services are recorded in the central register
  2. recording all changes to existing devices and services, such as reallocation to a new user, in the central register.

(7) Cost centre managers are responsible for ensuring that mobile devices and SIMs are returned by employees when they leave RMIT.

(8) Damaged devices must be repaired at an authorised service agent. Details for service agents can be obtained through ITS. Costs associated with repair are the responsibility of the owning cost centre.

(9) Lost or stolen devices must be reported immediately via the Service & Support centre.

(10) Authorised users requiring international roaming services on a University mobile device whilst travelling overseas must complete an international roaming request at least five (5) days prior to departure.

(11) RMIT Group entities may issue supplementary information to support procurement processes for corporate (RMIT owned) devices to cater for location specific requirements. 

Using a Non-RMIT Managed Device

(12) In some cases, an ITS managed device will not meet the needs of the University.  In such cases a non-RMIT managed device may be sourced and used for University purposes. 

(13) When using a non-ITS managed device (e.g. mobile or laptop) to access RMIT systems or data, users must:

  1. keep the operating system and applications up to date; most updates include security patches
  2. keep a current antivirus software version running and follow guidelines published on the ITS website for device security 
  3. keep a screen lock enabled that uses a unique authentication method, PIN, pattern or fingerprint 
  4. enable a ‘find my device’ capability and ensure it is usable if the device is lost or stolen
  5. use only Microsoft Office as the email client to access RMIT email
  6. change their RMIT account password immediately if their device is lost or stolen
  7. not store RMIT data locally on the device memory where ever possible.