Policies: OIT Support and Device Security

Last Updated: August 11, 2014
  1. Indemnification and Limitation of Liability
  2. Bring-Your-Own-Device (BYOD)
  3. Enforcement
  4. Updates to These Policies

Indemnification and Limitation of Liability

  1. You agree that maintaining the security of your device and all data that may be stored on it at any time is solely your responsibility.
  2. You agree that maintaining compliance with all University of Maryland Baltimore (UMB) and UMB School of Dentistry (SOD) data security policies including but not limited to HIPAA, FERPA, Personally Identifiable Information (PII) compliance, and Protected Health Information (PHI) compliance is solely your responsibility, and you agree to accept sole responsibility for any breaches of such policies involving your device.
  3. You agree to register with the SOD Office of Information Technology (OIT) any device that you may use to access protected data under these aforementioned data security policies. Registration must include providing the following information to an authorized OIT employee, at a minimum:
    • Name and type (laptop, desktop, mobile phone, tablet, etc.) of device;
    • Serial number or equivalent unique identifier of device;
    • Device phone number, if applicable;
    • Your confirmation that your device is secured according to SOD data security policies. This statement will constitute a legally binding affidavit that your device is in compliance and that you will maintain this device's compliance for the duration of your affiliation with SOD.
  4. OIT and UMB are not responsible for any changes or damages to your device at any time, past, present, or future, or for any reason, or under any circumstances whatsoever. This includes, but is not limited to:
    • Any data or files stored on your computer;
    • Any media or other electronic devices connected to or held in your device;
    • Any impact upon warranty coverage or guarantees (if any) for your device;
    • Any security concerns including but not limited to password protection, encryption, PII, PHI, HIPAA/FERPA compliance, etc., on your device;
    • Any damage, loss, disclosure, alteration, or corruption of software or physical hardware of your device;
    • Any performance changes or unexpected impacts of any actions involving your device, including but not limited to software no longer working as expected;
    • Any unexpected behavior not specified above.
  5. OIT is not responsible for providing any temporary or permanent replacement for your device for any reason whatsoever.
  6. OIT does not guarantee any service for any reasons and does not promise or guarantee any resolution of any kind for any problems, concerns, or issues stated or unstated to OIT regarding your device.
  7. OIT reserves the right to refuse service to anyone at any time and for any reason.
  8. OIT is not required or obligated to install or provide assistance in installing software on your device to assist in compliance.
  9. OIT is not responsible for any costs incurred by you in the process of establishing or maintaining compliance with these policies.
  10. You agree to indemnify, defend, and hold harmless UMB, SOD, OIT, and all employees, past, present, and future, from and against any actions of any type or nature concerning your device.
  11. Accessing any UMB and SOD resources that may contain protected data constitutes your acceptance of these policies.
  12. If you do not agree to these policies, you must refrain from using your devices to access any UMB and SOD resources that may include access to protected data.

Bring-Your-Own-Device (BYOD)

  1. For devices covered under the SOD Bring Your Own Device (BYOD) initiative, support from OIT staff will be explicitly limited to non-binding and non-guaranteed advice and verbal guidance for the following:
    • Connection to UMB-managed wireless (Wi-Fi) networks, i.e. Eduroam;
    • Installation of UMB-provided VPN software;
    • Configuration of UMB-provided VPN software to connect to SOD resources;
    • Configuration of operating-system-included remote desktop software to connect to SOD resources.
  2. OIT is not required to provide any further assistance if user is unable to follow any guidance provided or if any guidance provided does not produce expected results.
  3. All advice, guidance, suggestions, etc. provided by OIT staff are provided with NO warranty and NO guarantee of any kind, as outlined under Indemnification and Limitation of Liability above.
  4. OIT disclaims all responsibility for BYOD devices as outlined under Indemnification and Limitation of Liability above.
  5. Your use of OIT services constitutes acceptance of the above limitations and disclaimers.

Enforcement

  1. You must be able to demonstrate your device's compliance with all security policies on demand of any OIT employee.
  2. You agree to permit OIT to maintain compliance logs, including but not limited to: dates of compliance request, devices checked, names of user and compliance evaluator(s), compliance status, actions taken, and other data OIT may deem relevant to monitoring policy compliance.
  3. Failure to demonstrate compliance on demand may result in sanctions and disciplinary action up to and including, but not limited to, forfeiture of access to any resources that may include protected data, confiscation of non-compliant devices, and suspension or termination of employment/enrollment.

Updates to These Policies

  1. OIT may periodically make revisions to these policies and reserves the right to do so at any time without notice to you.
  2. Your continuing use of protected data resources as outlined above will constitute your acceptance of these revisions.
  3. You are encouraged to regularly review these policies to monitor your compliance.
Back to Guides