Any mobile phone, tablet, laptop, or other computing device that is personally owned, including devices subsidized by the university.
U-M recognizes that those who do work on its behalf may need to access or maintain sensitive university data on their own devices. Security of Personally Owned Devices that Access or Maintain Sensitive Institutional Data (SPG 601.33) guides this use. Departments and units have discretion to prohibit this use or impose additional requirements beyond those outlined in the policy. The U-M Health System (UMHS), for example, requires those who wish to use their personally owned devices to access UMHS resources and networks to enroll those devices in the AirWatch mobile device management system. See AirWatch - Enrollment Instructions (UMHS KnowledgeBase) for details.
- If you have not been informed about implementation of SPG 601.33 within your department, do not use your own devices to work with university data without first checking with your department.
- If your department or unit has informed you that you may work with university data using your own devices, it is your responsibility and obligation to properly manage and secure your personal device(s) to reduce the risk of unauthorized access to, or disclosure, of university data.
- Institutional PCI data is not allowed on personally owned devices because it must only be processed on U-M PCI compliant networks and systems.
- Export control data is not allowed on personally owned devices due to the risks associated with it being transported abroad, or accessed by unauthorized persons. This determination was made by the Delegated Data Steward.
The U-M Safe Computing website provides tips for securing your personal devices: