Information at UT Health San Antonio is stored, processed, accessed, transmitted, and managed in many ways. While the use of desktop and laptop computers has remained relatively unchanges over the years, the use of smartphones and tablet computers to access data and perform tasks has steadily increased. Increased mobility has many advantages, but these smaller devices introduce issues not experienced by traditional computing – ease of theft and data loss are the two greatest.
Mobile device management (MDM) is designed to protect the University and its customers in the event a device is lost or stolen, and is required in accordance with Handbook of Operating Procedures 5.8.12 (Mobile Device and Personally Owned Computing Policy). If a department determines a device cannot or must not be encrypted or enrolled in mobile device management, steps must be taken to ensure that device does not represent a threat to the university, and a mobile device management exemption must be requested. These exemptions must be approved by the Director of Infrastructure and Security Engineering. Exemptions are granted based on a justifiable, verifiable business case, including appropriate documentation. Any exemptions that are granted will be for a maximum of one year, must be reviewed for changing circumstances, and must be renewed. Additionally, exemptions are considered on a per-device basis, with one request per device; bulk exemption requests will not be considered.
In cases where MDM cannot be implemented, an exemption must be requested. Exemptions are granted on validated business cases, with explanations why ITSM support cannot fulfill the need.
The overall exemption process is as follows:
- Requester gathers and provides documentation justifying the exemption (see list below)
- Requester submits request for exemption using the online exemption request form.
- The Director of Infrastructure and Security Engineering makes the decision
- The Director of Infrastructure and Security Engineering communicates the decision
- Denial – notify the requester with an explanation for denial
- Approval – notify requester, assign expiration date
Supporting documentation for the exemption request includes, but isn’t limited to:
- Information for user and device needing MDM exemption
- Individual identifier for the device if single system
- Owning department, along with responsible personnel (dean/director/chair, requester, etc.)
Note: If you are not able to access the online form, download the form to your computer by right-clicking on this link: Exemption Request Form
- Internet Explorer – “Save Target As …”
- Firefox – “Save Link As …”
- Chrome – “Save link as …”
1. Download the form to your computer (requires Microsoft Excel 2007 or later)
2. Read tab “1-Instructions Page”
3. Fill out tab “2-General Form”
4. Fill out tab “Mobile Device Mgmt”
5. Begin collecting the necessary signatures
For more information regarding mobile device management and the exemption process, please contact Information Security at grc@uthscsa.edu, or the Information Security Hotline at 210-567-0707.