All equipment purchased with Dartmouth funding must comply with Dartmouth Information Security Policy and Dartmouth Information Technology Policy to ensure that the user is securing the device adequately and maintaining operating system and client updates. Dartmouth equipment programs (CAP, DoF) provide the protection services that meet all security and IT requirements.
Client's requesting to opt-out of Dartmouth's protection services will be required to submit a Compliance Assertion form and agree with the statement of Accepted Risks and Service Levels. Supervisor sign-off and Dartmouth Information Security sign-off will be required.
Accepted Risks and Service Levels
By submitting this assertion, Client agrees to:
- Confirm they are authorized to decline Dartmouth protection services and accept risk on behalf of the business unit.
- Acknowledge that in declining protection services, the device will be subject to a reduced service level and receive limited and lower priority support, subject to service fees where applicable..
- Comply with Dartmouth policies, including the Dartmouth Information Security Policy, by implementing controls including but not limited to:
- Encrypt the hard drive (using solutions like BitLocker or FileVault) and maintain the encryption key in a secure password protected location.
- Procure, install, and maintain anti-virus/anti-malware software on the device.
- Maintain OS and applications versions to remain current and in compliance with Dartmouth supported operating systems.
- Acknowledge that if the device is found to be vulnerable to exploitation or running insecure software, it will be removed from the Dartmouth network.