Knowledgebase: Security
IT Security: BYOD (Bring Your Own Device) Security Guide
Updated: 30 April 2020 03:36 PM

BYOD (Bring Your Own Device) Security Guide

This guide is for anyone using personally owned devices such as smart phones, tablet computers, laptops, netbooks and similar equipment, to store, access, carry, transmit, receive or use private personal or University information or data, whether on an occasional or regular basis.

A note for faculty and staff: Using a personally owned device to work with institutional data is allowed however it is required by the Information & Data Classification policy that the user encrypt any devices used for this purpose and to ensure the device has endpoint protection software installed. In addition, the confidentiality agreement all staff have signed with OCAD U (see attachment) references a legal obligation to protect institutional data which staff have access to. This guide is designed to assist you in following the policy and agreement. 


It is the sole responsibility of all staff to adhere to and be in full compliance with the Information & Data Classification policy and signed Confidentiality Agreement. 

It is highly important to encrypt devices (especially laptops used for work) to be in compliance. The following are instructions for encryption for laptops, mobile devices and removable devices:

Mac OS

Windows 10



Removable Media (such as a USB key)


In addition, to be in compliance please follow these standard practices for personal devices used to access OCAD U data. If you are a student, this is what we recommend you do with any devices you use in general:

  • Keep all installed software up to date with the latest security patches.
  • Install endpoint protection software (e.g. anti-virus or anti-malware and a firewall)
  • Set and use a passcode (e.g. pin number or password) to access your device. Whenever possible, use a strong passcode. Do not share the passcode with anyone.
  • Set your device to lock automatically when the device is inactive for more than a few minutes.
  • Take appropriate physical security measures. Do not leave your device unattended.
  • Make arrangements to back up your documents.
  • Keep master copies of work documents on a University managed storage service.
  • If other members of your household use your device, ensure they cannot access University information, for example, with an additional account passcode. (Our preference is for you not to share the device with others.)
  • Organise and regularly review the information on your device. Delete copies from your device when no longer needed.
  • When you stop using your device (for example because you have replaced it) and when you leave the University’s employment, securely delete all (non-published) University information from your device.
  • Report any data breaches to
  • Configure your device to maximise its security. For example each new technology brings new enhanced security features. Take time to study and discover how to use these and decide which of them are relevant to you. 
  • Whenever possible, use remote access facilities to access information on University systems. Log out and disconnect at the end of each session.


 If you have any questions about following these guidelines for your personal device(s) please contact 


 OCAD University Confidentiality Agreement[1].pdf (562.35 KB)