IT Equipment and Remote Worker Policy (IT 100-005)

1.0 Purpose

The purpose of this policy is to establish the equipment standards and security requirements for employees who conduct official Baker College business, particularly those who work remotely. This policy ensures the protection of Baker College resources, data, and communications from cybersecurity threats by enforcing secure access methods and device usage guidelines. It supports the College’s commitment to data security, operational continuity, and regulatory compliance.

2.0 Definitions

Baker-Owned Devices - Laptops, tablets, mobile phones, or other computing devices issued by Baker College and configured with the necessary security controls.

Data - All information, recorded in any format, that is collected, created, generated, held, legally filed, owned, received, shared, or stored by Baker College. Data can exist in any tangible format, including but not limited to electronic and physical documents and communications, film and print graphics, and audio and video recordings. 

Hybrid Work - Job functions that may be performed on or off campus. Employees may spend a portion of their week at an off-campus location and may not have personally assigned dedicated on-campus workstations. 

On-site Job Functions - Job functions performed on campus. Employees spend all, or the majority, of their time working from a campus location. 

Personal Device - A computer, laptop, tablet, smartphone, or similar device that is not owned by Baker College.

Public Wi-Fi - Any wireless network that is freely available to the public.

Remote Job Functions - Job functions that can be effectively performed entirely off campus. Remote employees will not have personally assigned on-campus workstations. 

Remote Worker - Any Baker College employee who accesses Baker resources while traveling or working from a location outside of Baker facilities.

Virtual Private Network (VPN) - A VPN establishes a secure, encrypted tunnel between a user’s device and a remote system or network, simulating the experience of a private, dedicated connection. It is essential for protecting data transmissions over untrusted networks (e.g., public Wi-Fi) and enabling secure access to internal systems from remote locations.

3.0 Scope

This policy applies to all Baker College employees, including faculty, staff, student workers, contractors, and volunteers, who are issued IT equipment by the College or who access Baker College systems and resources while working remotely or traveling. It governs the use, security, and management of College-issued devices, as well as expectations for personal device use in limited contexts.

The policy outlines responsibilities related to secure access, data handling, equipment usage, and compliance with security standards. It also identifies the types of equipment that may be provided by the College, conditions for reimbursement, and requirements for maintaining security updates and connectivity.

4.0 Policy Statement

Device Usage

When issued a Baker-owned device, you are required to use it for all interactions with Baker systems. These devices are equipped with critical security controls, including up-to-date security patches, endpoint protection, device encryption, and encrypted VPN tunnels for secure access to on-premises resources. Employees, such as adjunct faculty, who are not issued a Baker-owned device are expected to have compatible equipment to perform their job role. While cloud resources are accessible on personal devices for convenience, it is your responsibility to maintain physical and digital security on those devices. However, storing files from cloud resources to a personal device is strictly prohibited. This policy exists to protect sensitive data and ensure compliance with security standards. 

Data Storage

Employees are prohibited from storing Baker College data or documents on unauthorized personal devices or cloud services. Any Baker College data stored on personal devices must be permanently deleted after work is completed.

Network Security

When working from home, employees must have secured home networks, including encrypted password-protected Wi-Fi networks. When a secure private network is unavailable, employees should utilize a secured personal mobile hotspot as a first choice.

The use of public Wi-Fi for work-related activities is strictly prohibited, except when connected through one of Baker's full tunnel VPN groups. A Baker College full tunnel VPN ensures all online activity, browsing, emails, and downloads are encrypted. This provides strong protection against hackers and other malicious actors, which is crucial on vulnerable public Wi-Fi networks. The use of a Baker College VPN significantly reduces the risk of data interception and unauthorized access to sensitive information.

Software and Security Updates

To minimize risk from security vulnerabilities, additional software or equipment will only be installed on Baker College devices based upon job requirements and the ability to manage updates through endpoint management systems, and will be subject to the appropriate budget and leadership approval. Per federal security requirements (GLBA), only Baker College-owned and managed software will be installed on Baker College-issued equipment. Remote and mobile workers must connect their equipment to the Internet at a minimum of once per month to ensure appropriate certificates, software, and security upgrades are completed in a timely manner. 

Baker College Provided Equipment

Baker College provided equipment is chosen by Baker College and contracted with our vendor partners. These devices are subject to change due to availability, pricing, and updates. Approval by HR and IT leadership is required for any additional equipment or exceptions. Special equipment requests must be facilitated by IT.

• Adjunct Faculty / Work-study / Other student workers: 
  • No equipment will be provided. Campuses may have designated shared workstations.
• Full-time Employee / Part-time Staff:
  • On-site:
  • Laptop with docking station, or a desktop in the case of a shared computer
  • Monitor(s) (as needed, maximum of 2)
  • Keyboard
  • Mouse
  • Headset
• Hybrid: Employees classified as hybrid receive devices approved for the on-site setup and are to use their laptop when working remotely. No additional equipment will be provided. 
• Remote:
  • Laptop
  • Headset
  • Additional equipment up to the standard On-site configuration per HR and IT approval.

Equipment issued by Baker College is owned by the college and must be returned upon departure from the college.

Remote Worker Obtained Equipment

Hybrid and remote workers may purchase accessories (e.g., monitors, keyboards) for their remote workspaces. Baker College will not reimburse employees for personal equipment purchases. IT will only provide support for laptops and software supplied and/or sanctioned by Baker College. IT reserves the right to request that devices be brought or shipped to campus if remote support is insufficient to resolve technical issues.

Personal printers will not be installed, as workflows are mainly paperless. If documents need to be printed, employees should do so on secure printers at a campus location. 

If an unexpected workflow causes an immediate need for printing, utilize the "Print to PDF" function. If a document requires a signature, use a digital one.

5.0 Procedures

The following procedures apply to all employees using Baker College IT equipment or accessing College resources remotely:

Secure Remote Access

• If public Wi-Fi must be used, employees are required to connect through the Baker College Full Tunnel VPN to ensure encrypted access and data protection.

Use of Baker-Owned Devices

• Employees issued a Baker-owned device must use that device for all access to Baker College systems, data, and communications.
• Devices must be connected to the Internet at least once per month to receive essential updates, including system patches, endpoint protection updates, digital certificates, and security upgrades.
• Any additional software or hardware installed on a Baker-owned device must be approved by the IT department and be necessary for the employee's job function.

Reporting Security Incidents

• Employees must immediately report any suspected or confirmed security incident to the IT department, including:
  • Lost or stolen devices
  • Unauthorized access attempts
  • Suspected data breaches or malware activity

6.0 Responsibilities

Employees with Issued Equipment

• Adhere to this policy and all other Baker College security policies.
• Use only Baker-owned devices for work purposes.
• Establish a Baker College VPN connection before accessing Baker resources over untrusted networks.
• Report security incidents immediately to IT.
• Procure reliable Internet service for remote work. 

Employees without Issued Equipment

• Adhere to this policy and all other Baker College security policies.
• Use only secure updated devices for work purposes.
• Report security incidents immediately to IT.
• Procure reliable Internet service for remote work. 

IT Department

• Configure and maintain security controls on Baker-owned devices.
• Ensure all Baker-owned devices are configured with up-to-date security controls, including firewalls, endpoint detection and response (EDR) tools, and device encryption.
• Monitor and enforce compliance with remote work security policies.
• Provide training and guidance on secure remote work practices.
• Conduct periodic compliance audits to ensure adherence to remote work security policies.
• Provide remote support for remote work technologies where practicable. 

Departmental Management

• Ensure employees understand and comply with this policy.
• Support enforcement measures to mitigate risks associated with remote work.

7.0 Citations & Related Information

Document A: Baker College Acceptable Use Policy

Document B: NIST CyberSecurity Framework V2 (PR.AA-02, PR.AA-03, PR.AA-05, PR.IR-01, PS.DS-02)1