To strengthen cybersecurity and compliance, ANR sets new policy for computer and electronic device purchases
In 2017, ANR learned valuable lessons amid events within the UC Office of the President making necessary our examination of policy and procedures regarding University-purchased portable electronics. As you know, in December 2017, we placed a moratorium on the purchase of electronic devices while we conducted that review. Thank you for your patience during this process. Now that the policy review and the development of compliance standards are completed, we are lifting the moratorium. Let me advise you of the changes in policy and plans for UC ANR's Endpoint Security Management Initiative.
UC Systemwide Policy G-46 Scope
UC Systemwide Policy G-46establishes requirements for the use of University-purchased cellular phones and other portable electronic equipment and outlines the appropriate circumstances for purchasing these resources, specifically cell phones, MiFi's and tablets (e.g. Kindles, Androids & iPads). This does not include tablet PCs, running full versions of desktop operating systems, laptops, or laptops that can be converted to a tablet mode (e.g. Surface Pro, Notebooks, ThinkPads).
UC ANR Employee Eligibility Form for University-Provided Electronic Device (ANR G-46 Eligibility) If an employee requires a portable electronic resource and providing that resource represents a reasonable use of public funds, the Department (Unit) Head can authorize the purchase using the criteria within the ANR G-46 Eligibility Form.
ANR has determined that due to the inherent program delivery focus of certain ANR positions, the ANR G-46 Eligibility form is not required for UC ANR Advisors, Academic Coordinators/Administrators, ANR-based Cooperative Extension Specialists and Community Education Specialists.
UC ANR Employee Agreement Form for University-Provided Electronic Device (ANR G-46 Agreement) Prior to receiving a portable electronic device, all employees must sign a usage agreement acknowledging that the primary use of the resource(s) will be for official University business and that any personal use of the resources will be incidental in nature. This requirement applies to UC ANR Advisors, Academic Coordinators/Administrator, ANR-based Cooperative Extension Specialists and Community Education Specialists.
Currently the Controller's Office is piloting a web-based software to coordinate completion, tracking and storage of the new ANR forms. In support of our strategic goals to streamline administrative functions and modernize technology, we plan to make ANR G-46 Eligibility and G-46 Agreement forms part of this pilot. More information will be forthcoming in June. In the meantime, please use the paper forms found at the bottom of this page. There are FAQs within the G-46 policy describing preferred rate plans, approved vendors and other specifics regarding the purchase and use of cell phones, Mi-Fi's and tablets located here.
If you have questions about policy, contact Robin Sanchez, Controller's Office (firstname.lastname@example.org). If you have questions about ordering a cell-phone, Mi-Fi or tablet, please contact either Emily LaRue, BOC-K (email@example.com) or Sally Harmsworth, BOC-D (firstname.lastname@example.org).
The purposes of the above changes are to bring ANR into compliance with UC Systemwide policy and protect our academics and staff from incurring imputed income. Similarly, UC ANR's Endpoint Security Management Initiative is meant, in part, to comply with UC Systemwide IS-3 Cybersecurity policy. IS-3 will shield ANR staff and academics from external threats such as ransomware, information and privacy breaches, and data loss that could jeopardize our mission of public service, research, and education. What follows are details of the Initiative's goals and standards.
ANR Endpoint Security Management Initiative
In order to strengthen our cybersecurity posture and to comply with UC Systemwide IS-3 cybersecurity policy, ANR is launching an Endpoint Security Management Initiative covering all ANR-owned computers. The objectives of this initiative are:
- To better protect UC ANR-owned IT assets (hardware, software, data) via prevention, threat identification and detection.
- To automate computer updates and patch critical cybersecurity vulnerabilities in a timely manner to mitigate risks.
- To ensure computer security software is installed and updated to protect UC ANR-owned computers and data.
As a key component of this initiative, the ANR IT department will coordinate the computer procurement process and ANR will standardize on several Dell Latitude laptop and OptiPlex desktop computer models. All new computer purchase requests will be initiated using the ANR IT Help Desk ticketing system. ANR IT staff will consult with end users to determine appropriate laptop or desktop computer models to be ordered and will coordinate the placement of computer orders via the UC Davis AggieBuy system. New computers will be delivered to the ANR IT department in Davis to be configured and appropriate cybersecurity software installed before being shipped to the end user's location.
New ANR Procedure for Ordering Laptops and Desktop Computers
Effective immediately, all requests for laptop and desktop computer orders charged to ANR funds must be routed to the ANR IT department via the IT ticketing system. Due to ANR cybersecurity requirements, the use of UC purchasing cards or personal funds to purchase ANR-owned computers is no longer allowed.
(1) The end user will create a ticket in the ANR IT Ticketing System identifying the type of laptop or desktop computer to be purchased. The IT Ticketing System can be accessed in the ANR Portal via the “IT Help” button.
(2) As necessary, IT staff will consult with the end user to determine the appropriate laptop/desktop computer model and needed specifications. As part of this process, the end user will be provided an “ANR Computer Purchase Request Form.”
(3) The end user will complete and obtain unit financial approval on the “ANR Computer Purchase Request Form,” then upload the form to the IT ticket.
(4) The ANR IT department will place the order through AggieBuy and upload the "ANR Computer Purchase Request Form" as supporting documentation.
- The shipping location will be designated as the ANR IT department in Davis.
- As orders are entered into AggieBuy, standard ANR financial approval routing will occur.
(5) The ANR IT department will receive new computer equipment and provide appropriate ANR imaging and encryption and will then ship the equipment to the end user's unit location.
Detailed information on the ANR Endpoint Security Management Initiative and the ordering procedures will be posted on the ANR IT website by May 15. If you have questions about this initiative, please contact Tolgay Kizilelma, email@example.com.
Associate Vice President - Business Operations
View or leave comments for ANR Leadership at http://ucanr.edu/sites/ANRUpdate/Comments.
This announcement is also posted and archived on the ANR Update pages