Service Alerts (1 New)

Enterprise Whole Disk Encryption

Service Level Agreement

The University of Texas at Austin
Effective Date: 7/1/2008
Last Edited: 5/1/2008

Score

Rate Service Rate Service
Customer Satisfaction Score Customer rating bar graph of 3.0 3.0


Service Manager Score Service Manager rating bar graph of 5.0 5.0


Overview

The Enterprise Whole-Disk Encryption service is for UT Austin faculty and staff who must carry sensitive data on their Windows Vista or XP laptops or tablets. Whole-disk encryption is used to protect data on a portable computing device in the event that the device is lost or stolen. It does not protect data once the user boots the encrypted device. At that point, authentication mechanisms, firewalls and secure network connections are necessary for data protection.

Review Process

This document defines the practices that Information Technology Services (ITS) will use for the Enterprise Whole Disk Encryption service. The details of this document may be reviewed and amended as required, or at least annually, to accurately reflect business and service needs.

Time Conventions

Unless otherwise indicated, business hours are from 8 a.m. to 5 p.m., Monday through Friday, excluding holidays and reduced schedule days.

Scope

The following user communities at the university are the intended recipients for the Enterprise Whole Disk Encryption service: Faculty, Staff.

Service Criticality

This service has been identified as Important, based on the ITS Critical Services Assessment Criteria. Please refer to the Critical Services Assessment Criteria for more information on the assessment methodology.

Service Description

The Enterprise Whole-Disk Encryption Service includes:
- Online service request and account management
- Client software
- Support for owners/administrators from the WES team
The service provides encryption for "data at rest." All data, including the operating system, remains encrypted when the computer is off. (Please note that computers are not protected if they are in sleep or standby mode). The service protects sensitive data from access by an unauthorized person if a device is lost or stolen. The service does not provide any type of backup for data files.

Supported Computing Environment

Currently, the service is only supported for laptops or tablets using Windows XP or Windows Vista operating systems. It is possible that other operating systems will be supported in future versions of the service. ITS will update the university community if support for non-Windows systems becomes available.
For the latest information on tested systems and a complete list of supported procedures, refer to the ITS Web site: http://www.utexas.edu/its/encrypt.

Technical Support

ITS strongly recommends that each subscriber's department should have a designated departmental owner/administrator for the service. It is strongly suggested that this person should have at least one backup. Documentation is available for departmental owners/administrators.
These owners/administrators will be the first line of support (Tier 1) for subscribers.

Tier 1 Support

The service departmental owners/administrators offer Tier 1 support for end-user problems.
In cases where the end user does not have departmental support, the ITS Help Desk will facilitate the process by serving as the service departmental owner/administrator until one is designated within the department.
Routine requests are typically addressed within one business day.
In cases where an end user cannot locate the departmental owner/administrator contact information, the ITS Help Desk can give that information to the end user during business hours at:
- http://www.utexas.edu/its/help
- 512-475-9400
If the user has successfully logged in to the client software and is having other issues, the ITS Help Desk will assist with basic troubleshooting.

Tier 2 Support

Issues that cannot be resolved by the Help Desk or departmental owner/administrator are escalated to Tier 2 by the Help Desk.
The Systems-Windows Enterprise Solutions (WES) team offers Tier 2 support.
Tier 2 support is available 8:00 a.m. to 5:00 p.m., Monday through Friday, excluding holidays and reduced schedule days.
Routine requests are typically addressed within one business day.
End users always start with Tier 1, which is basic support. Tier 2 is the second support level and is reserved for more complex issues. Departmental desktop support staff and the ITS Help Desk may escalate issues to Tier 2.

Recovering data from a locked device protected by the service in the event of separation from the university

If a faculty or staff member separates from the university, leaving data locked on a university -owned laptop or tablet, the departmental owner/administrator should call the Help Desk.
Additional information and technical support topics can be found in the online documentation.

Service Availability

This section provides information about the normal schedule of times when the service is available, the times specified for scheduled maintenance, and defines expectations for reporting service problems and changes.

Normal Service Availability

The service is designed to be available for customer use 24-hours-per-day, seven days-per-week, 365 days-per-year (24x7x365) excluding scheduled maintenance times.

Scheduled Maintenance

Scheduled maintenance for the Enterprise Whole Disk Encryption service is essential for upgrades and to maintain security, and may occur every Sunday from midnight until 6 a.m. The portable device may not be able to sync with the server to receive upgrades or patches during the scheduled maintenance periods.

Problem Reporting and Change Notification

ITS will notify customers using the ITS Services Status page of service availability and service delivery issues for the Enterprise Whole Disk Encryption. To the maximum extent possible, installation of service, application, and security updates will be performed during scheduled maintenance.

Key Service Indicators

List of Metrics/Measures

Systems-WES will measure the ease of encrypting a machine with the client software in the following way:
- The number of machines that have the client software installed compared to the number of machines that are encrypted using the tool.
The Help Desk will measure the ease of use of service in the following way:
- The number of support calls within a month for whole-disk encryption service compared to the number of encrypted devices. The goal is a range of 10-20% encrypted devices will need support.

Service Report Card

ITS will publish performance for this service in the public ITS Services Report Card.

Other Party Responsibilities

In addition to the services provided by ITS, subscribers (users) of the service and identified owners/administrators agree to certain important responsibilities. All parties agree to be aware of and adhere to the university's Acceptable Use Policy.

User/Subscriber Responsibilities

Subscriber agrees to:
- Be aware of and adhere to UT System policies regarding Category-I data storage on portable devices.
- Read the whole-disk encryption documentation and training materials.
- Install the client software - unless you do not have administrative privileges for your machine.
- Set and remember your encryption password.
- Set and remember your encryption identity questions.
- Contact your departmental owner/administrator when you have any type of difficulties with the encryption software. If you do not know who your departmental owner/administrator is, contact the Help Desk.
- Be aware of and adhere to the university's Acceptable Use Policy.

Departmental Owner/Administrator Responsibilities

Departmental Owner/Administrator agrees to:
- Be aware of and adhere to UT System policies regarding Category-I data storage on portable devices.
- Be aware of and adhere to the university's Acceptable Use Policy.
- Read the whole-disk encryption documentation and training materials .
- Install the client software if a user in your department does not administrative privileges.
- Perform administrator-side actions regarding applying whole-disk encryption security settings to client machines in the department(s) in a timely fashion.
- Provide assistance to users in their departments in the event of lockout or hardware/operating system failure.
- Assume responsibility for keeping contact information for their department's owners/administrators current and ensure that there are adequate backups.
- Provide critical information to ITS in a timely manner when needed to resolve subscriber issues.
- Ensure that the members of your encryption group are current faculty or staff appointed to your department.

Cost of Service

Currently, the service is funded for the 2007-2008, and 2008-2009 fiscal years.

Trouble viewing the documents available on this page? Download the Adobe PDF Reader.