The University of Texas at Austin

Enterprise Whole Disk Encryption

Last Updated: March 19, 2014 @ 10:01 am
Next Review Date: 01/01/2015
Service Manager: Scott Richardson
Governance Group: None
Document Status: Published

Key Metrics

  • Service calls per month/Number of encrypted devices: 10-20%
  • Number of client installs/Number of encrypted devices: 80%

Overview

This document defines the service level agreement for Enterprise Whole Disk Encryption.

Service description

Enterprise Whole Disk Encryption provides a solution for protection of sensitive data on faculty and staff Windows, Mac OS X, and Linux computing devices. When whole-disk encryption is utilized all resident data is protected from unauthorized access, unauthorized release and tampering in the event of loss or theft of the device. This service complies with requirements for protecting computing devices as outlined in UT System Security Practice Bulletin #1.

Intended users

Enterprise whole disk encryption can be deployed by departmental IT staff for faculty and staff use.

Supported computing environment

Enterprise Whole Disk Encryption operating system compatibility and client software requirements are:

  • Windows XP SP3 (Windows Installer 4.5 is required)
  • Windows Vista SP2
  • Windows 7
  • Windows 8 and 8.1
  • Mac OS X 10.4.8 or later
  • Linux (all distributions when used with a self-encrypting drive)

Technical support

Both Tier 1 and Tier 2 technical support is available during normal business hours. Routine requests are typically addressed within one business day.

ITS strongly recommends that each subscriber's department have a designated owner/administrator for the service and at least one designated backup admin. Documentation is available for departmental owners/administrators.

Department owners/administrators will be the first line of support (Tier 1) for their end users.

Tier 1

The service departmental owners/administrators offer Tier 1 support of this service.

In cases where the end user does not have departmental support, the ITS Help Desk should be contacted at 512-475-9400.

Tier 2

Departmental support staff and the ITS Help Desk may escalate issues to Tier 2.

In the event a faculty or staff member separates from the university and leaves data locked on a university-owned device, the departmental owner/administrator should call the Help Desk.

Maintenance

The Enterprise Whole Disk Encryption service is subject to any published Networking and UDC maintenance events. There are four types of maintenance events:

Full maintenance

Full maintenance events require downtime for all components of the Enterprise Whole Disk Encryption service. Full maintenance events cause downtime for all customers of the Enterprise Whole Disk Encryption Service.

Partial maintenance

Partial maintenance events require downtime for some components of the Enterprise Whole Disk Encryption service and will be scheduled according to the existing ITS service maintenance guidelines.

Non-impactful maintenance

Non-impactful maintenance is performed routinely with no anticipated downtime for customers of the Enterprise Whole Disk Encryption service. These events will be scheduled according to the existing ITS service maintenance guidelines.

Emergency maintenance

Emergency maintenance events are scheduled as required due to security patches or unexpected failure of service components. They can cause Partial or Full outage of the Enterprise Whole Disk Encryption service. Emergency maintenance events are announced through the ITS Alerts page

All scheduled maintenance events will be published in the ITS maintenance events calendar. Departmental TSCs will be notified via email (ewde@utlists.utexas.edu) 5 days prior to any Full or Partial maintenance.

User responsibilities

Subscribers (end users) of the service and identified owners/administrators agree to be aware of and adhere to the university's Acceptable Use Policy.

Subscribers agree to:

  • Be aware of and adhere to UT System policies regarding Category-I data storage on computing devices and storage media.

  • Read encryption service documentation and training materials as applicable.

  • Allow client encryption software to be installed on devices subject to encryption policy unless approved exceptions to policy are granted through administrative processes.

  • Set and remember your encryption password as applicable.

  • Contact your departmental owner/administrator when any type of difficulties with the encryption software are encountered. If you do not know who your departmental owner/administrator is, contact the ITS Help Desk.

Departmental IT support staff agree to:

  • Be aware of and adhere to UT System policies regarding Category-I data storage on computing devices and storage media.

  • Read encryption service documentation and training materials.

  • Install the client software for end users in your department.

  • Perform administrator-side actions in a timely fashion, as required, for your department in regard to encryption security settings.

  • Provide assistance to your department's end users in the event of encryption lockout or related hardware/operating system failures.

  • Assume responsibility for keeping your department's owners/administrators contact information current and ensuring there are adequate backup personnel available.

  • Provide critical information to ITS in a timely manner, as necessary, to resolve subscriber issues.

  • Ensure that members of service encryption groups are current faculty or staff appointed to your department.

Cost of Service

Cost information for this service can be found on the Enterprise Whole Disk Encryption web site.

Trouble viewing the documents available on this page? Download the Adobe PDF Reader.

We Can Help

Get help from an expert at the ITS Help Desk!

* Call us at 512-475-9400

* Submit a help request online

We also have a walk-in service in the first floor lobby of the Flawn Academic Center (FAC). Stop by and let us help you!