6300. Mobile Technology

Approval: Connie Lambert-Eckel, Assistant Secretary

Original Date:      October 1, 2016

Revised Date:      June 7, 2018

Policy Review:     June 7, 2021


Purpose

Mobile devices are an essential tool for Children’s Administration (CA) staff to securely access and record information, contact emergency services, and improve communication wherever state business is conducted. This policy sets forth requirements for the assignment, maintenance, use and monitoring of state-issued mobile devices including:

  • Smartphones
  • Air cards
  • Tablets/Laptops

Scope

This policy applies to CA staff using a state-issued mobile device. 

Laws

Directive by the Governor 11-18

RCW 42.52 Ethics in Public Services

RCW 42.56.100 Protection of public records – public access

RCW 42.56.420 Security

RCW 42.56.590 Notice of Security Breaches

RCW 46.61.667 Use of Wireless Communication Device While Driving

RCW 46.61.668 Use of Wireless Communication Device While Driving

RCW 13.50  Keeping and Release of Records By Juvenile Justice or Care Agencies

Policy

  1. Issuing, Managing, Using and Returning Mobile Devices
    1. The DSHS assistant secretary or designee will implement the requirements of this policy for staff per Administrative Policy 15.10.
    2. CA staff will:
      1. Review Administrative policies 05.05, 15.15 and 18.64, and IT Security Policy 5.2.5 when assigned a mobile device and complete the following trainings on the DSHS Learning Management System (LMS):
        1. Mobile device training
        2. DSHS – IT Security Online Training course
      2. Complete the DSHS Mobile Device Request and Approval form DSHS 17-212, and provide the form to their supervisor to request a mobile device
      3. Only use a mobile device during regularly scheduled work hours, when on-call, during approved overtime hours or during an emergency situation. Refer to Administrative policies 18.80 Teleworking (if applicable), and 18-28 Compensation.
      4. Use a mobile device only to conduct state business that is related to official state duties (emails, texts, taking photos, applications (apps), etc).Follow DSHS Administrative Policies No. 15.15 Use of Electronic Messaging and the Internet and No. 18.64 Standards of Ethical Conduct for Employees.
      5. Keep mobile device secure at all times. Devices must not be left unattended in the view of the public. Follow Administrative Policy No. 14.22 Use of State-Issued Mobile Devices.
      6. Connect a state-issued phone only to another state-issued devices.
      7. May not use personally owned devices for business purposes.
      8. Return state owned mobile devices to their supervisor immediately when the employee leaves their position or is no longer an authorized mobile device user.
      9. When accessing a Wi-Fi connection:
        1. Use the state-issued device hotspot only with a state-issued device.
        2. Connect state-issued devices only to DSHS email systems or accounts. Accessing non-DSHS sites for entertainment or personal use is strictly prohibited.
        3. Staff may access any available Wi-Fi, staff may not use Wi-Fi available through a client or caregiver.
      10. Complete all of the following when a mobile device is known or suspected to be lost or stolen:
        1. Immediately notify the CA IT security at caitsecurity@dshs.wa.gov 
        2. Report a stolen mobile device to local law enforcement and obtain a copy of the law enforcement report.
        3. Complete a Loss of Public Funds, Assets, or Illegal Activity Report form DSHS 17-169 located on the CA intranet forms site.
        4. Report a lost or stolen mobile device to their supervisor.
        5. Submit copies of the law enforcement report and the Loss of Public Funds, Assets, or Illegal Activity Report form DSHS 17-169 to CA IT Security at caitsecurity@dshs.wa.gov.
    3. The CA supervisor must:
      1. Review Administrative policies 05.05, 15.15 and 18.64, and IT Security Policy 5.2.5 with new CA staff who have access to electronic messaging systems or the internet, and ensure he or she received the mobile device training on the DSHS Learning Management System (LMS) and the DSHS – IT Security Online Training course.
      2. Submit the completed DSHS Mobile Device Request and Approval form DSHS 17-212 and the Remote Access Request and Agreement form DSHS 03-443 to:
        1. DSHS Human Resources Division.
        2. The regional operations manager, and
        3. HELP300@DSHS.WA.GOV.
      3. Obtain annually, the signed Remote Access Request and Agreement form DSHS 03-443 for any staff needing remote access.
      4. When a mobile device is stolen, ensure a law enforcement report is made and a copy of the law enforcement report is sent to caitsecurity@dshs.wa.gov.
      5. Complete an Administrative Incident Reporting System (AIRS) report when any client information is lost or a mobile device is lost or stolen.
      6. Report all unauthorized use of mobile devices to their appointing authority.
      7. Return the mobile device to the regional operations manager when an employee leaves their position or is no longer authorized to use a state issued mobile device.
    4. The regional operations manager must:
      1. Ensure fiscal and Children’s Administration Technology Services (CATS) director signatures are obtained and submit request to the Regional Business Center (RBC) for procurement.
      2. Coordinate with CATS to deliver and set-up device.
      3. Document asset tag number and serial number into Asset Management System.
      4. Notify the RBC of returned device.
    5. CATS staff must:
      1. Follow DSHS Administrative Policies 14.22 Procurement and Management of State-Issued Wireless Devices for issuing, managing, and returning mobile devices and 14.07 Control of Capital Assets.
      2. Assign, secure and monitor mobile devices, and provide user education and support.
      3. Authorize applications known as “apps” on mobile devices.
      4. Manage the device functionality, security, applications and software.
      5. Verify smartphone set-up is complete and staff is trained on use.
      6. Monitor the data including but not limited to internet use, email, messaging, documents, image files and videos, application use, geolocations, device system data and the meta-data associated with files and applications.
      7. Encrypt devices with DSHS compliance standards.
      8. Immediately send the Loss of Public Funds, Assets, or Illegal Activity Report form DSHS 17-169 report when a device is lost, stolen or damaged to Operations Review and Consultation (ORC). Follow Office of the Chief Information Officer 143 Security Incident Communication, DSHS Administrative Policy No. 16.10 Reporting the Loss of Public Assets to the State Auditor’s Office and Administrative Policy No. 14.07 Control of Capital Assets.

Forms

  • Remote Access Request and Agreement form DSHS 03-443
  • DSHS Mobile Device Request and Approval form DSHS 17-212
  • Loss of Public Assets, or Illegal Activity Report form DSHS 17-169

Resources