Managed laptops – Whole Disk Encryption (WDE)

As per the UAS Information Security Policy and Bodleian Information Security Policy (Sections 8, Laptops – University purchased) all laptops managed through CONNECT will be protected with whole disk encryption. Laptops and users will be registered to use the central encryption service provided by IT Services. For further information on this service please see the WDE help pages.

Further help and guidance is available on the Information Security website at http://www.infosec.ox.ac.uk.

Exceptions

Where it is not practicable or appropriate to apply WDE to a laptop, departments must carry out a risk assessment and take appropriate measures such as restricting what information is stored on it.

If you require a laptop to be exempt from having Whole Disk Encryption (WDE) please complete the request form here. This link takes you to the HEAT service management tool and you will be prompted to log in using your SSO username and password. As per the Information Security policy you will be asked to provide your Head of Department (or an appropriate deputy) to authorise this request. Only once your request has been authorised will a laptop be provided without encryption or encryption removed.

 

Using devices with whole disk encryption

A PDF copy of this guidance is available here.

  • NEVER reveal your encryption passphrase to anyone. If someone else needs access to your laptop (such as a colleague or P.A.) then please contact us, as below.
  • Encryption is only effective when your laptop is properly shut down (i.e. not just in sleep) so please shut it down or hibernate it when you are moving about and not using it.
  • Please be aware that some countries have restrictions in place over the use of disk encryption. If travelling abroad you must find out well in advance if this applies to you.
  • If you manage your own laptop (rather than it being managed by CONNECT) do not perform in-place operating system upgrades without first seeking advice from the Service Desk. This does not apply to routine security updates and patches which are fine to install as normal.
  • If you forget your passphrase you will lose access to your data until a recovery token can be issued. You can find guidance for creating a good passphrase in the FAQs on http://www.it.ox.ac.uk/infosec/wde/Please note the following:
    • We will not help anyone other than you to reset your passphrase.
    • We will ask you some security questions, including information you set up when you joined CONNECT, to assure us of your identity.
    • If you cannot provide correct responses to the questions then we will we NOT be permitted to help you reset your passphrase and you will need to visit IT Services with the laptop and your University card to allow us to confirm your identity and reset your passphrase.

All questions about this service or its use must go through the Service Desk

 

 

 

 

Written by IT Services. Latest revision 20 February 2017