As per the UAS Information Security Policy and Bodleian Information Security Policy (Sections 8, Laptops – University purchased) all laptops managed through CONNECT will be protected with whole disk encryption. Laptops and users will be registered to use the central encryption service provided by IT Services. For further information on this service please see the whole disk encryption help pages.
Further help and guidance is available on the Information Security website at http://www.infosec.ox.ac.uk.
Where it is not practicable or appropriate to apply WDE to a laptop, departments must carry out a risk assessment and take appropriate measures such as restricting what information is stored on it.
If you require a laptop to be exempt from having Whole Disk Encryption (WDE) please
complete the request form. This link takes you to the HEAT service management tool and you will be prompted to log in using your SSO username and password. As per the Information Security policy you will be asked to provide your Head of Department (or an appropriate deputy) to authorise this request. Only once your request has been authorised will a laptop be provided without encryption or encryption removed.
Using devices with whole disk encryption
- NEVER reveal your encryption passphrase to anyone. If someone else needs access to your laptop (such as a colleague or P.A.) then please contact us, as below.
- Encryption is only effective when your laptop is properly shut down (i.e. not just in sleep) so please shut it down or hibernate it when you are moving about and not using it.
- Please be aware that some countries have restrictions in place over the use of disk encryption. If traveling abroad you must find out well in advance if this applies to you.
- If you manage your own laptop (rather than it being managed by CONNECT) do not perform in-place operating system upgrades without first seeking advice from the Service Desk. This does not apply to routine security updates and patches which are fine to install as normal.
If you forget your passphrase you will lose access to your data until a recovery token can be issued. You can find guidance for creating a good passphrase in the FAQs on http://www.it.ox.ac.uk/infosec/wde/. Please note the following:
- We will not help anyone other than you to reset your passphrase.
- We will ask you some security questions, including information you set up when you joined CONNECT, to assure us of your identity.
- If you cannot provide correct responses to the questions then we will we NOT be permitted to help you reset your passphrase and you will need to visit IT Services with the laptop and your University card to allow us to confirm your identity and reset your passphrase.
All questions about this service or its use must go through the Service Desk