Boston University is going to use Microsoft Group Policy to configure a 15-minute screen lock on Medical Campus computers. This change will not be implemented for classroom computers because they are not used to access, process, or store non-public data.
Why implement screen lock?
The BU Data Protection Standards require all computers handling non-public data (Internal, Confidential, and Restricted Use data) to lock the screen when not in use for a few minutes. Since the maximum amount is 15 minutes, we are setting the configuration to 15 minutes.
BU Policy, designed to comply with state and federal law, requires screen lock because disk encryption is only effective when the computer is powered off or when the screen is locked.
What else does BU Policy require?
There are several requirements, but these are the basics for desktops, laptops, and phones:
- Operating System and applications that are supported and regularly updated
- Anti-malware installed and set to auto update and scan
- Disk encryption (only required for Restricted Use data)
- Auto screen lock
Will screen lock stop my research?
No, screen lock does not affect ongoing computer processes, such as performing statistical analysis. Likewise, if staff must walk away from an ongoing conference call or training, the conference call or training video will not stop. Staff will need to re-enter their password when 15 minutes have elapsed.
This change may initially cause inconvenience, but it is necessary to safeguard data in the event that a computer is inappropriately accessed or stolen from the Medical Campus.
If you have any concerns, please contact Medical Campus Information Security Officer David Corbett.