General Description
Purpose:
Computers running unsupported and unpatched operating systems pose a substantial risk to the cybersecurity of the University. Additionally, unsupported hardware has an increased cost to maintain, and the probability of failure increases as parts age and reach the end of their expected life. Therefore, the Information Technology Services department is implementing a policy to identify and remove from service any computing hardware that has reached the end of life. Further, unpatched machines that are not updated after an employee separation will be addressed as well as part of this policy.
Definition:
End of Life - means that the Original Equipment Manufacturer (OEM) has decided that a specific product has reached the end of its “useful lifespan”. This is when they usually recommend doing a hardware refresh to the current generation of their hardware.
Firmware - Permanent software programmed into the hardware’s read-only memory
Hardware Lifecycle Management - A holistic approach to managing the total useful life of IT hardware to maximize the return on investment.
Operating system - The software that supports a computer's basic functions, such as scheduling tasks, executing applications, and controlling peripherals.
Firmware - Permanent software programmed into the hardware’s read-only memory
Hardware Lifecycle Management - A holistic approach to managing the total useful life of IT hardware to maximize the return on investment.
Operating system - The software that supports a computer's basic functions, such as scheduling tasks, executing applications, and controlling peripherals.
Scope:
This policy applies to all CSUB employees and to all computer systems connected to the University’s non-guest network.
Policy/Procedure
Purchasing
All new hardware, except for machines under faculty refresh will be purchased with a 5-year on-site warranty for Windows based devices, 4-year AppleCare for Apple devices, or similar hardware support agreement. This will cover the replacement of any failed components by the vendor during the warranty period. After the respective warranty time, failures of the computer will be dealt with at the departmental level.
Hardware Lifecycle Management
Faculty Refresh (Tenured, Tenure Track) computers will be refreshed every four years.
Instructional centralized computer labs and open access computer labs will be refreshed every five years. Instructional spaced managed by Academic Operations.
Smart Classroom/Lab Instructor stations computers will be refreshed every four years.
Fulltime-staff members will be refreshed every five years.
Auxiliaries and self-support units will need to purchase their own equipment but are still required to comply to this policy.
The following staffing groups will be funded by the departments but are still required to comply to this policy:
Hardware Replacement
Any CSUB computing device that is connected to the university network or accesses university resources must be running an operating system and firmware that is supported by the manufacturer and provided with regular and timely security patches. Once the manufacturer of the system announces the end of support for a system, that system will need to be updated to a supported version of the operating system or replaced with newer hardware.
Any computer device that is connected to the university network or accesses university resources must run the ITS provided and supported security tool(s) or replaced with newer hardware.
Change of Hardware Primary User or Location
Departmental Asset Custodians are required to notify Campus Asset Manager and ITS Service Center via ServiceNow. In the event of hardware being identified as having changed primary user or location without ITS knowledge the device will be blocked from all CSUB IT resources.
Use of Systems Beyond Recommended Lifecycle
Systems exceeding the recommended lifecycle (see above) will no longer be provided any “hardware” related support by ITS irrespective of ability to run the ITS supported operating systems, patches, and security tools. Software support such as installation, updating, and patching will continue to be supported if the hardware continues to operate with the approved operating system and ITS security tools.
Due to ongoing support costs associated (Security Licensing, Management, Remediation, and Patching) the department will be billed $600 per year (subject to review and change annually) for any system that exceeds the recommended lifecycle. Devices over seven years old will no longer be allowed on the CSUB Network.
Employee separation process
When an employee separates from the university, their computer will become locked and unable to be used. The machine will be provided to ITS for the machine to be evaluated and re-imaged, updated to current Operating System and patched to the latest security level and provided back to the department.
All new hardware, except for machines under faculty refresh will be purchased with a 5-year on-site warranty for Windows based devices, 4-year AppleCare for Apple devices, or similar hardware support agreement. This will cover the replacement of any failed components by the vendor during the warranty period. After the respective warranty time, failures of the computer will be dealt with at the departmental level.
Hardware Lifecycle Management
Faculty Refresh (Tenured, Tenure Track) computers will be refreshed every four years.
Instructional centralized computer labs and open access computer labs will be refreshed every five years. Instructional spaced managed by Academic Operations.
Smart Classroom/Lab Instructor stations computers will be refreshed every four years.
Fulltime-staff members will be refreshed every five years.
Auxiliaries and self-support units will need to purchase their own equipment but are still required to comply to this policy.
The following staffing groups will be funded by the departments but are still required to comply to this policy:
- Staff that are less than .9 FTE
- Student assistants
- Faculty that are not Tenured or Tenure Track
Hardware Replacement
Any CSUB computing device that is connected to the university network or accesses university resources must be running an operating system and firmware that is supported by the manufacturer and provided with regular and timely security patches. Once the manufacturer of the system announces the end of support for a system, that system will need to be updated to a supported version of the operating system or replaced with newer hardware.
Any computer device that is connected to the university network or accesses university resources must run the ITS provided and supported security tool(s) or replaced with newer hardware.
Change of Hardware Primary User or Location
Departmental Asset Custodians are required to notify Campus Asset Manager and ITS Service Center via ServiceNow. In the event of hardware being identified as having changed primary user or location without ITS knowledge the device will be blocked from all CSUB IT resources.
Use of Systems Beyond Recommended Lifecycle
Systems exceeding the recommended lifecycle (see above) will no longer be provided any “hardware” related support by ITS irrespective of ability to run the ITS supported operating systems, patches, and security tools. Software support such as installation, updating, and patching will continue to be supported if the hardware continues to operate with the approved operating system and ITS security tools.
Due to ongoing support costs associated (Security Licensing, Management, Remediation, and Patching) the department will be billed $600 per year (subject to review and change annually) for any system that exceeds the recommended lifecycle. Devices over seven years old will no longer be allowed on the CSUB Network.
Employee separation process
When an employee separates from the university, their computer will become locked and unable to be used. The machine will be provided to ITS for the machine to be evaluated and re-imaged, updated to current Operating System and patched to the latest security level and provided back to the department.
Review (Frequency and Process)
This policy shall be reviewed every two years by the Associate Vice President & CIO or a designate and provided to the Vice President Business and Administrative Services for approval and then to Cabinet for final approval.