How do I know if the policy applies to me?
This policy applies to you if you are planning to develop or procure a mobile application that meets any one of the following criteria:
- Accesses data from or pushes data to a UNLV enterprise system
- Accesses or collects data that is protected by federal or state laws/regulations, or NSHE/UNLV regulations or policies
- Requires infrastructure services managed by UNLV
- Will be branded as a UNLV product
The policy also applies to you if you are hiring a vendor to assist in the development of a mobile application that meets the criteria above.
What do you mean by “UNLV enterprise system”?
An enterprise system is a large-scale application software package that supports business processes, information flows, reporting, and data analytics in complex organizations.
Examples at UNLV include but are not limited to: student information system, human resources system, finance system, learning management system, identity management system, space management system, etc.
What do you mean by “access data from” a UNLV enterprise system?
“Accessing data from” means using or displaying data from a UNLV enterprise system.
For example, the mobile application is designed to list all students enrolled in a particular class (e.g., SOC 101 Section 1001). The data would be pulled from UNLV’s student information system (i.e., MyUNLV).
What do you mean by “push data to” a UNLV enterprise system”?
“Push data to” means adding new data to, updating existing data in, or deleting data from a UNLV enterprise system.
For example, the mobile application is designed to take attendance in a particular class (e.g., SOC 101 Section 1001) and transfer the data to the learning management system (i.e., WebCampus).
What type of data likely to be used in a mobile application would be subject to protection by federal or state laws/regulations, or NSHE/UNLV regulations or policies?
The data likely to be used in a mobile application is the same type of data used in many other environments on campus (e.g., web page, within an application, in a paper document). If the data being used in a mobile application must be protected in any other environment it must meet the same level of protection in the mobile application.
The type of data protected by federal or state laws/regulations, or NSHE UNLV regulations or policies includes sensitive, personal information which is defined as:
Any information about the individual maintained by the university, including the following: (a) Education, financial transactions, medical history, and criminal or employment history; and, (b) Information that can be used to distinguish or trace the individual’s identity, including name, social security number, date and place of birth, mother’s maiden name, or biometric records. [38 USCS § 5727(19)] Sensitive, personal information does not include publicly available directory information that may be lawfully disclosed (Definition taken from Breach of Information Notification Policy available at: https://it.unlv.edu/policies/breach-information-notification-policy).
How do I know if a mobile application would require infrastructure services managed by UNLV?
Mobile application using the following types of services provided by UNLV would be using infrastructure services managed by UNLV:
- Authentication services (e.g., ACE, MyUNLV login services, etc.)
- Data storage
- File services
- Web and/or application servers
Where do I find UNLV graphic identity standards?
Information about logos, colors, and other graphic identity standards is available on the university identity website at: http://www.unlv.edu/identity/.
Where do I find information about using the UNLV brand (UNLV Licensing Program)?
Information about UNLV’s Licensing Program for commercial and non-commercial use is available on the university identity website at: https://www.unlv.edu/identity/licensing. The UNLV Licensing Program ensures the control and proper presentation of the UNLV brand and protects the appropriate use of those trademarks, service marks, logos, and insignias that have come to be associated with the university.
What security policies and procedures are relevant if I am developing or procuring a mobile application?
All applications developed or purchased for use at UNLV must be designed to protect the confidentiality, integrity, and availability of university data and the privacy of members of the university community as well as the users of the application.
A number of precautions must be taken to minimize the impact of the vulnerabilities associated with mobile applications. These include but are not limited to:
- Access to any potentially sensitive information requires authentication that meets UNLV password standards.
- All potentially sensitive, personal information must be encrypted in transit and when cached for use on the mobile device.
- Any downloaded data must be protected against access by other programs.
- No sensitive data should be stored on the mobile device once the application is terminated.
- Applications must not expose location information without the explicit consent of the user.
More information on the special security vulnerabilities mobile applications and the devices upon which they reside is available in the security section of the Procedures to Accompany the Mobile Application Implementation Policy.
How can I post my app to the Apple App Store?
Does UNLV’s have an Apple Development Program (ADP) membership?
UNLV does maintain an Apple Development Program membership. If you wish to use the UNLV ADP membership please contact the Mobile Applications Group at firstname.lastname@example.org.
How can I have my app listed on the UNLV Mobile App page?