OVERVIEW

Employing up-to-date technology is pivotal to enhancing productivity and operational efficiency within the College and supporting Information Security efforts. Extended maintenance and upkeep on older computing systems results in increased failure rates and drives up operational and support costs, which adversely affects the work, study, and research performed in our community. This policy is designed to ensure the timely replacement of computers and the removal of outdated computing devices from service, so they do not become a burden on support staff or adversely affect the College's Information Security posture through incompatibility with central management tools or lack of support for current operating system or application software updates.

To ensure that College personnel always have access to current computing technology and can efficiently fulfill the responsibilities of their jobs, the “Computer Lifecycle Replacement Program” was instituted in 2021. The program provides for scheduled replacement of computers for full-time employees every 4 years (Windows) or 5 years (Macs). It also allows Information Technology Services (ITS) to wipe, reload, and re-deploy systems as needed to fulfill College computing demands (for example, for part-time staff, in shared computing labs, or as loaner devices) until equipment has reached “End of Life,” at which point, systems must be sanitized and disposed of in alignment with the College's Information Security Policy.

1. PURPOSE

The objectives of this policy are to:

• Assure that the computing resources in offices, classrooms, and labs are adequate to support the mission of the institution.
• Support employee productivity by regularly reviewing computing device functionality and providing upgrades or replacements as appropriate.
• Improve technical support by standardizing the vendors and models of equipment.
• Improve both operations and security via centralized endpoint management
• Create sustainable inventory processes and control costs.
• Maximize return on technology investment by re-purposing older equipment for part-time staff, adjunct faculty, student workers, and loaner devices.
• Promote cost-effective installation of new equipment and environmentally sound disposal of old equipment.

2. SCOPE

This policy applies to the lifecycle replacement of Lake Forest College-owned computers, primarily general-purpose desktop and laptop machines purchased, maintained, and managed by ITS and assigned to full- and part-time employees.

This policy does not apply to peripheral equipment, office phones, cell phones, printers, scanners, audio/visual equipment, shared lab computers, servers, or other IT-related equipment. This equipment is replaced by ITS according to need, condition, and budgetary resources based on their analysis and judgment, support contracts, and established best practices.

This policy also does not apply to departmentally purchased or grant-funded computing equipment. Departments should budget to replace this equipment as needed.(This equipment is still subject to the Technology Acquisition & Vendor Management Policy.)

3. COMPUTING DEVICE ALLOTMENT

3.1 Primary Device Assignments: ITS provides one (1) computer and approved peripherals to full-time employees whose primary job responsibilities require one. ITS also provides shared-use computers and other peripherals in classrooms, laboratories, public computing facilities, and other academic and administrative offices. All devices, whether primary or shared-use, must be managed and secured through ITS to maintain compliance with applicable regulations, including the Gramm-Leach-Bliley Act (GLBA). ITS assumes responsibility for management, upgrades, and normal repair of these devices. Replacement or upgrade of computers is based on a predictable schedule (see Section 5) and a requirements evaluation of the job or function.

3.2 Additional Device Acquisitions: Any additional device acquisitions beyond the one provided by ITS must still be coordinated with and completed through ITS, regardless of the funding source. Purchases of any technology with College funds (for examples, see Section 3.4) by any department outside of ITS are strictly prohibited. To ensure compliance with regulatory requirements, ITS must assess the security, management, and support requirements of additional devices before they are approved for use in College operations. Personal purchases of computing devices for College-related work is strictly prohibited; any exceptions to this policy must be explicitly reviewed and approved in writing by the VPIT/CIO. As outlined in the Information Security Policy, unapproved devices are strictly prohibited from accessing, handling, storing, or processing sensitive or confidential College data.

3.3 Data Transfers: ITS staff members will transfer College-related work files to replacement devices. ITS staff members shall not knowingly transfer personal files (unrelated to teaching, learning, or research pursuits). For employee privacy and security reasons, ITS highly discourages the personal use of – or storing files of a personal or private nature on – College-owned devices.

3.4 Device Ownership: All computing equipment purchased with College funds (including grant funds, capital funds, startup/research funds, departmental funds, gifts, or endowments) is property of the College. To ensure GLBA and other regulatory compliance is maintained, all employees must return College-owned devices to ITS on their last day of active employment with the College. It is the responsibility of an employee's manager to ensure an employee returns their equipment. For policy purposes, computers not returned by employees will be considered a lost or stolen device, with regard to reimbursement to ITS for the replacement.

3.5 Device Reassignments: To facilitate computer lifecycle efficiency, if an employee leaves the College, the replacement staff member will receive their predecessor’s computer provided there is at least one year remaining on its refresh cycle.

3.6 Unused Equipment: If ITS determines that equipment is not in active use, it will initiate an inventory review process to determine if the asset should be reassigned elsewhere in the College to optimize inventory assignment, control costs, and maintain security compliance. In these instances, User Services shall reach out to the employee or department in charge of the unused equipment and gather more information. Ultimately, the device may be collected, wiped, and redeployed elsewhere to meet College needs.

4. DEVICE STANDARDS

4.1 Minimum standards: ITS sets minimum standards for hardware and software selected for use at the College. Equipment that does not meet College standards for performance, configuration, or warranty will not be installed, networked, repaired, or supported by ITS.

4.2 Sanctioned Equipment: All computing equipment purchased with College funds must be purchased through ITS unless explicit permission is granted by the VPIT/CIO. Technology purchases not funded by ITS may not be included in the replacement cycle and may be restricted from the College network if deemed an unacceptable risk to other College e-resources or security. See also the Technology Acquisition & Vendor Management Policy and the Information Security Policy, specifically Section 7: "Minimum access policy."

4.3 Sanctioned Vendors: ITS primarily uses equipment purchased from large manufacturers such as Lenovo and Apple and strives to use common models of computers and peripherals to ensure maximum compatibility and eliminate operational inefficiencies which result in environments comprised of excessively mixed PC hardware components and their accompanying drivers.

4.4 Exceptions to Standard Configurations: ITS recognizes that some faculty, staff, and students have different computing needs. Academic labs with specialized computers will be built into the lifecycle budget when possible. Faculty and Staff who require a non-standard machine that exceeds the cost of a standard lifecycle computer will be required to obtain departmental approval and their department will fund the difference in cost. Requests for non-default workstations (Windows or Apple systems with higher specifications) will require a written justification accompanied by approval from your Dean and/or Vice President. Submissions will need to be approved by the VPIT/CIO.

5. DEVICE LIFECYCLES

Devices purchased with ITS funds with are subject to the following lifecycle policies. Lifecycle replacements for purchases funded by other departments or one-time sources (grants, gifts, etc.) are the responsibility of the original requesting department or individual. Such parties should establish a lifecycle replacement plan for these devices prior to purchase; such practices are crucial in avoiding the use of legacy operating systems or outdated and unsupported software, which can elevate security risks and create regulatory compliance issues. ITS will not assume responsibility for managing or replacing these devices unless explicitly agreed upon in advance.

5.1 MacOS Devices: Apple computers shall be replaced at the end of a 5-year lifecycle.

5.2 Windows Devices: PC devices running the Windows operating system shall be replaced at the end of a 4-year lifecycle.

5.3 Lifecycle Replacement Process: Prior to the end of the lifecycle term, employees assigned an ITS-provided computing asset will be contacted by the ITS Endpoint Administrator or another member of the User Services team to select a replacement computer and to establish a date for the equipment exchange, where required applications will be installed and if necessary, data will be transferred, and to ensure regulatory compliance, the previous device will be collected so that required secure data destruction procedures may be followed.

5.4 Mid-Lifecycle Repairs: For computing devices provided and managed by ITS, repairs for normal device malfunctions will be handled by ITS during the warranty period and after the manufacturer's regular (or if applicable, extended) warranty period has expired. In cases of physical damage (intentional or not), loss, or theft, the individual or department responsible for the device must provide funds for the repair or a portion of the replacement cost based on the asset’s remaining value. Reimbursement costs will be based on the device’s age, depreciation, remaining years in its lifecycle, and any "book value," among other factors. The individual or department will not be expected to reimburse ITS for the full value of the device unless it has been used for less than a year. The decision to repair or replace the device is at the discretion of ITS.

5.5 Mid-Lifecycle Replacements: If a repair during a computing device’s lifecycle is unfeasible or financially impractical, ITS may replace the computer with a new machine. That computer then becomes the lifecycle machine for that employee with the lifecycle period beginning at the time of the new deployment.

5.6 Loaner Equipment: Whenever possible, ITS shall provide a “loaner” computing device to an employee while their primary ITS-provided computing device is undergoing repair or awaiting replacement. ITS staff shall make reasonable efforts to equip the loaner device with the necessary software to enable the employee to complete their required work during the loan period.

5.7 Equipment Exchange: During a lifecycle replacement event, the employee's previous computing device must be returned to ITS before the employee obtains their new device. ITS will hold the old computer for a period of two weeks to ensure that all data is transferred properly during the lifecycle exchange.

5.8 Fiscal Limitations: All device lifecycle replacements are subject to available funding.

6. OTHER CONCERNS:

6.1 User Responsibility: Employees are responsible for taking reasonable precautions regarding Lake Forest College-owned computer equipment. Employees or their departments will be held responsible for damage to such equipment arising out of their negligence or misconduct. Desktop computing equipment should remain in the location where it was originally installed unless other arrangements are made with ITS. (Portable computers may be used at home or while traveling to support remote work.) Individuals or departments experiencing loss or damage to College-owned devices should contact the ITS Service Desk.

6.2 Maintaining Accurate Inventory: Departments should notify ITS of any intentions to move lifecycle computers so that ITS can maintain an accurate inventory and location record of College assets. Computers should not be moved, reassigned, or redistributed in any fashion without notifying ITS and obtaining approval.

6.3 Equipment Return: All lifecycle computing devices – including cables, mice, keyboards, and other peripherals included by ITS with the computer's initial deployment – must be returned to the College. There is no option for employees to purchase their assigned College-owned devices upon separation from the College or any other time; all College computing devices must be properly sanitized and disposed of according to Section 6 "Data Disposal Policy" of the Information Security Policy.

6.4 Opt-Outs: Faculty and Staff may choose to “opt out” of a lifecycle replacement when they are due. ITS will forward their eligibility to the following year and contact them during the next lifecycle replacement period. ITS recommends no more than one opt-out per device lifecycle and may refuse the opt-out request if continued use of the existing asset poses an unnecessary or unacceptable risk to the College's cybersecurity posture.

RELATED POLICIES:

• Acceptable Use of E-Resources Policy
• Eligibility for Accounts Policy
• Information Security Policy
• Technology Procurement & Vendor Management Policy
• Student, Faculty, and Staff Handbooks