It's Easy to Ensure Compliance with Secured Device Services (SDS) 

SDS ensures that your department meets compliance by providing vulnerability monitoring and remediation, virus protection, and asset management. As part of UCR's security investment roadmap, campus leadership has called on all units to move to SDS to improve the university's security posture. In the meantime, it is required that faculty and staff who manage their own devices install and use the security toolset.

​

Frequently Asked Questions

• Why are these tools necessary?

  Universities are among the most targeted entities by Nation States and other bad actors, and their attempts to attack us are becoming more sophisticated and frequent. Each tool in the UCR security toolset serves a unique and important purpose. Together, these tools provide an additional layer of protection for our University data and systems and, importantly, your sensitive personal and financial information.
   

• Do I need all three tools?

  Yes, each tool is crucial in fulfilling UC's security requirements. To learn about the role of each tool, please refer to the “Tools to Protect Your Work and Preserve Your Legacy” section. 
  
   

• Do I need to have the security toolset on my personal laptop if I use it on campus to connect to the UCR Wi-Fi network?

  Highlanders or guests who bring their personal laptop to campus just to connect to UCR's Wi-Fi network do not need to have the security toolset on their device. If UCR staff or faculty are using a personal laptop/computer to access their UCR email and calendar only, they also do not need to install the security toolset on their device.

  As a reminder, staff members should not conduct university business nor access secure UCR resources from a personal laptop/computer (with the exception of UCR email and calendar). Faculty members who are using their personal laptop/computer to access any UCR resource that is considered sensitive need to install the security toolset on their device. Examples of sensitive UCR resources include Concur, Canvas, Banner, VPN, Google Drive, SharePoint, and any data storage services.

• What information is the security toolset collecting and who can see it?

  To learn more about the UCR-mandated security toolset, please read the UCR Security Toolset Whitepaper (UCR login required to access the document).

• Will ITS or any of the tools monitor my personal activity, emails, or browsing history?

  These tools are designed to protect against cybersecurity threats. They focus on detecting unusual, malicious, or potentially harmful activity and not on monitoring personal information.

  The security tools are not designed to read your email content. Their purpose is to protect your device and university data, not to monitor personal communications. In the event that a potential threat is detected, the ITS Information Security Office is required to investigate while adhering to strict UC and campus privacy policies, including the UC Electronic Communications Policy.

• Will these tools slow down my device or interfere with my work?

  We've carefully selected tools that are lightweight and have minimal impact on device performance. It is worth noting that these tools are not new. UCR currently utilizes these tools but now must expand coverage across campus to strengthen security. If you experience any issues, please submit an IT ticket.

• Will I be able to control the settings or disable these tools if needed?

  Settings on IT-managed devices will be managed centrally to ensure optimal security. For personal devices, you will have some control over settings, but default configurations should be preserved for maximum protection and program compliance.  Please note that noncompliance will result in the inability to access secure UCR resources and applications.
   

• What happens if a threat is detected?

  The tools will alert the ITS Information Security Office. UCR’s security professionals will then take appropriate action to investigate and mitigate the threat while adhering to strict UC and campus privacy policies and industry-standard operating procedures. Read more about the UCR Information Security Office (ISO) Incident Response Plan in the ITS Knowledge Base.
   

• How can I report download and installation issues with the UCR-mandated security toolset?

  You may submit a ticket to BearHelp and select the Category "Desktop/Laptop Services" and the Subcategory "Software Issue" in the form.

• What is the difference between managed and non-managed devices?

  Managed devices refer to devices (e.g., desktops, laptops, smartphones, and tablets) that are managed, secured, and maintained either by ITS (including Secured Device Services) or by local UCR IT departments. Non-managed devices are managed and maintained by individuals with no administrative support from IT.

• How do I know if my department is a member of Secured Device Services?

  View the list of departments that are part of ITS Secured Device Services in the IT Knowledge Base.

• Are personal devices, such as BYOD, included in the mandate?

  Yes, the security tools must be installed on personal devices if the user wishes to connect to secure UCR resources and applications that hold sensitive institutional data. Mobile devices (phones and some tablets) are not currently subject to the same requirements.  
   

• Are mobile devices included in the mandate?

  No, mobile devices such as phones and tablets* are not subject to the same requirements as computers and laptops under the mandate.

  That said, it is still crucial to secure your mobile devices to protect your data. To safeguard your data, utilize complex passwords or biometric authentication, maintain up-to-date software, and exercise caution when using public Wi-Fi for sensitive activities. Be sure to remain vigilant against phishing attempts and establish regular data backup routines. For more information about best practices, refer to Mobile Security Guidance.

  *Note: Microsoft Surface Tablets require installation and use of the security tools. 

• What happens if I don't follow the mandate?

  The UC President's letter outlines the campus consequences of non-compliance. In an effort to mitigate these consequences, UCR’s security plan employs additional consequences, which include, but are not limited to, restricted access to campus resources (such as networks, WiFi, and online service applications). These measures are necessary to help ensure the safety and security of both the UCR community and our larger UC community.
   

• What is the UC Cybersecurity Mandate and where can I learn more about it?

  The UC President has called for all UC campuses to achieve key cybersecurity outcomes by May 28, 2025, to help protect sensitive data, maintain operational continuity, comply with regulations, and mitigate financial risks. To learn more about the UC Cybersecurity Mandate, visit the dedicated UC Cybersecurity Mandate 2025 webpage. 

​

Learn About UCR's Response to the UC Cybersecurity Mandate