Info
Content

International Travel with Institutional Devices Guidelines

Effective Date: March 7, 2025
Revised Date: March 24, 2025

1. Purpose

For the professional development of our faculty, staff, and students—and to raise recognition of our contributions and the profile of Arkansas State University (A-State)—international travel is encouraged.

To safeguard A-State’s institutional data, minimize cybersecurity risks, and comply with export control regulations, this document outlines procedures for faculty, staff, and students planning to travel overseas with electronic devices. This guidance provides three tiers to manage devices in accordance with institutional security best practices, as determined by Information Technology Services (ITS).

2. Approved Recommendations

Before traveling outside the United States, consider the purpose of the trip and determine whether an electronic device is necessary. Anytime a faculty or staff member or student travels internationally, there is a risk of personal and institutional data becoming vulnerable.

The following recommendations are listed in order of best practices. A-State wants to ensure the necessary pathways and processes are in place to encourage international travel while safeguarding university interests.

Tier 1: No Device Travel (Highly Recommended)

Leaving all electronic personal or institutional devices at home is highly recommended. This approach minimizes data theft, loss, or compromise and ensures easier compliance with security protocols.

Benefits:

  • Eliminates cybersecurity risks

  • Prevents loss or theft of assets

  • Reduces pre-travel administrative burdens

If personal devices are taken, all institutional data must be removed unless prior approval is granted by IT Security (note this on the International Travel Justification Form). See Section 5 for more on personal device usage overseas.

Tier 2: Travel with a Loaner Device (Preferred if a Device Is Necessary)

If a university device is essential for official business, travelers are encouraged to use a loaner device provided through ITS. This helps secure data and mitigate risk.

Process:

  1. Request Submission: Complete the Loaner Device Request Form at least 30 days prior to travel.

  2. Approval Coordination: Obtain approvals from the supervisor and the department's Academic Dean or Vice Chancellor.

  3. Device Pickup: Coordinate with ITS for device configuration and pickup.

  4. Device Return: Return the device promptly upon return.

Security Features:

  • Configured with KACE or Jamf, CrowdStrike, Malwarebytes, and encryption (BitLocker or FileVault).

  • Minimal preloaded data.

  • Device reconfiguration upon return.

Tier 3: Travel with an Institutional Device (Only if Absolutely Necessary)

If it is absolutely necessary to use an assigned institutional device (laptop, tablet, or phone), strict guidelines must be followed.

Requirements:

  1. Justification Form: Complete a form explaining why the institutional asset is necessary.

  2. Approval: Signed by the Academic Dean or Vice Chancellor.

  3. Security Verification: Submit the device to ITS at least 30 days before travel via Help Desk ticket or security@astate.edu.

  4. Final Authorization: Granted by ITS after verifying security compliance.

3. High-Risk Countries (As Determined by the U.S. Department of State)

A-State aligns with U.S. Department of State guidelines in identifying high-risk destinations where cybersecurity threats are especially severe.

Policy for High-Risk Travel:

  • Tier 3 (Institutional Device Travel) is not allowed.

  • Only Tier 1 (No Device) or Tier 2 (Loaner Device) is permitted.

  • Travel to completely embargoed countries (Cuba, Iran, North Korea, and Syria) prohibits taking any technology.

List of High-Risk Countries:

  • China

  • Cuba (Tier 1 only)

  • Russia

  • Hong Kong

  • North Korea (Tier 1 only)

  • Crimea (Region of Ukraine)

  • Iran (Tier 1 only)

  • Syria (Tier 1 only)

Before You Travel:

  • Verify if the destination is high-risk with ITS or RTT.

  • Follow the tier restrictions.

  • Complete all documentation for the selected tier.

Important: These restrictions help protect data and maintain export control compliance. High-risk designations may change, so travelers should check before each trip.

4. Incident Response Plan

If something happens while traveling internationally, follow these steps:

(i) Device is Lost or Stolen

  1. Retrace steps in a safe area.

  2. Contact ITS (security@astate.edu) and the local embassy or consulate if sensitive data is involved.

  3. Document time, location, and circumstances.

(ii) Device is Confiscated by Customs Border Patrol (CBP)

  1. Cooperate fully with CBP.

  2. Request an official record or receipt, if possible.

  3. Report the incident to ITS immediately.

(iii) Suspicious Activity or Unauthorized Access

  1. Disconnect from networks immediately.

  2. Document any unusual behavior.

  3. Contact ITS for guidance.

5. Personal Devices

Recommendations:

  1. Avoid Business Activities:

    • Do not conduct university business on personal devices while abroad.

  2. If Accessing Email Is Necessary:

    • Use the Microsoft Outlook app on iOS, Android, Windows, or Mac.

    • It provides enhanced security and allows ITS to lock or wipe data remotely if needed.

  3. High-Risk Travel Precautions:

    • Remove all university-related data and apps.

    • If a device is needed, consider purchasing a temporary device abroad.

These precautions reduce the risk of unauthorized access and protect A-State’s data.

6. Compliance and Reporting

Failure to follow these guidelines may result in disciplinary action and compromise A-State’s compliance with security laws and export control regulations.

Contact for Questions:

7. Contact Information

Back to top