BIM.PR.26 — BYOD (Bring Your Own Device)

Document NoBİM.PR.26
Version1.0
First Published26.04.2026
Owner GroupNetwork & Security Group
ApproverMehmet ARARAT — IT Director
Legal BasisKVKK Art.4-5, Art.12 · ISO/IEC 27001:2022 A.8.1 · BİGDES
Related DocumentsKYS.POL.01 P21 (Acceptable Use), P27 (Mobile Device), KYS.POL.04, BİM.PR.12, BİM.PR.13, BİM.PR.14

1. Purpose and Scope

Within the framework of KYS.POL.01 P21 (Acceptable Use) and P27 (Mobile Device), defines the minimum security requirements for accessing institutional systems from personal devices. Use of institutional devices is preferred; BYOD is permitted under restricted conditions.

2. Permitted Use

System Access from personal device
Institutional mail (Gmail web/app) Yes (2FA + device compliance check)
OBS, EBYS, OYS (web) Yes (SSO + 2FA)
Google Workspace web and apps Yes
VPN Yes (with device compliance check)
Institutional file server (direct) No (via Google Drive only)
Administrator accounts No (institutional device only, BİM.PR.13 Art.5)

3. Device Compliance Requirements

  • Operating system up to date (≤ 30 days old)
  • Screen lock (PIN/biometric) mandatory, 30-minute auto-lock
  • Disk encryption enabled
  • Anti-virus active (where device type requires)
  • Jailbroken / rooted devices prohibited
  • MDM-enrolled (institutional partition can be remotely wiped)

4. Data Storage

  • Institutional data is not stored locally on personal devices (cloud sync only)
  • Mail attachments must not be saved to personal gallery/file manager
  • In case of device loss, IT remotely wipes only the institutional partition

5. Privacy

IT cannot read or modify any data on your personal device outside the institutional partition. Logged: which institutional application was used, and when (BİM.PR.24).

6. Responsibility

  • Maintenance, warranty and insurance of personal devices are the user’s responsibility.
  • Loss or damage to the device is not the responsibility of Hasan Kalyoncu University.
  • The user is obliged to ensure the confidentiality of institutional data (KYS.POL.04 + P21).

7. Violation

KYS.POL.04 Art.55. IT applies technical measures (blocks device access to institutional systems).

8. Effective Date

26.04.2026; revised January/July.


Hasan Kalyoncu University · IT Directorate
Osmanlı Mah. Havaalanı Yolu Üzeri 8. Km 27010 Şahinbey/Gaziantep
444 6 458 · destek@hku.edu.tr · destek.hku.edu.tr · portal.hku.edu.tr
KEP: hasankalyoncu.unv@hs01.kep.tr

Share