30 | STEVENS EMPLOYEE MANUAL • Minimize Data: Limit the data stored on devices; utilize secure cloud storage when possible. • Encryption: Ensure all devices are encrypted and backups are encrypted. • Loaner Devices: Request temporary devices configured with enhanced security protocols from the Division of Information Technology. • Secure Connections: Avoid using public Wi-Fi; connect through a Virtual Private Network (VPN) when necessary. • Multi-Factor Authentication: Access Stevens’ systems only through multi-factor authentication. • Incident Reporting: Immediately report any loss, theft, compromise or unauthorized access to support@ stevens.edu and, if applicable, local authorities. Employees may be required to leave devices with IT for inspection or reimaging after returning from international travel. Research – International Travel and Foreign Activities Research involving international travel or foreign activities may trigger additional disclosure and reporting obligations under Stevens’ sponsored research policies, conflict of interest policies, and sponsor-specific requirements (e.g., NIH, NSF, DoD, DOE regulations) regarding foreign travel and engagements. Any information leaving the United States is considered an export and might be subject to export-control regulations. Compliance with these requirements is mandatory. Responsibilities of Principal Investigators and Key Personnel • Review and comply with all applicable laws, regulations, and institutional policies and guidance related to international travel and foreign activities. • Contact the Office of Sponsored Programs ([email protected]) in advance to determine whether sponsor approval is required for international travel. • Consult the Export Control Team ([email protected]) prior to any international travel to ensure required approvals, disclosures, and export control reviews are completed. Personal Travel Considerations Even when traveling for personal reasons, employees must: • Avoid accessing Stevens systems from high-risk countries • Refrain from transporting Stevens-owned devices unless approved • Notify [email protected] if they believe a device used for university business may have been lost or compromised. This includes personally owned devices used for university business. Consequences of Non-Compliance Failure to follow these requirements may result in: • Revocation of remote-work or travel privileges • Denial of reimbursement for work-related expenses • Disciplinary action, up to and including termination of employment Contact the following offices for guidance • Information Technology: [email protected] (cybersecurity, device preparation, high-risk travel protocols • Human Resources: [email protected] (policy and travel eligibility questions) • Office of Sponsored Programs: [email protected] (research-related travel, approvals, disclosures) • Export Control: [email protected] (technology control plans, export license)
