Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Emory requires a review of all apps available in public marketplaces that are listed for download in the Emory Mobile App Catalog. The process for reviewing mobile apps endorsed by Emory and listed in the Emory Mobile App Catalog is initiated by the Libraries and Information Technology Services in consultation with Emory Healthcare and Emory University Compliance Officers and [list other parties here]. To begin this process, please visit https://wiki.service.emory.edu/x/suIGBQ. These mobile apps are endorsed in some way by Emory when they appear in the Emory Mobile App Catalog and they should be reviewed and documented to indicate the nature of their review and recommended or endorsed use.

Draft Policy for Use of Mobile Apps at Emory for Purposes Subject to Policy Compliance (work in progress, not yet approved or adopted)

Emory requires a review of all mobile apps used for purposes subject to Emory policy and regulatory compliance. These purposes include the acquisition, storage, and transmission of data that is subject to Emory compliance policies such as student information, employee data, and protected health information. Mobile apps developed at Emory are already covered under internal and external distribution review policies. This process applies specifically to mobile apps available on public marketplaces like the Apple App Store, Google Play, and others as well as any mobile apps available through other distribution channels or individual developers, hereafter referred to as Vended Apps.

Emory requires that all Vended Apps that are intended to acquire, store, or transmit sensitive information be reviewed for suitability and compliance by the appropriate Compliance Officer and Information Security. Once approved, all Vended Apps will be listed in the Emory Mobile App Catalog along with a description of their approved use.

 

Processes

There are three processes for mobile app review and distribution at Emory to address the requirements for internal and external distribution. Detailed descriptions of these processes are at:

...