DESKTOP AND MOBILE COMPUTING POLICY - 4989

The California Department of Technology (Department of Technology) delegates authority to acquire desktop and mobile computing commodities to Agencies/state entities that have submitted acceptable Technology Recovery Plans or Technology Recovery Plan certifications, maintain compliance with all applicable state IT security provisions as defined in SAM Sections 5300-5399, and have appropriate plans for the use of desktop and mobile computing commodities.

Under the Desktop and Mobile Computing Policy, Agencies/state entities are delegated the authority to acquire desktop and mobile computing commodities to support increased staffing, as well as the ongoing replacement of obsolete or nonfunctioning desktop and mobile computing commodities. All acquisitions related to desktop and mobile computing must be consistent with the Agency/state entity’s overall strategy for the use of information technology, as expressed in its current Agency Information Management Strategy (AIMS) (See SAM Sections 4900.2 - 4900.6). Agencies/state entities must ensure that the use of mobile computing devices will cost-effectively meet a significant business need and increase the efficiency of the Agency/state entity.

Many desktop and mobile computing commodities are targeted to consumers rather than business users. While these consumer-based commodities are effective as consumer devices, they may not be well-suited for many business uses. To ensure commodities support business productivity and enterprise capabilities, Agency/state entities must understand their security and architecture requirements and acquire the right tools to meet those requirements. Desktop and mobile computing configurations must make use of proven, "off-the-shelf" hardware and software and must support business productivity and enterprise capabilities such as:

• Enterprise Productivity (MS Office)
• Access to Corporate Servers (File/Print, Active Directory, etc.)
• Enterprise Class Applications (Geographic Information Systems, Enterprise Resource Planning, etc.)
• Enterprise Security (VPN, Active Directory Authentication, Multifactor Authentication, etc.)

The acquisition of new mobile computing devices for existing staff should replace existing desktop computers or mobile computing devices, not be purchased in addition to a desktop computer (for example a new laptop should replace a desktop computer). Additionally, the acquisition of new mobile phones should replace desk phones when practical. Replacement of desktop and mobile computing commodities acquired as part of a previously approved IT project, as defined in SAM Section 4819.2, may be included in this policy as such commodities are incorporated into and are no longer distinguishable from the Agency/state entity’s IT infrastructure.