Skip to content

BIM.PR.14 — Mobile Access and Device Security

BİM.PR.14 — Mobile Access and Device Security Procedure

Document No BİM.PR.14 Version 1.0 Initial Release 26.04.2026
Owner Group Network and Security Group
Approved by Mehmet ARARAT — IT Director
Legal Basis KVKK Art. 12 · ISO/IEC 27001:2022 A.6.7 / A.8.1 · BİGDES
Related Documents KYS.POL.01 P07 (Wireless), P27 (Portable Device), P03 (Internet), KYS.POL.04, BİM.PR.05, BİM.PR.12, BİM.PR.13

1. Purpose and Scope

Within the framework of KYS.POL.01 P07 (Wireless Communication) and P27 (Portable Device Policy), this procedure defines the security requirements for accessing University corporate systems from mobile devices and the password reset method.

Covers all access to corporate Google Workspace, SIS, LMS, EBYS, library, VPN, campus Wi-Fi, and HKU Mobile application from iOS and Android devices.

2. Official Mobile Applications

Application Platform Login
HKU Mobile iOS / Android HKU SSO (corporate username + 2FA)
SIS Mobile iOS / Android National ID No. + SIS password
Google Workspace (Gmail, Drive, Meet, Calendar, Classroom) iOS / Android Corporate email + 2FA

3. First Login

App Store / Google Play → install app → log in with username@hku.edu.tr for SSO → password + 2FA push confirmation → you may mark as trusted (30 days, BİM.PR.13 s.6).

4. Mobile Password Reset

Password reset cannot be performed directly from the mobile app. Access https://portal.hku.edu.tr via a mobile browser and follow the self-service flow in BİM.PR.12 s.4. If your mobile number is not registered, visit the Help Desk in person.

5. Minimum Security Requirements on Devices

  • Screen lock (PIN, biometric) mandatory
  • Automatic screen lock: 30 minutes of inactivity (KYS.POL.01 P01 s.350)
  • Operating system security updates must be applied within 30 days
  • Up-to-date anti-malware (where required by device type, P05)
  • Access to corporate systems from jailbroken/rooted devices is prohibited
  • VPN use is recommended on public Wi-Fi networks
  • Users are responsible for maintaining the security measures on their devices (KYS.POL.01 P01 s.353)

6. Lost or Stolen Device

  1. Report to Help Desk within 24 hours.
  2. BIM signs out all sessions from the corporate account (sign-out everywhere).
  3. Remote selective wipe — only corporate data is removed; personal data is preserved.
  4. For 2FA, see BİM.PR.13 s.7.
  5. If personal data is at risk, KVKK Art. 12 incident review applies (KYS.POL.03).

7. Privacy

BIM does not access data outside the corporate workspace. Only the following is logged: which corporate application was used and when (BİM.PR.24).

8. Violations

KYS.POL.04 s.55.

9. Entry into Force

26.04.2026; reviewed every January and July.

Hasan Kalyoncu University · IT Directorate
Osmanlı Mah. Havaalanı Yolu Üzeri 8. Km 27010 Şahinbey/Gaziantep
444 6 458 · destek@hku.edu.tr · destek.hku.edu.tr · portal.hku.edu.tr
KEP: hasankalyoncu.unv@hs01.kep.tr

Scroll to Top