The UCSF School of Medicine requires that all laptops use whole disk encryption. To support and comply with this requirement the Department of Medicine IT Services Group would like to remind you of the following policies.

• It is our assumption that any laptop we work on is encrypted, or that there is a SOM-approved exemption on file. Please refer to this DOM information security policy interpretation.
  
• A new laptop must be delivered to your IT service provider in its original, unopened box, so we can encrypt it before it goes into service.
  
• Laptops must be in our inventory, unless they were encrypted and supported by another group at UCSF. UCSF-owned laptops must be inventoried and encrypted to comply with policy.
  
• A laptop that was encrypted by another IT group should be supported by that group, or we should decrypt it and reencrypt it with our installer.
  
• When your laptop's hard drive is replaced it needs to be encrypted again.
  
• Encryption waivers should be exceedingly rare exceptions, since the user accepts complete liability should anything happen to the laptop.
  
• All laptops must comply with UCSF policy 650-16 - Minimum Security Standards. Not sure if you're in compliance? Here's a checklist (PDF).
  

For more information about laptop encryption please see the SOM Encryption Project page.