Skip to main content

Encryption Compliance Calculation

How Is Full Disk Encryption Compliance Calculated?

1) To be considered compliant, a device (desktop, laptop or mobile device) must be encrypted using an approved encryption management software and must have reported into the encryption management system within 120 days, or have an approved encryption exception:

  • Approved encryption management software includes SecureDoc (Windows and Macintosh), ISO-Keyring (Non-SecureDoc compatible Windows), ISO-AppleRing (Non-Windows devices, not compatible with other approved encryption methods), JAMF (Macintosh) and AirWatch for mobile devices (iOS, Android, Windows RT and Chrome).

  • The managed encryption client must check into the encryption management server at least once within consecutive 120 days to confirm encryption is maintained.

  • Exceptions are approved where DeepFreeze deployment can be confirmed (to prevent data storage) and/or where other compensating controls are implemented and validated. Exception requests may be made by sending "form 18-1 Computing Device Encryption Exception Request" to the ISO at

2) Encryption compliance is calculated by using asset management data (including desktop, laptop and mobile computers) in UT Share as a basis, consequently it is important to make sure records are accurate. All discrepancies in asset management data must be directed to Property Management. All laptops, mobile devices, high-risk desktop computers and desktop computers purchased after September 1, 2013, as listed for a department (and its children departments) are in-scope for the encryption requirement. 

Note: Encryption management software may identify computers that have not been entered into UT Share and may not readily identify the form factor of the computer. These computers are added to the Desktop count by default and eventually matched to UT Share asset management data.

3) Encryption management data following the rules in (1) are matched against UT Share data to determine compliance. This is done in ISO-BRIDGE ( - accessible on campus or via VPN). ISO-BRIDGE is updated periodically using manual and automated means.

4) Encryption compliance calculations are fairly straight forward:

  • Desktop compliance is calculated using the formula "(number of compliant in scope desktop devices + number of compliant unknown form factor devices) / (total number in scope desktop devices as listed in UT Share + total number unknown form factor devices)"

  • Laptop compliance is calculated using the formula "number of compliant laptop devices / total number laptop devices"

  • Mobile Device compliance is calculated using the formula "number of compliant mobile devices / total number mobile devices"

  • Total compliance is calculated using the formula "(number of compliant in scope Desktops + unknown form factor devices + compliant laptop devices + number of compliant mobile devices) / (total number of in scope desktops as listed in UT Share + total number of unknown form factor devices + total number of laptop devices + total number mobile devices)."  

Note that non-high risk or out of scope devices, and Missing/Stolen/Surplused computers are not included in the compliance calculations.

How do I view the latest encryption compliance for my department?

To view the latest compliance figures, log onto ISO-BRIDGE ( - accessible on campus or via VPN). Access to the site is provisioned to Department Heads, ISA's and Desktop Support Associates.

How do I maintain or bring my department computers into compliance?

To bring computers under your purview into compliance see the "How to Maintain Encryption Compliance" page. Please contact OIT ( or your department desktop associate.

Why is it important to encrypt my computers?

Visit the "Computing Device Encryption Requirements" page for background and rationale.