Texas State University Logo
Banner Image
Technology Resources (TR)
601 University Drive, JCK 720
San Marcos, TX 78666

TR: 512.245.2501
ITAC: 512.245.ITAC (4822)

Quick Links

IT Assistance Center (ITAC)

Join the Conversation

adjust type sizemake font smallermake font largerreset font size

Laptop Encryption Program

Expand or Collapse all.

Click to learn more about Texas State's encryption efforts.

Due to their size and mobility, laptops are easy to lose and easy to steal. It is everyone’s responsibility to protect and secure data stored on these devices from unauthorized or unintentional data exposure. By encrypting and protecting all university-owned laptops, Texas State is adopting an industry best practice that lessens the risk of data exposure without the need to determine if confidential information was present on a missing laptop. In other words, if we can prove that the data was protected, we can be sure that the data does not get into the wrong hands. Furthermore, with device encryption, we can remotely remove protected data from the device as well.

In a 2010 study, 46 percent of lost laptops contained confidential data, only 30 percent of those systems were encrypted, and only 10 percent had other anti-theft technologies (See The Billion Dollar Lost Laptop Study PDF, Ponemon Institute and Intel Corp). According to the FBI and the insurance institutes, laptop computers are the number one stolen item in the United States with approximately 1,800 stolen per day across the country.

Additionally, the Texas State Laptop Encryption Program will address State of Texas mandates found in the Texas Administrative Code, Title 1, Part 10, Chapter 202, Subchapter C, Rule §202.75 and UPPS 04.01.01: Security of Texas State Information Resources.


Reduce the risk of university confidential data exposure through stolen or lost equipment. Implement full-disk encryption solutions that meets industry and State of Texas Administrative Code (TAC 202) standards. 

Texas State's Device Encryption Solutions


Windows Laptops Mac Laptops

McAfee Endpoint Encryption

McAfee logo

FileVault 2



Both McAfee Endpoint Encryption and FileVault 2 are enabled when at rest, provide minimal impact to the laptop owner, and are highly rated in the encryption industry. 

Note:  Other operating systems that are not Windows or Mac-based (e.g., Linux), must have an approved Texas State Device Encryption Exception Request form on file with ITAC.

Protecting data via laptop encryption is everyone's responsibility.

Adoption Plan

New Laptop Computers

Computer Replacement Program (CRP) Laptops

All new computer replacement program (CRP) laptops will be encrypted prior to delivery.

Department Funded Purchase (DFP) Laptops

Anyone who purchases a department-funded laptop must contact ITAC to have the laptop encrypted or have an approved Texas State Device Encryption Exception Request form on file. Where applicable, ITAC will involve the department’s technical support person (TSP) to aid in software installation, encryption set up, and end-user training.

Existing Laptops on Campus

First Round of Laptop Encryption

In an effort to encrypt as many laptops as possible, ITAC will undergo the below initial laptop encryption effort:

  1. ITAC will contact each department's inventory account manager and provide a list of all laptops in that department that require encryption. 
  2. Within a two-week time frame, the account manager should reply to ITAC's inquiry by returning the Excel document template identifying the following information of the Texas State employee who is the primary user of each laptop on the inventory list. 
    • Name
    • NetID
    • Phone
    • Location
    • Whether or not the laptop is the employee's primary computer
  3. ITAC will send a request to each laptop owner to make an appointment to encrypt their laptop.
  4. The process will be defined in the service request ticket and the laptop owner should respond within two weeks to begin the process.
  5. From that point, ITAC will work closely with the laptop owner to ensure that the encryption process is a success.
  6. A security enabled Device Encryption label will be affixed to the laptop indicating that it has been encrypted.

Encryption Security Label Example

Important Notes: 

  • Do not remove the Device Encryption security label. 
  • Do not assume that the device is encrypted simply because the laptop has a label.  Before you re-image the laptop or reload the operating system, you should follow the Encryption Re-image Process. 

Protecting data via laptop encryption is everyone's responsibility.

After the First Round and Going Forward

After the first round of laptop encryption is complete, it will be the responsibility of the laptop owner and the department inventory account manager to ensure that all laptops are encrypted and stay encrypted or have an approved Texas State Device Encryption Exception Request form on file.

Any new laptop that is added to an inventory list must have encryption on it to protect university and personal data or have an approved Texas State Device Encryption Exception Request form on file. 

Laptops that need to be re-imaged or have a new operating system installed must follow the Encryption Re-image Process or have an approved Texas State Device Encryption Exception Request form on file.

Encryption Options

Click here to view the process.

  1. When notified by ITAC, the laptop owner should reply and make an appointment for a specific date to drop their off laptop at the ITAC Walk Up Center.
  2. ITAC will back up their data and install device encryption software.
  3. ITAC will activate encryption on the laptop.
  4. ITAC will contact the laptop owner when the computer is ready for pick up.
  5. When the computer is picked up, ITAC will provide encryption awareness and answer questions.
    Note: Once ITAC has verified that the laptop is successfully encrypted, the data back up will be deleted.

Approximate turnaround time:  3 business days

There is no charge for this service.

Note: Computers that are re-imaged or have a new operating system should follow the Encryption Re-image Process.

Details, What to DOs, and How TOs