Laptop Purchases


What to know about buying a laptop


Purchasing a Laptop

  • Coordinate with School or Department purchasing staff to review reimbursement procedure and seek approved vendors before initiating a purchase.
    • Approved vendors include:
      • Vendors at UCI Buy
        • You'll see links to vendors selling Apple and HP products.
        • You can setup a quote
      • Quotes obtained from HSSOE IT staff with UC-contracted pricing and educational discocunts
    • Example laptop models:
      • OIT publishes UCI hardware standards for laptops,
      • You should include 4-year on-site warranty, and accidental damage coverage
      • Disk encryption is mandatory
  • Review UC Security Policy on Mobile Devices (below) BEFORE making a purchase
    • You might be asked to work with School IT to enable and verify security standards have been met on your purchased laptop before reimbursement is initiated.
      • Send a message to helpdesk at for assistance
  • Include extended warranty (3-4 years) with business-level support.
    • Contact School IT staff for recommendations.


Security Requirements

Laptop purchases must meet UCOP security requirements

  • Please review UCOP website for Systemwide Security Controls.
  • These standards are for EVERYONE (faculty, staff, volunteers, student workforce members, etc) and ALL DEVICES.
    • Policy does not apply to End-user devices used and owned by students for the purposes of attending the University and completing projects.
  • Details regarding policy can be found in this UCOP Minimum Security Document.


Summary of UCOP's Security Requirements on Mobile Devices

  1. Anti-malware: Anti-malware software must be installed and running up-to-date definitions.
  2. Approval and Inventory: Confirm devices can be secured before making a purchasing decision.  Make sure IT Resources and Institutional Information are appropriately recorded in Location inventory.
    • BitLocker is not available on Windows 10 Home version. Therefore, it is not appropriate for University business.
    • Some manufactureres have blocked the ability to reinstall an OS.
    • Do not assume you can upgrade to Windows 10 Pro from Windows 10 Home.
  3. Backup and Recovery: Institutional Information classified at Availability Level 3 or higher must be backed up and recoverable. Backups must be protected according to the classification level of the information they contain.
  4. Encryption: All portable computing devices must be encrypted.
    • This policy is defined by UCOP and includes all laptops.
    • Encryption on Windows 10 Pro MUST be enabled.
      • BitLocker is not available on Windows 10 Home version. Therefore, Windows 10 Home is not appropriate for University business.
    • Encryption on Macs, MUST be enabled
  5. Encrypt Portable Media: Portable media containing Institutional Information classified at Protection Level 3 or higher must be encrypted and safely stored.
  6. Host-based Firewall: If host-based firewall software is available on a device, it must be running and configured to block all inbound traffic that is not explicitly required for the intended use of the device.
    • Built-in Windows Firewall is fine and it must be enabled (it's usually enabled by default)
    • Mac Firewall
    • Block all incoming traffic. Do not create exceptions unless necessary for laptop use.
    • Carefully review exceptions created by software installations.
  7. Local Admin or Administrator: Non-privileged user accounts must be used and only elevated to root or administrator when necessary.
  8. Password/PIN lock: Secure devices with a strong password, PIN, smart card, or biometric lock.
    • Do not enable auto login
  9. Patching: Supported security patches must be applied to all operating systems and applications.
  10. Physical Security: Devices and Institutional Information must be physically secured.
  11. Session Timeout: Devices used to store, or access Institutional Information or IT Resources classified at Protection Level 2 or higher must employ lockout/screen-lock mechanisms or session timeout to block access after a defined period of inactivity (15 minutes or Location limit). Mechanisms must require re-authentication before a return to interactive use.
  12. Supported Operating Systems: Run a version of the operating system that is supported by the vendor
    • Do not use outdated or unsupported operating systems such as Windows XP