Acceptable Use Policy: Computer Resources and Services

Date Issued: 04/05/2011
Policy No.: ITS-010
 

Rationale

The University through the Information Technology Services (ITS)Department provides and maintains computing and telecommunications technologies to support the mission of the University. This policy establishes guidelines and responsibilities for each member of the University community, in order to ensure the security of the University and the users of these technologies. This policy applies to all University users of computing and telecommunication technologies including faculty, staff, students, visitors, and contractors.

Users of these resources should be aware that violations of these policies and guidelines may result in the following actions:

• Written warnings
• Recommended suspension of access
• Recommended permanent revocation of access
• Termination of employment

These actions are described in the section below titled Compliance.
 

Definitions

Sensitive Information – All information that should remain private as designated by the University including, but not exclusive to, social security numbers, credit card numbers, bank-related information,education records and health-related information.

Support Technicians – ITS or other authorized employees by the Chief Information Officer that have the responsibility of maintaining, configuring, and repairing computing devices.

Base Operating System – The collection of programs and utilities that controls the resources of a computer operating system.

University Community – Employees, students, contractors, and guests of the university who are using University related technology services.
 

Procedure Reference

User Responsibilities

Each member of the University Community is responsible for complying with this policy and any other University policy, Federal or State law, or contract regarding the use of computing and telecommunication technologies and/or electronic communication.

Use of Resources
Each member of the University Community is responsible for ensuring the security and integrity of the computer and network resources and services that he/she may use. These responsibilities include securing the physical access to the computer technologies and maintaining the privacy of all computer passwords.

Members of the University community must not engage in any deliberate act that wastes, or prevents others from using, the computing and telecommunication technologies.

The University provides computer and telecommunications resources and services for the benefit of the University’s mission and not for the sole benefit of private use. Therefore, using University resources and/or services to establish, run, or support a personal and/or non-University related venture that does not support the University’s mission is prohibited.

Information Integrity
The University Community is responsible for the accuracy,completeness, trustworthiness, timeliness, and relevance of the data entered and extracted from University information systems.

Users should not unconditionally depend on information or communications to be correct when they appear contrary to expectations. It is important to review all reports for reasonableness in order to verify the integrity of the data entered into University information systems, particularly information that may be used for reporting at a future date (e.g., reports could influence future decisions made by the State concerning student funding, employment opportunities, capital projects, policy design, or other data related issues).

Preventive Maintenance of Computer Equipment
Users are required to perform routine care for the computer equipment located in their offices. Care suggestions may be received by contacting the ITS help desk. Users should take appropriate precautions when consuming food and beverages near computer equipment.

Unauthorized Use
Using University computer and telecommunications technologies with the intent to perform any of the following actions is strictly prohibited:

• Violating Federal or State harassment laws and policies
• Performing an electronic attack on other computers, accounts,and networks
• Transmitting fraudulent messages
• Generating, intentionally transmitting, or intentionally storing viruses, worms, or any other potentially harmful electronic programs or applications without the permission of the Chief Information Officer.
• Intentionally transmitting a large amount of non university related email or “SPAM” without the permission of the Chief Information Officer.
• Performing any type of illegal activity, including the transmitting, storing, copying, and printing of pornographic materials of minors, or making pornographic materials available to minors.
• Using electronic resources for “bullying or harassment”.
• Assuming the identity of any other person, persons, or organization.

Antivirus Software
All computers that utilize campus network resources (wireless or wire line) must have current and approved antivirus software. For a list of acceptable antivirus software, contact the ITS help desk. These computers include all University owned computers and all computers owned by faculty, students, staff, and guests that are used on the campus networks.

All University owned computers are preconfigured with antivirus software that is configured to update automatically. The removal, modification, or disabling of antivirus or other security related software without written consent from the ITS department is strictly prohibited. Permission may be obtained from the Chief Information Officer for the removal or modification of this software.

Unauthorized Access
The use of University computer resources and services without permission may be considered theft of services and may be considered illegal under State and Federal law. The following actions are strictly prohibited:

• Attempting, assisting, encouraging, concealing, or conspiring the use of University computing and telecommunication services without proper authorization.
• Impersonating others in an attempt to access unauthorized use of University computing and telecommunications technologies.
• Using services or installing software that enables the unauthorized use of University computing and telecommunication services.

Unauthorized Software
To install or use any software or data files in violation of Federal or State laws or in violation of applicable copyrights or license agreements is strictly prohibited.

Users should limit the use of personal copies of software packages installed on University-owned computers. Installing software licensed for single use on both a University-owned computer and a personal computer may violate software licenses or Federal copyright laws. To ensure compliance with software licenses and copyright laws, users should only install software packages purchased by the University or other authorized software packages for use onto University-owned computers.

Before installing or downloading software, a user must read the license agreement and certify compliance.

The use of licensed software on University-owned computers or related equipment without the proper license materials is strictly prohibited.

Software Modification
No one shall remove or replace operating system or hardware of any University computer without proper authorization from the Chief Information Officer.

Designated ITS technicians are the only individuals authorized to reconfigure University desktop and laptop computers. Users may not modify the hardware, operating system or application software of a University computer unless they have been authorized to do so by ITS. Permission to modify the base operating systems can be obtained from the Chief Information Officer.

Peer to Peer
Users are prohibited from installing and using Peer to Peer programs on University equipment without the permission from the Chief Information Officer. Users are prohibited from illegally acquiring,copying, storing, redistributing copyrighted computer programs and other copyrighted materials, such as music and movie files.

Privacy
All electronic information stored on University equipment or all such information that passes through the University’s network belongs to the University. The University has the right to monitor and investigate all such information without consent. The use of University computer resources and services without permission may be considered theft of services and may be considered illegal under Federal or State law.

User Accounts
Members of the University Community will be provided with user accounts to access computing and telecommunication resources as necessary. These resources are provided to students, employees (i.e., faculty and staff) and guests.

University employees are only provided with a single sign-on account for email and related services. Multiple accounts are not provided without written and approved justification from the Chief Information Officer.

These accounts are intended for individual use only. The sharing of these accounts with other University and non-University personnel is strictly prohibited. If users believe that their account has been compromised, they should contact the ITS help desk immediately.

Storage and Transmission of Sensitive Information
It is strictly prohibited to store sensitive information on laptop computers or on portable disk devices. It is strictly prohibited to store sensitive information on desktop computers without the express written consent from the Chief Information Officer. Once a campus user is provided consent to store sensitive information on their computer, the user will be required to attend annual security training and the computer and the computer’s physical environment may require additional security.

It is strictly prohibited to transfer sensitive information using email or instant messaging.
 

External Investigations

The University may choose to, or may be required to, participate with investigations associated with Federal, State, Local, or other authorities. The University reserves the right to provide access or information associated with computing and telecommunication technologies to those authorities without notice to the University community, whether such evidence is discovered as part of investigations initiated by authorities inside the University or through external investigations conducted by those authorities not associated with the University.
 

Employee Compliance

Computer violations may be discovered through a variety of mechanisms including, but not limited to, the following:

• Letters to ITS
• Emails to ITS
• Telephone calls to the ITS help desk
• Discovery through the monitoring systems and services managed by ITS

A designated ITS employee will investigate the event and provide a report to the Chief Information Officer.

If the report details offenses that are determined by the Chief Information Officer to be in violation of state or federal law, the Chief Information Officer will deliver a copy of the report to University Police and University Counsel, and, if necessary, to the appropriate Vice President and the President. In such cases, ITs will contact and include in its investigation any state or federal law enforcement authorities.

If a user or a service is negatively impacting the performance of the network or critical components in the information technology operating environment, the Chief Information Officer may have that service or user immediately removed or blocked temporarily until the service is no longer a threat to the network or the information technology operating environment.

Employee offenses that are not considered serious will follow the process outlined below. Offenses that may violate federal or state law, or those offenses that violate privacy or unauthorized access, are considered serious and alternative procedures may be followed.

First Offense
A letter will be sent to the individual and their immediate manager stating the following: