University Policy 52

Responsible Use of Information Technology Resources

Initially approved: December 12, 1994
Revised: December 20, 2002
Revised and Renamed:  May 21, 2018

Policy Topic:  Information Technology
Administering Office: Office of the CIO

POLICY STATEMENT

Information technology resources are provided to support the University's mission. To ensure that these shared and finite resources are used effectively to further the University's mission, each user has the responsibility to:

  1. use the resources appropriately and efficiently;
  2. respect the freedom and privacy of others;
  3. protect the stability and security of the resources; and
  4. understand and fully abide by established University policies and applicable public laws.

II.  SCOPE

This policy applies to any user of the University's information technology resources, whether located on or off-campus, whether University-owned or contracted for use by the University.

III.  DEFINITIONS

  1. The term “information technology resource” shall mean any system, media or software used to transmit, store or process information or data.
  2. The term “user” shall mean any individual making use of a University information technology resource as defined above.
  3. The term “credentials” shall mean the various methods required to authenticate to and access an information technology resource.
  4. The term “malicious software” shall mean software that may adversely affect the security and stability of University information technology resources.

IV.  RESPONSIBLE USE REQUIREMENTS

  1. Users of information technology resources must protect (i) their online identity from use by another individual, (ii) the stability and security of information technology resources, and (iii) the confidentiality and integrity of electronic information.
  2. Users must refrain from seeking to gain unauthorized access, honor all copyrights and licenses and respect the rights of other users of University information technology resources.
  3. Users must cooperate with any investigation of abuse or misuse of information technology resources. To the extent permitted by law and policy, the University reserves the right to access and disclose the contents of any files or Email stored on University information technology resources, without the consent or knowledge of the user. No user should have the expectation that any stored content, whether personal or business-related, will be private.
  4. Users must cooperate with the University to remove any malicious software, as defined above. Failure to cooperate may be grounds for cancellation of access privileges, or other disciplinary actions.
  5. Faculty, staff, and students are required to read their University Email System messages on a regular basis. An Email message regarding University matters sent from an administrative office, faculty, or staff member is considered to be an official notice.
  6. Users must report violations of this policy and other information security concerns to the Division of Information Technology.

V.  RESPONSIBLE USE VIOLATIONS

  1. Sharing your user credentials with others;
  2. Unauthorized attempts to use, manipulate or otherwise gain access to University information or information technology resources;
  3. Unauthorized use of University information technology resources for personal gain for yourself or others;
  4. Use of University information technology resources to store, display or disseminate unlawful communications of any kind, or to harass, stalk, or threaten others, or in similar ways create an atmosphere which unreasonably interferes with the education or employment experience;
  5. Knowingly affecting the security and stability of University information technology resources, including using a system containing malicious software after becoming aware of it.

VI.  PENALTIES

Abuse or misuse of information technology resources may not only be a violation of University policy, but it may also violate certain regulations or criminal statutes. Therefore, the University will take appropriate action in response to user abuse or misuse of information technology resources. Action may include, but not necessarily be limited to, suspension or revocation of access to information technology resources. Violation cases will be referred to the appropriate office for disciplinary action and may require referral to law enforcement authorities.

VII.  REFERENCES

International Standards Organization (ISO/IEC 27002, 8.1.3 Acceptable Use of Assets)

Office of Web Services