Responsible Use of Information Technology Resources
Initially approved: December 12, 1994
Revised: December 20, 2002
Revised and Renamed: May 21, 2018
Technical Change: February 20, 2023
Revised: August 27, 2024
Policy Topic: Information Technology
Administering Office: Office of the CIO
POLICY STATEMENT
Information technology resources are provided to support the University's mission.
To ensure that these shared and finite resources are used effectively to further the
University's mission, each user has the responsibility to:
- use the resources appropriately and efficiently;
- respect the freedom and privacy of others;
- protect the stability and security of the resources; and
- understand and fully abide by established University policies and applicable public
laws.
II. SCOPE
This policy applies to any user of the University's information technology resources,
whether located on or off-campus, whether University-owned or contracted for use by
the University.
III. DEFINITIONS
- The term “information technology resource” shall mean any system, media or software
used to transmit, store or process information or data.
- The term “user” shall mean any individual making use of a University information technology
resource as defined above.
- The term “credentials” shall mean the various methods required to authenticate to
and access an information technology resource.
- The term “malicious software” shall mean software that may adversely affect the security
and stability of University information technology resources.
IV. RESPONSIBLE USE REQUIREMENTS
- Users of information technology resources must protect (i) their online identity from
use by another individual, (ii) the stability and security of information technology
resources, and (iii) the confidentiality and integrity of electronic information.
- Users must refrain from seeking to gain unauthorized access, honor all copyrights
and licenses and respect the rights of other users of University information technology
resources.
- Users must cooperate with any investigation of abuse or misuse of information technology
resources. To the extent permitted by law and policy, the University reserves the
right to access and disclose the contents of any files or Email stored on University
information technology resources, without the consent or knowledge of the user. No
user should have the expectation that any stored content, whether personal or business-related,
will be private.
- Users must cooperate with the University to remove any malicious software, as defined
above. Failure to cooperate may be grounds for cancellation of access privileges,
or other disciplinary actions.
- Faculty, staff, and students are required to read their University Email System messages
on a regular basis. An Email message regarding University matters sent from an administrative
office, faculty, or staff member is considered to be an official notice.
- Users must report violations of this policy and other information security concerns
to the Division of Information Technology.
V. RESPONSIBLE USE VIOLATIONS
- Sharing your user credentials with others;
- Unauthorized attempts to use, manipulate or otherwise gain access to University information
or information technology resources;
- Unauthorized use of University information technology resources for personal gain
for yourself or others;
- Use of University information technology resources to store, display or disseminate
unlawful communications of any kind, or to harass, stalk, or threaten others, or in
similar ways create an atmosphere which unreasonably interferes with the education
or employment experience;
- Knowingly affecting the security and stability of University information technology
resources, including using a system containing malicious software after becoming aware
of it.
- Employee viewing pornographic content on a WCU maintained computer network or on a
device owned, leased, maintained, or controlled by WCU.
- Student viewing pornographic content on a device owned, lease, maintained, or controlled
by WCU.
VI. PENALTIES
Abuse or misuse of information technology resources may not only be a violation of
University policy, but it may also violate certain regulations or criminal statutes.
Therefore, the University will take appropriate action in response to user abuse or
misuse of information technology resources. Action may include, but not necessarily
be limited to, suspension or revocation of access to information technology resources.
Violation cases will be referred to the appropriate office for disciplinary action
and may require referral to law enforcement authorities.
VII. REFERENCES
International Standards Organization (ISO/IEC 27002:2022, Clause 6 People Controls)