University Information Services Policies

REVISION HISTORY
Version 2
Rewrite: May 1st, 2018
Version 1
Final Draft: November 21, 2013
Initial Draft: January 8th, 2009


PURPOSE
The purpose of this policy is to outline acceptable use of Computing Devices and University Information Resources at the University. Responsible use of computing devices and other information technology is necessary to ensure that these resources are available to all in the Stritch Community when needed, and that both the University and those who use the resources are protected from harm.

SCOPE
This policy applies to all individuals who use, access or control University Information Resources.  This includes, but is not limited to, students, faculty, staff, contractors, vendors, guests, visitors and any other individual authorized to use University Information Resources. Computing and Information Resources include all electronic equipment; facilities; technologies and data used for information processing, transfer, storage, and display; print and other communications by the University; computer hardware and software; computer labs; classroom technologies, such as computer-based instructional management systems; computing and electronic communications devices and services; modems; email; networks; telephones; voicemail; facsimile transmissions; video; multi-function printing devices; mobile computer devices; data; multimedia and instructional materials. Information Resources also include services that are owned, leased, operated, provided by, or otherwise connected to the University, such as cloud computing, or any other University-connected or hosted service.

POLICY
The University’s computing devices and other technology software and hardware constitute facilities of the University. As such, they provide critical support for the teaching, learning and other general operational activities necessary to conduct the institution’s business on a daily basis and to communicate effectively across all constituencies in the Stritch Community and with external guests, vendors and others.

Though this policy sets forth general expectations regarding the use of University Computing and University Information Resources, it does not override applicable international, federal, state, local or other statutes.  Any and all Individuals who are provided access to University Information Resources will be expected, at all times, to be knowledgeable of and abide by the standards for compliance set forth in this policy, and to exercise good judgment regarding acceptable use.
The University cannot be held accountable for any action an individual takes that is contrary to this or any other University policy, is contrary to the mission and goals of the University or is contrary to generally acceptable actions regarding the use of computing and/or other technology resources. Nor can the University be responsible for content or actions which originate on non-University Information Resources.

The University reserves the right to change any portion of this policy at any time and to limit or restrict use of its University Information Resources, including but not limited to restricting access to University Information Resources and non-University Information Resources accessed on or through University Information Resources.
The official copy of this policy overrides all other copies and is located at: http://www.stritch.edu/OIS.

General
University Information Resources may be used only by individuals who have been explicitly authorized to do so and only to the extent authorized.  The ability to access a resource does not imply authorization to do so.
University Information Resources may not be used:

• In a manner or for a purpose that violates University policies or which is illegal or unethical.
• For commercial purposes, except where explicitly approved, in writing, by the University.
• To harass, bully, or stalk an individual or group.
• For non-authorized organized political activities such as lobbying or campaigning.
• To support one’s own outside employment or other forms of personal financial gain.

Any University Information Resources in the possession of an individual must be immediately returned to the appropriate unit when requested, or when an individual’s employment or other relevant relationship with the University ends.

Any data, information or resource created as part of an employee, vendor or contractor’s job on behalf of the University belongs to the University and must be made available when requested by authorized personnel or when an individual’s employment or other relevant relationship with the University ends.

Any action which would result in loss of data, corruption of data, loss of use or degradation of performance of any University Information Resource or which in any way would have negative impact on other individuals or the University will not be tolerated. Determination of potential negative impact is solely at the discretion of the unit that manages the resource.

Please Note: Individuals have no expectation of privacy regarding any activity while using University Information Resources.  The University may access and monitor data in University Information Resources at any time for any purpose consistent with duties as well as at the direction of authorized external legal authorities.

Any attempt by any user to circumvent security measures, mask the identity of the user, cause disruption of service, scan network ports, discover and/or exploit vulnerabilities of other devices on the network, or capture and/or view data not intended for the recipient is strictly prohibited. Any exceptions made are solely at the discretion of the University.

Any attempts to access or use external devices, networks, services, etc., in a manner that is prohibited, inconsistent with acceptable use guidelines, or is regarded as illegal or unethical, are strictly prohibited.

Personal Use

Employees may make limited, occasional or incidental use of University Information Resources for personal, non-business use as long as the use:

• Is consistent with the mission and values of the University.
• Does not interfere with the productivity of the employee.
• Does not utilize excessive amounts of resources.
• Is not presented or interpreted as representing the University.
• Does not violate any other University policy or any local, state, federal or other enforceable relevant law.

Network Connections

• Any device that attempts to circumvent security measures, mask the identity of the user, cause disruption of service, scan network ports, discover and/or exploit vulnerabilities of other devices on the network or capture or view data not intended for the recipient is strictly prohibited.
• The individual in control of any device connected to the network is responsible for the security of, and traffic generated by, that device regardless of origin.  Any device which is generating unwanted traffic will be removed from the network and may not be reconnected to the network until all issues have been resolved.
• University networks may not be used to gain or attempt to gain unauthorized access to non-University systems or to access systems or materials which are illegal or otherwise prohibited.

Computers

• Use of non-public University owned computers by non-authorized users is prohibited. Non-public University owned computers in public areas are identified with a label “For Employee Use Only.”  Staff computers, faculty computers, servers and control systems, computers in offices or other non-public areas, and computers used for financial transactions, such as point of sale computers, should be considered non-public.
• All computers that are connected to University Information Resources including, but not limited to, student and privately-owned computers, are required to have (a) all current operating system and software patches installed; and (b) University-approved security software installed and operating with the latest malware and exploit definitions, and to be in good working condition.
• Loss, damage or theft of University owned equipment must be reported immediately to appropriate University staff.

Electronic and Digital Communications

• Any activity that reasonably can be assumed to be offensive including, but not limited to, sending unsolicited email (SPAM, junk mail or phishing attempts), allegedly harassing or threatening email, or the creation and forwarding of chain letters is prohibited.
• Unauthorized use or access of other users’ email, forging or manipulation of email headers, or falsely representing the University or other individuals in any manner is prohibited.
• Sending or storing excessive amounts of email or emails of excessive size is prohibited.

Extreme caution should be used when accessing email from unknown senders, particularly when there are attachments or links within the message.Messages such as these often contain viruses or other malicious code.

Please Note:  Always be skeptical of offers that seem too good to be true, and of requests for personal information.  You should never provide account login information, passwords, social security numbers, bank account numbers or other highly confidential personal information via email or via web links from email.

Phone

• Use of University owned or controlled phone numbers to conduct non-University business including, but not limited to, solicitation of funds, sales and support is prohibited.
• Making non-emergency calls to 911 or other emergency services is strictly prohibited.
• Any call which may be deemed harassing or prank calls of any kind are prohibited.

Fax

• Fax machines must be set up to display the correct phone number of the fax machine on all outgoing fax communications.
• Fax machines may not be used to transmit sensitive data including, but not limited to, personally identifiable information.

Data

• Unauthorized access of University data is prohibited.
• It is the responsibility of each user to protect their own data, including making local backups of critical files where central backups are not already being made; ensuring that systems are routinely scanned for virus, malware and other malicious programs; and ensuring that systems are up to date with relevant security patches and updates.
• Sensitive data including, but not limited to, personally identifiable information may not be backed up or stored on local machines or media.
• Sensitive data including, but not limited to, personally identifiable information may not be transmitted over insecure methods including, but not limited to, FAX machines and unencrypted email.

Security and Privacy

• Please Note:  Though the University takes all reasonable steps to protect the privacy of assigned accounts to authorized users and of Information Resources generally, absolute security and privacy cannot be guaranteed. As a result, it is the responsibility of each individual to protect private information in accordance with designated University procedures and protocols.
  • It is strongly recommended that all authorized users change their passwords every six (6) months. Passwords should be secure, easy to remember and hard to guess.  Current password best practices are available on the University’s web site at http://www.stritch.edu/Student-Life/Services/Information-Services/Technology-Blog   Authorized users are responsible for the security of their passwords and accounts.
  • It is strongly recommended that all authorized users change their passwords every six (6) months. Passwords should be secure, easy to remember and hard to guess.  Current password best practices are available on the University’s web site at http://www.stritch.edu/Student-Life/Services/Information-Services/Technology-Blog   Authorized users are responsible for the security of their passwords and accounts.
• Only authorized users will have administrative access on University machines.
• Attempts to access accounts for which you are not authorized are strictly prohibited.  In the event that a University system administrator needs to access private information or another account, such activity will be documented and subject to review.
• Information Resources, inclusive of all hardware and software, are considered to be the facilities of the University. Though the content of authorized user accounts generally will be treated as private (e.g., not examined or disclosed), such accounts will be accessed by designated University employees when:
  • System maintenance, business necessity and/or security measures are required.
  • When the University has a reasonable belief that an individual has violated applicable policies and procedures, has violated applicable law, and/or placed the University, its systems or members of the University community at risk.

Copyright

• In general, copying, storing, displaying or distributing copyrighted material using University Information Resources or systems without the express permission of the copyright owner, except as otherwise allowed under copyright laws, is prohibited.
• The official and complete University Copyright policy can be found on the University Library web page at  http://library.stritch.edu/Guides/Research/Copyright

Enforcement

Violations of this policy and related procedures will result in the immediate suspension and possible revocation of access to University Information Resources and supporting systems.  Serious violations will be referred directly to the appropriate University official. Penalties for violation(s) of University policy will include a form of discipline up to and including dismissal from the University. In those cases where the unauthorized use of University Information Resources constitutes a criminal offense, the appropriate external law enforcement authorities will be contacted. 

Definitions

University Information Resources:  Any and all devices, hardware, services, software, data, media and networks owned by, controlled by or operated on the behalf of the University that can be used in creating, storing, sharing, transmitting, accessing data, communications and information.

Computing Device: Any electronic device that can access, work with and store information, including but not limited to desktops, laptops, tablets, smart phones, etc.

As our world becomes increasingly digital, we need everyone to pitch in to help protect our University’s resources. By following a few simple steps and developing good security habits, you can minimize opportunities to inadvertently expose sensitive data or information.

What is sensitive data? “Any name or number that may be used, alone or in conjunction with any other information, to identify a specific person.” For example: name, address, telephone number, social security number, date of birth, government issued driver’s license or identification number, government passport number, employer or taxpayer identification number, unique electronic identification number or a routing code. Review Acceptable Use Policy.

• Good habit: Do not store sensitive information such as student records, credit card numbers or social security numbers on your computer unless it is absolutely required by your job. If required, contact the Office of Information Technology (OIT) for assistance with properly safeguarding the information. Do not share sensitive data via email at any time, and be particularly careful on the internet to make sure a site is secure by looking for a url that begins with ‘https’ or look for a logo such as: VeriSign.

Email: Email, chats, instant messengers, Facebook, etc. are not secure and should never be used to send any information you do not want exposed to the public. Social networking sites are playgrounds for criminals. Limit what information you share. Avoid email with embedded links and attachments from sources you don’t recognize. Many email messages and viruses look like valid messages. Be aware of phishing which is a high-tech scam that either asks for your credit card, bank account, passwords, or social security numbers OR leads you to a web site that looks official and asks for the same type of information.

• Good habit: If you can’t post the information comfortably on the closest billboard, think before sending it via email. If you don’t recognize the sender, delete it—they will send the message again if it is real or call instead.

Passwords: A password is the first line of defense. Choose ‘strong’ passwords with at least eight characters, using a combination of numbers, upper and lowercase letters and at least one special character (!#@^%*). Remember to change your passwords frequently. Remember, OIT will never request your log in, password, birth date, etc. via email.

• Good habit: Do not share your password with others and do not post it in an obvious place (like a post it on the computer or in the top drawer of your desk).

Back up your work: You have just spent a significant portion of your time creating a lesson plan, lecture notes, preparing a grant, writing an article…..remember to save it and go one step further – back up all of your personal work on a weekly basis to a CD/DVD or other external media.

• Good habit: Set aside a portion of time each Friday to back up your work and clean up your email. Once you have your data backed up, be sure to test it to ensure it can be retrieved. Store your back ups in a safe location.

Love your computer: Log off or use the keyboard locking function when stepping away from your computer. If you don’t, others can easily access your email or other documents. If you are using a laptop, run a virus check before connecting it to the Stritch network. Make sure your computer is always up to date with security patches and virus protection.

• Good habit: Learn how to run the virus check if you have a laptop—if you need help, call x4600. If your computer starts acting ‘funny’ – call before trying to fix it yourself unless you have good computer troubleshooting and diagnostic skills.

Shred your documents: Remember to shred sensitive documents in the office and at home. People with a malicious intent will search through trash to get what they want.

• Good habit: Share your good habits with others and stay safe.

PURPOSE
Cardinal Stritch University is presenting this policy to help guide our faculty, staff and students in the legal use of copyright material and to provide detail about the Universities enforcement, as well as potential civil and legal implications, for individuals who violate copyright laws.

SCOPE
This policy applies to all individuals who use, access or control University electronic resources to store, access or share copyrighted materials or materials owned or created by another person or entity. This includes, but is not limited to: students, faculty, staff, contractors, vendors, business partners, guests, visitors and any other user who uses University owned or controlled electronic resources.

POLICY
It is illegal, and therefore prohibited on any Stritch system or network, to store, access or share any material which is copyrighted or owned by a third party for which you have not obtained current legal permission from the copyright owner, or for which there is not an existing exception provided for within copyright law, to use in the manner and for the purpose in which you are using the material. Doing so violates the United States Copyright Act and potentially other laws or regulations and exposes you to civil, criminal and or University sanctions.

COPYRIGHT POLICY
When obtaining permission to store, access or share copyrighted material you should ensure that you receive permission in writing, that it clearly states what material is covered, the purpose and method that you intend to use the material, any limitations to your permission, including but not limited to valid dates and proof that the provider is the legal owner of the material along with any other relevant or legally required documentation. You may be asked to provide this at any time to University officials, law enforcement or others with a legal right to this information.

If you are using an existing exception, such as Fair Use, it is your responsibility to ensure and document compliance with any and all relevant laws. In exorcising an exception to gaining explicit permission from the copyright owner, you take on full responsibility and may be subject to civil, criminal and/or University sanctions if your use is determined to not qualify for the exception.

The University will comply with any reasonable and lawful requests regarding violation or potential violation of existing copyright law in legal and responsible manner.

UNIVERSITY ENFORCEMENT
[To be determined by the proper University resource]

SUMMARY OF CIVIL AND CRIMINAL PENALTIES FOR VIOLATION OF FEDERAL COPYRIGHT LAWS
The following information is not meant to be a complete list of all penalties but rather a simple summary to provide a general idea of current penalties at the time this policy was last reviewed.

Copyright infringement is the act of exercising, without permission or legal authority, one or more of the exclusive rights granted to the copyright owner under section 106 of the Copyright Act (Title 17 of the United States Code). These rights include the right to reproduce or distribute a copyrighted work. In the file-sharing context, downloading or uploading substantial parts of a copyrighted work without authority constitutes an infringement.

Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or “statutory” damages affixed at not less than $750 and not more than $30,000 per work infringed. For “willful” infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys’ fees. For details, see Title 17, United States Code, Sections 504, 505. Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense. For more information, please see the website of the U.S. Copyright Office which is listed below.

ADDITIONAL RESOURCES
• U.S. Copyright Office website - www.copyright.gov
• Recording Industry Association of America (RIAA) - www.riaa.com
• Copyright for Student Use (Cardinal Stritch University) - www.stritch.edu/Library/DoingResearch/Copyright/Copyright-for-Students/

Identity and Accounts Policy
Effective Date: January 8, 2018
Revised: 1/8/2018
Status: Approved
Version: 1.2
Responsibility University Officer: Provist; CIO
Responsibility Coordinating Office: Acasemic Affairs; Office of Information Services

REVISION HISTORY
November 22, 2013 - Initial draft
January 8, 2018 – HEOA clarification revision

OVERVIEW
Cardinal Stritch University requires that all individuals who are accessing protected or private information or University systems and resources provide a unique username and password which has been assigned to that individual and which will act as their electronic identity.

PURPOSE
The purpose of this policy is to establish a unique, traceable electronic identity for every individual using Cardinal Stritch University electronic resources to ensure that access to information can be limited to only those who need access and to ensure that the individual accessing the resources is the intended party.
 

SCOPE
This policy applies to all individuals who use, access or control University electronic resources.  This includes but is not limited to students, faculty, staff, contractors, vendors, guests, visitors and any other user who uses University owned or controlled electronic resources.

POLICY
Wherever possible, all access to electronic systems, information or resources will be authenticated against the University Active Directory database.  Accounts for all students, faculty, staff, vendors and visitors are created utilizing an automated process which pulls data from our SIS/ERP system, Jenzabar EX, based on a set of rules defined around the relationship that the individual has with the University.  This includes but is not limited to: creating accounts for students only after they have been accepted to the University; creating accounts for employees only after they have been fully hired by the University; creating accounts for vendors as employees only if they have a specific need for access and then only during the time that they are actively working on University business.

Active Directory accounts are tied back to the individual by their SIS/ERP ID number, are unique to the individual, and after initial setup only the individual has access to their password.

When it is not possible to directly tie authentication back to Active Directory, an intermediary system such as ADFS utilizing SAML, custom SAML code, AD LDS or other systems may be used.  When this occurs, every effort must be made to tie the account back to a specific individual. 

All University owned, controlled, operated, rented, leased or otherwise engaged systems which a student uses to submit course work or which represent the student in any academic endeavor in relation to the University must have an account which ties back to the student using either their SIS ID number or their Active Directory login.

REVIEW
The Provost’s Office is responsible for developing and ensuring compliance with this policy in the University’s various Colleges, Schools and administrative units.  The Provost’s Office will inform the deans and administrative officers when changes to the policy are made.  The Office of Information Services (OIS), is responsible for ensuring that university-level system and processes remain in compliance with this policy.

ADDENDUM - HEOA COMPLIANCE
This policy applies to all credit-bearing distance education courses or programs offered by the Cardinal Stritch University, beginning with the application for admission and continuing through to a student’s graduation, transfer, or withdrawal from study. The policy is used to design and implement systems to ensure that Cardinal Stritch University operates in compliance with the provisions of the United States Federal Higher Education Opportunity Act (HEOA) concerning the verification of student identity in distance education.

The HEOA requires that institutions offering distance education or correspondence courses or programs have processes in place to ensure that the student registering for a course is the same student who participates in the course or receives course credit. The Act requires that institutions use one of the following three methods:

• A secure login and pass code;
• Proctored examinations; and
• New or other technologies and practices that are effective in verifying student identification.

To satisfy the current requirements, Cardinal Stritch University requires all students to use their official University provided account / ID and password (a secure login and pass code) for purposes of identity verification for distance learning.

PURPOSE
The following guidelines have been created to help protect you and the University from accidentally losing or exposing sensitive information while using portable electronic devices, including but not limited to notebook computers, personal digital assistants (PDA), cell phones, smart phones, flash drives and other media which contains personal or University data. It is the responsibility of each employee to follow these guidelines and any other reasonable steps to protect information and equipment.

DEFINITIONS
Sensitive information consists of but is not limited to:

• Identity information (names, addresses, birth dates, id numbers or other information linking back to an individual).
• Transactional data (student records, financial transactions, loan information, etc.).
• Access and authorization information (account names, passwords, etc.).
• Any information which would potentially harm or impact the University’s ability to do business.

GUIDELINES
Social security numbers and credit card numbers must NEVER be stored on local computers, portable electronic devices, or media. Refer to the Remote Access Policy for policies and information on how to access this and other types of information appropriately.

When you first receive a portable electronic device or media make sure that you write down the relevant manufacturer, model, serial number and physical description. Store this information in a secure location separate from the device or media so that you will have it should it be needed later.

You should take a  copy of this information with you when you travel, but make sure that you keep it in a separate location from the device or media. You are responsible for maintaining current software versions and updates (i.e. virus software, operating system updates, and application software such as Jenzabar, PowerFaids, Infomaker, etc.), on any laptop in your possession. When reconnecting a laptop to the University’s network, it is imperative you confirm that you are running the latest software versions.

You should always make sure that you have physical possession of any device or media that contains sensitive information when you travel.

• Do not check these devices or media, instead take them as carry-on items.
• When you need to put these devices or media down (while conducting business, eating, riding in a vehicle, etc.) try to keep physical contact if possible and if not ensure that you can visually see the device or media at all times.
• When relinquishing possession of the device or media (while going through airport security, loading bags into a taxi, etc.) make sure that you can visually see the device as much as possible and take possession as soon as possible afterwards.
• When leaving the device or media unattended (such as in a hotel room, conference room, office, etc.) make sure that you secure it in a locked location or leave it with a trusted source. When returning to the room, make sure that you take possession and ensure that no one has removed or accessed the device or media immediately. Never leave the device unattended in an unlocked or unsecured location.
• You should avoid leaving the device or media in a vehicle, but when you need to do so, make sure that you put it out of sight, preferably in the trunk of the vehicle, and that the vehicle is locked. Check to ensure that the device or media is still in the vehicle immediately upon returning.

You should always make sure that you have a current, secure and reliable backup of any sensitive data contained on the device or media.

• It is not possible for the University to centrally backup data contained on flash drives, CDs, PDAs, cell phones, smart phones, etc. at anytime.
• It is not possible for the University to centrally backup data on a notebook when it is not physically on our network.
• You are responsible for making sure that you back up your data frequently and that you store the backups in a secure location separate from the device or media being backed up.
• You must protect the physical access to and contents of these backups with the same level of regard as the originals.

You should encrypt or password-protect any device or media containing sensitive data.

• Every device needs to have a password enabled in order to access the data on the device. You should lock the device so that it requires this password every time you turn it off or put it down.
• If the device or media has the ability to be encrypted, this feature needs to be turned on.
• Passwords should be difficult to crack but easy for you to remember. Good passwords are never recognizable words, phrases, names or dates and should always contain a mixture of upper and lower case letters, numbers and punctuation and should be at least 8 characters long if the device allows. Some devices, such as cell phones or PDAs may limit password length and content. When this is the case, use your best judgment to create as secure a password as possible.
• Passwords should be changed frequently (at least once every 6 months).
• Do not ever store passwords on the device or media or have them written down with the device or media. If you need to write a password down, try writing a hint for yourself rather than the actual password.

If a device or media containing sensitive data is lost or stolen, immediately report the incident to the local authorities and notify the helpdesk with the following information. Delays may increase the risks to the University.

• Device or media manufacturer, model, serial number and physical description.
• What sensitive information is stored on the device or media.
• When, where and under what circumstance the device or media was lost or stolen.

If you have questions or if a device has been lost or stolen, please contact the Helpdesk at:
Phone: (414) 410-4600
Email: support@stritch.edu

Security experts no longer consider traditional passwords, ones which are single word comprised of various characters including letters, numbers and symbols, to be secure.  Instead, they are recommending the use of pass phrases – original combinations of unrelated but memorable words.

Many people find pass phrases to be easier to remember then traditional passwords and the experts find well-crafted pass phrases to much more difficult to guess or crack. 

When creating a new pass phrase, consider stringing three to four unrelated words together.  It is best not to use well known combinations of words, such as famous quotes, as these are still easily guessable.

Some examples of a good pass phrase would something like:

• chicken car paperclip
• tea bucket prom
• dice for batteries

As you can see, capitalization, character substitution, numbers and symbols are not needed, and odds are you can already remember at least one of the samples from above.  Passwords still need to be at least 8 characters long on our system and you cannot re-use a password that you have previously used.

When changing your password, do not reuse an old password, even if you have changed it up.   Also, do not use well known phrases or phrases made up of information that someone could know about you, such as names of family or pets, birthdays, anniversaries, favorite cars, activities, etc.

Some BAD password/passphrase examples:

• Passw0rd123
• Grandma Moses
• My Dog Spot
• May the Force be with you

A well-chosen password is essential to protect your personal identity, your data and to ensure that our systems remain available. 

Remember, we will NEVER ask you for your password. 

You should never share your password with anyone.

OVERVIEW
Cardinal Stritch University (“Stritch”) developed this Peer-to-Peer (“P2P”) File Sharing policy as a result of the serious legal implications of violating copyright laws by sharing certain materials using P2P File Sharing. This policy also focuses on the security risks and negative impact P2P File Sharing applications can have on network capacity. The policy was developed with oversight and approval of the Office of Information Technology and the University Leadership Team.

PURPOSE
The purpose of this policy is to provide guidance in the legal and responsible use of P2P technologies.

SCOPE
This policy applies to all individuals who use, access or control University electronic resources to store, access or share copyrighted materials or materials owned by a third party. This includes, but is not limited to, students, faculty, staff, contractors, vendors, guests, visitors and any other user who uses University owned or controlled electronic resources.

POLICY
While Stritch recognizes the potential academic purpose of file sharing and peer-to-peer applications and does not automatically ban their use on our networks and systems at this time, from time to time some or all P2P services may be limited or completely blocked as deemed appropriate by the Office of Informatio n Services. This policy sets forth general expectations in legal and responsible use of P2P technologies.

This policy does not override applicable international, federal, state or local laws. Individuals storing, accessing or sharing files on Stritch owned and/or controlled systems are personally responsible for their actions and are subject to all applicable laws.

Copyright

• See the University Copyright Policy
• Only files and content which can legally be shared via P2P are allowed to be shared via P2P technologies.

Impact to Network and Systems

• Improper use or overuse of P2P applications can cause significant degradation of performance on the network or the systems on which the P2P applications are running. The University reserves the right to block or shutdown any service which negatively impacts our systems without warning. It is the responsibility of the user to ensure that P2P technologies are used responsibly and with respect for other users.

Security

• P2P applications copy files from unknown sources to your computer. This puts the computer you are using at risk of having computer viruses, malware or spyware installed without your knowledge. Malware (Malicious Software) and Spyware (an application that collects, records and transmits private information including but not limited to anything typed on the computer, any activity performed on the computer, any location visited from the computer and any information contained on the computer) can expose your personal identity with others as well as provide access to University systems to identity thieves and others with nefarious intentions.
• P2P applications share files from your computer to unknown sources. This puts any information stored on the computer at risk of being disclosed outside of the University or to parties to which it should not have been shared. It is imperative that you understand what your application is sharing and that you take proper steps to insure that you are not exposing confidential or sensitive information or inadvertently sharing copyrighted material.
• No files containing personal identity information or other sensitive, proprietary or protected information should ever be shared using P2P applications. Systems containing such information should not have P2P applications installed on them and should not use P2P technologies.

LEGAL ALTERNATIVES
Educause has compiled and maintains a list of legal sources of online content. That list can be viewed at https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/educause-policy

ENFORCEMENT
Cardinal Stritch University does not, at this time, prohibit and or block the use of peer-to-peer applications in general on its network, though any specific service may be blocked at any time and al l P2P sharing may be blocked if necessary. The University understands that there are potentially legitimate academic uses for such applications. However, use of these applications has been known to cause problems, which can affect the entire University community. Cardinal Stritch University expects that all computers and networks on the campus will be used in a manner consistent with the Acceptable Use Policy and compliant with applicable law. The University is under no obligation to protect a user from a complaint or action arising from violation, or alleged violation, of the law. Users should understand that while material is available for free on the Internet, it does not mean that accessing such material is authorized by third party rights-holders. Cardinal Stritch University prohibits the use of peerto-peer applications on its networks to transmit or exchange any music, software or other materials, when the intellectual property is held by a third party. Any use of our network in violation of this policy will be subject to discipline.

The University will continue to see that the Stritch community is not adversely affected by the use of peer-to-peer programs. When such programs are seen to affect the network in a manner not consistent with University policies or are degrading the performance of the network, appropriate action will be taken.

The community should be aware that peer-to-peer applications are not always harmless and in using them one may inadvertently consume excessive network bandwidth, violate copyright and/or other laws, share confidential information or jeopardize computer security. Disproportionate bandwidth usage and copyright and other third party infringement are violations of the University's Acceptable Use Policy1. Any such violations, intentional or otherwise, are the sole responsibility of the individual whos computer or account is being used.

Examples of P2P programs are: Napster and Gnutella Skype Kazaa BitTorrent

REFERENCES

• United States Copyright Office - www.copyright.gov
• Recording Industry Association of America (RIAA) - www.riaa.com

PURPOSE
To protect the University from any liability for theft, loss, damages or lost data resulting from Technology Support Services Technicians working on any type of personal computing equipment (technology).

POLICY
It is the responsibility of the Cardinal Stritch University Technology Support Services to maintain the technology that is the property of Cardinal Stritch University. Technology Support Services provides complete hardware and software support and repair services for university-owned technology.

Cardinal Stritch University has a team of certified technicians, who provide on-site support for University-owned computers during University business hours.

Note: it is not the responsibility of the Technology Support Services Technicians to repair or maintain student, faculty or staff personal computing equipment (technology). This includes, but not limited to, desktops, laptops, PDAs, printers, wireless devices, phones, peripheral devices, flash drives, etc.

SCOPE
The policy applies to all Cardinal Stritch University users: students, faculty, staff, administrators and visitors, who receive assistance with anything related to technology services through the Cardinal Stritch University Technology Help Desk.

Responsibilities
All employees, students, advisors, faculty, staff, administrators, and visitors are responsible for knowing, understanding, and adhering to this University Owned Equipment Repair policy. The Office of Information Services is responsible for enforcing this policy.

Definition
University-owned technology: technology that was purchased or procured by Cardinal Stritch University with the intent of being used to support the University’s goals, objectives, and mission.

Personally-owned technology: technology used for work, academic, and personal purposes, which are personally owned by any employee or student.

Please note that due to liability concerns and limited staffing resources, Technology Support Services does not provide hardware support, software support, or any other type of support for students or employee’s personally-owned computers and other personal technology equipment.

Privacy Policy 
Cardinal Stritch University is committed to respecting your privacy as a customer. Our privacy policy is clear: We collect no information about you, other than information automatically collected and stored (see below), when you visit our website unless you choose to provide that information to us. 

Information Automatically Collected 
When you browse through any website, certain personal information about you can be collected. We automatically collect and temporarily store the following information about your visit: 

• the date and time of your visit; 
• the pages you visited; and 
• the address of the website from which you came. 

We use this information for statistical purposes and to help us make our site more useful to visitors. Unless it is specifically stated otherwise, no additional information is collected about you. 

Portions of the Cardinal Stritch University website use Google Analytics, a web metrics service of Google, Inc. ("Google"). Google Analytics uses cookies, which are commonly used text files stored in your browser, to help analyze how users use the site. This cookie information (including your IP address and the Cardinal Stritch University web pages you visit) will be collected by Google and stored on Google servers. Google will use this information to help Cardinal Stritch University understand and evaluate your use of the website. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do disable cookies, you may not be able to use the full functionality of portions of the Cardinal Stritch University website (e.g. the MU Connect online alumni community). By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. 

Personally Provided Information 
Cardinal Stritch University does not require you provide to personal information to visit our website; however, you may choose to provide us with personal information through an e-mail message, form, survey, etc. This information is used only to fulfill the stated purpose of your communication and/or participation. 

Disclosure 
Cardinal Stritch University does not disclose, give, sell or transfer any personal information about our online visitors to third parties except as required by law. 

Endorsement Disclaimer
Our website has links to many other non-profit, educational, and governmental institutions, and in a few cases, private organizations. You are subject to that site's Privacy Policy when you leave this site. Reference in this website to any specific service, company, or organization does not constitute its endorsement or recommendation by Cardinal Stritch University. Cardinal Stritch University is not responsible for the contents of any "off-site" Web page referenced from this server.