ACCEPTABLE USE POLICY
General Policy
Effective Date: May 10, 2018
Status:
Responsible University Officer:
__ Draft Chief Information Officer
__ Under Review
_X_ Approved [President]
Responsible Coordinating Office:
__ Obsolete Office of Information Services
REVISION HISTORY
Version 2
Rewrite: May 1st, 2018
Version 1
Final Draft: November 21, 2013
Initial Draft: January 8th, 2009
PURPOSE
The purpose of this policy is to outline acceptable use of Computing Devices and University Information Resources at the University. Responsible use of computing devices and other information technology is necessary to ensure that these resources are available to all in the Stritch Community when needed, and that both the University and those who use the resources are protected from harm.
SCOPE
This policy applies to all individuals who use, access or control University Information Resources. This includes, but is not limited to, students, faculty, staff, contractors, vendors, guests, visitors and any other individual authorized to use University Information Resources. Computing and Information Resources include all electronic equipment; facilities; technologies and data used for information processing, transfer, storage, and display; print and other communications by the University; computer hardware and software; computer labs; classroom technologies, such as computer-based instructional management systems; computing and electronic communications devices and services; modems; email; networks; telephones; voicemail; facsimile transmissions; video; multi-function printing devices; mobile computer devices; data; multimedia and instructional materials. Information Resources also include services that are owned, leased, operated, provided by, or otherwise connected to the University, such as cloud computing, or any other University-connected or hosted service.
POLICY
The University’s computing devices and other technology software and hardware constitute facilities of the University. As such, they provide critical support for the teaching, learning and other general operational activities necessary to conduct the institution’s business on a daily basis and to communicate effectively across all constituencies in the Stritch Community and with external guests, vendors and others.
Though this policy sets forth general expectations regarding the use of University Computing and University Information Resources, it does not override applicable international, federal, state, local or other statutes. Any and all Individuals who are provided access to University Information Resources will be expected, at all times, to be knowledgeable of and abide by the standards for compliance set forth in this policy, and to exercise good judgment regarding acceptable use.
The University cannot be held accountable for any action an individual takes that is contrary to this or any other University policy, is contrary to the mission and goals of the University or is contrary to generally acceptable actions regarding the use of computing and/or other technology resources. Nor can the University be responsible for content or actions which originate on non-University Information Resources.
The University reserves the right to change any portion of this policy at any time and to limit or restrict use of its University Information Resources, including but not limited to restricting access to University Information Resources and non-University Information Resources accessed on or through University Information Resources.
The official copy of this policy overrides all other copies and is located at:
http://www.stritch.edu/OIS.
General
University Information Resources may be used only by individuals who have been explicitly authorized to do so and only to the extent authorized. The ability to access a resource does not imply authorization to do so.
University Information Resources may
not be used:
- In a manner or for a purpose that violates University policies or which is illegal or unethical.
- For commercial purposes, except where explicitly approved, in writing, by the University.
- To harass, bully, or stalk an individual or group.
- For non-authorized organized political activities such as lobbying or campaigning.
- To support one’s own outside employment or other forms of personal financial gain.
Any University Information Resources in the possession of an individual must be immediately returned to the appropriate unit when requested, or when an individual’s employment or other relevant relationship with the University ends.
Any data, information or resource created as part of an employee, vendor or contractor’s job on behalf of the University belongs to the University and must be made available when requested by authorized personnel or when an individual’s employment or other relevant relationship with the University ends.
Any action which would result in loss of data, corruption of data, loss of use or degradation of performance of any University Information Resource or which in any way would have negative impact on other individuals or the University will not be tolerated. Determination of potential negative impact is solely at the discretion of the unit that manages the resource.
Please Note: Individuals have no expectation of privacy regarding any activity while using University Information Resources. The University may access and monitor data in University Information Resources at any time for any purpose consistent with duties as well as at the direction of authorized external legal authorities.
Any attempt by any user to circumvent security measures, mask the identity of the user, cause disruption of service, scan network ports, discover and/or exploit vulnerabilities of other devices on the network, or capture and/or view data not intended for the recipient is strictly prohibited. Any exceptions made are solely at the discretion of the University.
Any attempts to access or use external devices, networks, services, etc., in a manner that is prohibited, inconsistent with acceptable use guidelines, or is regarded as illegal or unethical, are strictly prohibited.
Personal Use
Employees may make limited, occasional or incidental use of University Information Resources for personal, non-business use as long as the use:
- Is consistent with the mission and values of the University.
- Does not interfere with the productivity of the employee.
- Does not utilize excessive amounts of resources.
- Is not presented or interpreted as representing the University.
- Does not violate any other University policy or any local, state, federal or other enforceable relevant law.
Network Connections
- Any device that attempts to circumvent security measures, mask the identity of the user, cause disruption of service, scan network ports, discover and/or exploit vulnerabilities of other devices on the network or capture or view data not intended for the recipient is strictly prohibited.
- The individual in control of any device connected to the network is responsible for the security of, and traffic generated by, that device regardless of origin. Any device which is generating unwanted traffic will be removed from the network and may not be reconnected to the network until all issues have been resolved.
- University networks may not be used to gain or attempt to gain unauthorized access to non-University systems or to access systems or materials which are illegal or otherwise prohibited.
Computers
- Use of non-public University owned computers by non-authorized users is prohibited. Non-public University owned computers in public areas are identified with a label “For Employee Use Only.” Staff computers, faculty computers, servers and control systems, computers in offices or other non-public areas, and computers used for financial transactions, such as point of sale computers, should be considered non-public.
- All computers that are connected to University Information Resources including, but not limited to, student and privately-owned computers, are required to have (a) all current operating system and software patches installed; and (b) University-approved security software installed and operating with the latest malware and exploit definitions, and to be in good working condition.
- Loss, damage or theft of University owned equipment must be reported immediately to appropriate University staff.
Electronic and Digital Communications
- Any activity that reasonably can be assumed to be offensive including, but not limited to, sending unsolicited email (SPAM, junk mail or phishing attempts), allegedly harassing or threatening email, or the creation and forwarding of chain letters is prohibited.
- Unauthorized use or access of other users’ email, forging or manipulation of email headers, or falsely representing the University or other individuals in any manner is prohibited.
- Sending or storing excessive amounts of email or emails of excessive size is prohibited.
Extreme caution should be used when accessing email from unknown senders, particularly when there are attachments or links within the message.Messages such as these often contain viruses or other malicious code.
Please Note: Always be skeptical of offers that seem too good to be true, and of requests for personal information. You should never provide account login information, passwords, social security numbers, bank account numbers or other highly confidential personal information via email or via web links from email.
Phone
- Use of University owned or controlled phone numbers to conduct non-University business including, but not limited to, solicitation of funds, sales and support is prohibited.
- Making non-emergency calls to 911 or other emergency services is strictly prohibited.
- Any call which may be deemed harassing or prank calls of any kind are prohibited.
FAX
- FAX machines must be set up to display the correct phone number of the FAX machine on all outgoing FAX communications.
- FAX machines may not be used to transmit sensitive data including, but not limited to, personally identifiable information.
Data
- Unauthorized access of University data is prohibited.
- It is the responsibility of each user to protect their own data, including making local backups of critical files where central backups are not already being made; ensuring that systems are routinely scanned for virus, malware and other malicious programs; and ensuring that systems are up to date with relevant security patches and updates.
- Sensitive data including, but not limited to, personally identifiable information may not be backed up or stored on local machines or media.
- Sensitive data including, but not limited to, personally identifiable information may not be transmitted over insecure methods including, but not limited to, FAX machines and unencrypted email.
Security and Privacy
- Please Note: Though the University takes all reasonable steps to protect the privacy of assigned accounts to authorized users and of Information Resources generally, absolute security and privacy cannot be guaranteed. As a result, it is the responsibility of each individual to protect private information in accordance with designated University procedures and protocols.
- Only authorized users will have administrative access on University machines.
- Attempts to access accounts for which you are not authorized are strictly prohibited. In the event that a University system administrator needs to access private information or another account, such activity will be documented and subject to review.
- Information Resources, inclusive of all hardware and software, are considered to be the facilities of the University. Though the content of authorized user accounts generally will be treated as private (e.g., not examined or disclosed), such accounts will be accessed by designated University employees when:
- System maintenance, business necessity and/or security measures are required.
- When the University has a reasonable belief that an individual has violated applicable policies and procedures, has violated applicable law, and/or placed the University, its systems or members of the University community at risk.
Copyright
- In general, copying, storing, displaying or distributing copyrighted material using University Information Resources or systems without the express permission of the copyright owner, except as otherwise allowed under copyright laws, is prohibited.
- The official and complete University Copyright policy can be found on the University Library web page at http://library.stritch.edu/Guides/Research/Copyright
Enforcement
Violations of this policy and related procedures will result in the immediate suspension and possible revocation of access to University Information Resources and supporting systems. Serious violations will be referred directly to the appropriate University official. Penalties for violation(s) of University policy will include a form of discipline up to and including dismissal from the University. In those cases where the unauthorized use of University Information Resources constitutes a criminal offense, the appropriate external law enforcement authorities will be contacted.
Definitions
University Information Resources: Any and all devices, hardware, services, software, data, media and networks owned by, controlled by or operated on the behalf of the University that can be used in creating, storing, sharing, transmitting, accessing data, communications and information.
Computing Device: Any electronic device that can access, work with and store information, including but not limited to desktops, laptops, tablets, smart phones, etc.