Title: Acceptable Use of Information Technology Policy (AUP)
Approved by: Office of the President
Date approved by President or Board of Trustees: December 11, 2014
Effective date: December 11, 2014
Responsible Official: UTech Security and Policy
Responsible University Office: UTech Security and Policy
Revision History: 4
Related legislation and University policies: None
Review Period: 3 Years
Date of Last Review: July 26, 2024
Relates to: Faculty, staff, students, alumni, guests, external individuals or organizations and individuals accessing internal and external network services
Summary:
The purpose of this policy is to outline the acceptable uses of computing and information technology resources for the ÐÇ¿Õ´«Ã½ (ÐÇ¿Õ´«Ã½) community. This policy outlines the standards for acceptable use of University computing and information technology resources that include, but are not limited to, equipment, software, networks, data, and telecommunications equipment whether owned, leased, or otherwise provided by ÐÇ¿Õ´«Ã½ (this includes privately-owned computing devices connected to the University networks and vendor-provided IT systems supporting the University mission). This policy is intended to reflect the University's commitment to the principles, goals, and ideals described in the ÐÇ¿Õ´«Ã½ and to its core values.
Purpose:
Users of information technology resources at ÐÇ¿Õ´«Ã½ are subject to applicable federal, state, and local laws, applicable contracts and licenses, and other university policies, including those for Human Resources, and those contained in the faculty and student handbooks, and notably those policies governing copyright and intellectual property compliance. Users are responsible for ascertaining, understanding, and complying with the laws, rules, policies, contracts and licenses applicable to their particular uses. Any case of policy conflicts will be addressed by the policy review process.
Access to and Expectations of Persons Using Information Technology Resources
It is the policy of ÐÇ¿Õ´«Ã½ to maintain access for its community to local, national and international sources of electronic information sources in order to provide an atmosphere that encourages the free exchange of ideas and sharing of information. ÐÇ¿Õ´«Ã½ maintains a variety of information technologies for use as resources for people, catalysts for learning, and increased access to technology and an enriched quality of learning. Access to this environment and the University's information technology resources is a privilege and must be treated with high ethical and legal standards.
Preserving the access to information resources is a community effort that requires each member to act responsibly and guard against abuses. Therefore, both the ÐÇ¿Õ´«Ã½ community as a whole and each individual user have an obligation to abide by the following standards of acceptable and ethical use:
- Use only those computing and information technology resources and data for which you have authorization and only in the manner and to the extent authorized.
- Use computing and information technology resources only for their intended purpose.
- Protect the confidentiality, availability, and integrity of computing and information technology resources, including data.
- Abide by applicable laws and University policies and all applicable contracts and licenses and respect the copyright and intellectual property rights of others, including the legal use of copyrighted material.
- Respect the finite capacity of resources and limit use so as not to consume an unreasonable amount of resources or to interfere unreasonably with the activity of others.
- Respect the privacy and personal rights of others.
Access to ÐÇ¿Õ´«Ã½ information technology and computing resources is a privilege granted to students, faculty and staff of ÐÇ¿Õ´«Ã½. The University extends access privileges to individual users of the University's information technology and computing resources. The extension of these privileges is predicated on the user's acceptance of and adherence to the corresponding user responsibilities detailed in this policy and addendum. The University reserves the rights to limit, restrict, or extend access to information technology resources.
Applicability
This policy applies to all users of ÐÇ¿Õ´«Ã½ computing and information technology resources including faculty, staff, students, alumni, guests, external individuals or organizations and individuals accessing internal and external network services.
The Vice President University Technology and Chief Information Officer will determine operational policies, networking standards and procedures to implement the principles outlined in this policy. UTech has the right to protect shared information technology services.
Acceptable Use
In general, the ÐÇ¿Õ´«Ã½ community shall use University information technology resources in connection with the University's core teaching, research, and service missions. Uses that do not significantly consume resources or interfere with other users also may be acceptable, but may be restricted by University Technology after consultation with appropriate internal ÐÇ¿Õ´«Ã½ offices or departments, if the circumstances warrant, such as the department chairman or school dean. Under no circumstances shall members of the University community or others use University information technology resources in ways that are illegal, that are for private commercial use, that threaten the University's tax-exempt or other status, or that interfere with reasonable use by other members of the University community.
Sanctions for Violations
Adhering to the appropriate use of computing and information technology resources fosters an environment conducive to information sharing, encourages the free exchange of ideas, and ensures a secure framework for managing information property. Failure to comply may result in disciplinary action. Any member of the ÐÇ¿Õ´«Ã½ community found using computing and information technology resources in violation of this policy may be denied access to university computing resources and may be subject to disciplinary action, both outside and within the university, including, without limitation, suspension of system privileges, expulsion from school, termination of employment and/or legal action as may be appropriate.
Security and Privacy
ÐÇ¿Õ´«Ã½ strives to ensure the appropriate integrity, availability, and confidentiality of information and information technology systems, given the needs of the academic and research communities for openness and publicly available information. To that end, ÐÇ¿Õ´«Ã½ endeavors to provide secure computing environments, where appropriate, to manage risk to an acceptable level. Users shall have no inherent expectation of privacy for information stored on and transported through ÐÇ¿Õ´«Ã½ information technology resources, except as provided by federal and state law and other university policy. ÐÇ¿Õ´«Ã½ will continue to invest in processes and resources to maintain individual privacy, but the university will not be liable for the failure of these privacy efforts. While the university does not routinely monitor individual usage of its computing resources, the normal operation and maintenance of the university's computing resources require the backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns, the scanning of systems and network ports for anomalies and vulnerabilities, and other such activities that are necessary for the rendition of service.