Acceptable Uses of IT Infrastructure and Resources
Policy Name: Acceptable Uses of IT Infrastructure and Resources
Policy Number: 03-05-001
Accountable Senior Administrator: Associate Vice President, Information Technology
Date Issued: December 8, 2009
Last Updated: September 27, 2021
Policy Statement
Â鶹´«Ã½ provides IT resources to advance and support the University’s mission, educational goals, and administrative operations. Individuals who use these resources must do so responsibly and ethically, in a manner that upholds University standards and principles, protects the confidentiality and integrity of these resources, respects the rights and privacy of others, and respects the principles of academic freedom. As such, this policy sets forth guidelines for expected behavior when using University IT resources.
Reason For The Policy
A policy is needed to ensure that IT resources are used and managed responsibly and appropriately in compliance with University policy and standards ; and federal, state, local, and where applicable, international laws and regulations.
Stakeholders Affected By The Policy
This policy applies to all members of the Â鶹´«Ã½ community as well as third parties who use or manage IT resources for the University. This includes but is not limited to:
- faculty
- staff
- students
- alumni
- other users (e.g., visitors, vendors/contractors, consultants, software providers, event attendees, etc.)
Definitions
Data Stewards - individuals who are responsible for the oversight and management of data, files, systems, software, and other electronic information
IT Resources - Â鶹´«Ã½ data and voice networks; communication systems; technology infrastructure; computing facilities; hardware; software; information systems; data; databases; cloud-based and Software as a Service (SaaS) systems; and any related technology support services
Users - individuals who use or access, locally or remotely, IT resources whether individually controlled, shared, or networked
Policy Text
This policy provides rules and guidelines for the acceptable use of IT resources. The guidelines, rules and procedures included herein work conjointly with other IT policies as well as with other University policies as described in the Related Policies Documents section below.
GENERAL PRINCIPLES FOR ACCEPTABLE USE
Users are expected to abide by the following principles and behave responsibly when using IT resources. This includes but is not limited to:
- Using technology resources only for purposes that support and/or advance the University’s mission, educational goals, and administrative operations
- Using only those IT resources for which permission has been granted
- Following prescribed protocols to safeguard University data and other information such as backing up files and ensuring confidentiality of sensitive data
- Protecting passwords and other authentication credentials from unauthorized use
- Reporting any evidence of security risks or violation of this policy to the appropriate authorities
- Complying with federal, state, local and where applicable international laws
- Respecting the copyright and other intellectual property rights of others
- Respecting the privacy of others
- Considering others when sharing resources
- Using IT resources for personal use only on a minimal basis and only when it does not interfere with job performance or disrupt the work of others
UNACCEPTABLE USE
Users are prohibited from engaging in any activity that does not uphold the General Principles for Acceptable Use. This includes but is not limited to:
- Attempting to gain access to IT resources using unauthorized credentials
- Installing, uploading, posting, intentionally using, or transmitting malicious software (spyware, viruses, worms, etc.) that disrupts services, damages files or compromises IT systems, networks, or other IT resources.
- Attempting to destroy or otherwise compromise system controls, security, data, files, or other information stored on IT systems locally or remotely
- Sharing passwords and other access rights
- Attempting to circumvent or subvert system security measures
- Engaging in activities such as scamming, phishing, spamming, and spoofing
- Accessing files and data other than those that are user-owned or managed, publicly available, or to which access has been granted
- Changing or removing any data or information without proper authorization
- Using IT resources to store, display, transmit, or communicate any information in a manner that is harassing, intimidating, abusive, insulting, threatening, disparaging, obscene or pornographic; creates a hostile work environment; or interferes unreasonably with another individual’s work
- Violating any provision of the Digital Millennium Copyright Act (DMCA) or other applicable copyright laws. Examples include but are not limited to:
- downloading, copying, distributing, or using copyrighted material from the Internet
- using versions of copyrighted software that are not in compliance with vendor license requirements
- making or using illegal copies of copyrighted software, videos, music or other media; storing such copies on University systems; or transmitting them over University networks
- copying or using e-textbooks and any other course materials
- Compromising the work of others such as monopolizing systems; overloading networks with excessive data; or wasting computer time, connect time, disk space, or other resources
- Engaging in cyber or computer crimes or other illegal activity
- Using IT resources for partisan political purposes
- Using IT resources for commercial activities unless authorized by the University
- Using IT resources for personal gain
PRIVACY
All Â鶹´«Ã½ data and information is the property of the University. Â鶹´«Ã½ will take reasonable measures to protect the privacy of information stored on local or cloud- based Â鶹´«Ã½ systems. However, privacy cannot be guaranteed. As such, the University reserves the right to access user accounts and to, review, inspect, monitor, disclose, and remove any and all content in certain situations including but not limited to:
- investigating suspected violations of University policies
- investigating activities that may result in risk or liability to the University
- monitoring system use to ensure compliance with University policies, applicable laws, regulations, and mandates
- investigating system performance issues
- conducting activities as required by law
- executing standard IT protocols and procedures required to safeguard IT resources (e.g., system maintenance and backups)
- performing routine IT functions required to ensure system availability and better serve the Â鶹´«Ã½ community
Procedures
See reporting violations in section below.
Violations
Â鶹´«Ã½ expects all users of IT resources to comply with this policy. As such, the University reserves the right to access, review, inspect, monitor, disclose, and remove content stored on local or cloud-based Â鶹´«Ã½ systems and to limit, restrict, or remove user access when a violation is suspected or detected. Users may also be subject to disciplinary action, other penalties, or legal action.
REPORTING VIOLATIONS
Compliance with this policy is the responsibility of all members of the Â鶹´«Ã½ community. Suspected violations of this policy should be reported as follows:
If the alleged violation is committed by: |
Report the violation to: |
Students |
Office of the Dean of Students |
Faculty |
Office of the Provost or College Dean and Department of Human Resources |
Employees* |
Department of Human Resources |
Alumni |
Office of Donor and Alumni Engagement |
Third- Party Vendors/Contractors | Office of Business Services |
Guest/Visitors | Sponsoring party |
* Complaints of suspected and/or alleged violation of the University’s anti- discrimination/harassment policies should also be reported confidentially to the Director of Equal Employment Opportunity/Affirmative Action ("EEO/AA"), Title IX Coordinator or to a manager/supervisor.
Note: Violation of policies that directly impact IT networks and systems may also be reported to the Department of Information Technology.
Related Policies And Documents
- Copyright Policy and Guidelines
- Data Classification Guidelines
- Information Privacy Policy
- Information Security Policy
- Keep it Legal
- Network Storage Policy
- Â鶹´«Ã½ Employee Handbook
- Â鶹´«Ã½ (State) Policy Prohibiting Discrimination in the Workplace
- Â鶹´«Ã½ Procedures for Internal Complaints Alleging Discrimination in the Workplace
- Â鶹´«Ã½ Website Privacy Policy
- Peer-to Peer Networking
- Remote Network Access Policy
- Social Media Policy
- Student Code of Conduct
- Wireless Networking Policy
- FERPA
Responsibility
Users - understanding the content of this policy and following all protocols required to safeguard University IT resources (e.g., backing up files and securing credentials)
Data Stewards - ensuring all data, files, and other information which they manage are protected and safeguarded in accordance with this policy and Â鶹´«Ã½ Data Classification Guidelines.
Department Heads/ Supervisors/ Managers - ensuring staff are familiar with and understand the importance of policy compliance and the consequences of policy violation; taking appropriate measures to safeguard data and files that are department managed; and ensuring data and files are accessible and appropriately protected when staff leave the University or transfer to another department
Security Administrator - providing access to University networks and systems to authorized users
IT Security Analyst - ensuring appropriate security protocols are in place and monitoring systems for appropriate and suspected misuse
Associate Vice President for Information Technology - providing general policy oversight; building community awareness of policy content; and revising the policy as needed to comply with applicable laws, regulations, and other University policies
Contact For Questions
Associate Vice President for Information Technology Department of Information Technology
Email it@njcu.edu