Acceptable Use of Computing and Electronic Resources Policy: Difference between revisions
imported>Deaskc |
imported>Deaskc |
||
Line 46: | Line 46: | ||
4.2.1 Individuals subject to this policy are responsible for understanding that specific activities are prohibited unless a written exception is agreed to and provided by the Chief Information Officer or his delegate. | 4.2.1 Individuals subject to this policy are responsible for understanding that specific activities are prohibited unless a written exception is agreed to and provided by the Chief Information Officer or his delegate. | ||
4.2. | 4.2.2 Users may not attempt to intentionally hide their identity for malicious purposes. All use of University Information Technology must be identified as to the individual or device using the system. Obfuscation or intentional misrepresentation of identity (e.g., shared credentials, spoofed communications, etc.) for any malicious purpose, including access to and use of Information Technology, is prohibited. | ||
4.2. | 4.2.3 Users may not intentionally attempt to expand or offer IT infrastructure services to others, through the implementation of unapproved hardware, software or cloud services. The infrastructure may not be extended or otherwise modified without the oversight and approval of ITS. This includes, but is not limited to, servers that provide services to multiple users, network communications devices, multi-user storage devices, or network-based camera systems. | ||
4.2. | 4.2.4 Users residing in residence halls may be subject to additional prohibitions as defined by University Housing. | ||
4.2. | 4.2.5 Users, excluding authorized personnel, may not intentionally attempt to intercept, monitor, redirect, alter or otherwise adversely impact another user’s use of University Information Resources. Users, excluding authorized personnel, may not read, copy, or delete another user’s electronic data without the expressed prior approval of said user. | ||
4.2. | 4.2.6 Users may not engage in cyberstalking, harassment or infringe upon the privacy of other users’ lawful use of University’s Information Resources. | ||
4.2. | 4.2.7 Users may not intentionally engage in any activity that negatively impacts Information Resources. | ||
4.2. | 4.2.8 Employees’ personal use of Information Resources in accordance with 4.1.3 above may not 1) interfere with an employee's job performance, 2) interfere with activities that directly support the University mission, 3) violate UNC System and University policies including, but not limited to, policies prohibiting the use of University Information Technology and Information Resources to endorse, campaign for, secure support for or oppose any candidate, political party, partisan political group, referendum, or issue in an election; or 4) constitute use of Information Resources to seek commercial gain or private profit, except as allowed under applicable University policies including policies concerning intellectual property rights and external professional activities for pay. Supervisors have discretion to further restrict or forbid personal use as they reasonably deem necessary. | ||
4.2.9. Additional activities that are prohibited, specific to certain types of use such as Network Access, Storage, etc. may be described in other more specific standards located at https://its.appstate.edu/it-governance/it-policy-standards-guidelines | 4.2.9 Users may not engage in any activity that intentionally circumvents administrative controls or in any way attempts to gain or provide unauthorized access to Information Resources. | ||
4.2.10 Additional activities that are prohibited, specific to certain types of use such as Network Access, Storage, etc. may be described in other more specific standards located at https://its.appstate.edu/it-governance/it-policy-standards-guidelines | |||
== Additional References == | == Additional References == |
Revision as of 20:11, 6 May 2019
Policy 901
Introduction
1.1. The purpose of this policy is to outline the acceptable uses and specific prohibitions that are inherent to the access and use of Information Technology and Information Resources owned or provided by Appalachian State University (hereinafter “the University”).
1.2. Individuals subject to this policy are responsible for exercising reasonable good judgment with respect to specific expectations regarding the use of Information Resources. Each user is expected to understand that Information Technology represents a shared service with finite resources. Users should exercise reasonable efforts to avoid impacting others’ efficient use of Information Technology and Resources.
Scope
Individuals Covered by this Policy
This policy applies to all users of Information Resources owned or provided by the University, including: 1) devices provided by the University, 2) services provided by the University, or 3) data that belongs to the University regardless of the location. This applies to any cloud services employed to conduct University business or provide University services.
Definitions
Administrative Control
- protecting an information system through policy, procedure, training, directives from an authority, or similar efforts that instruct and require individuals to take corrective actions.
Authorized Personnel
- an employee with assigned responsibilities to support Information Resources, or approved by the Office of General Counsel, Director of Human Resources or the Chief Information Officer or designee(s) to perform a specific duty or duties in regards to Information Resources.
Information Resources
- information owned or possessed by the University, or related to the business of the University, regardless of form or location, and the hardware and software resources used to electronically store, process, or transmit that information.
Information Technology
- hardware and software resources owned, leased, or used by the University and its partners to store, process or transmit University information. Information technology is a subset of the University’s Information Resources.
ITS
- the University’s Office of Information Technology Services.
IT Infrastructure
- the system of enterprise hardware, software, networks, facilities, and service components used to develop, test, operate, monitor, manage, and/or support information technology services.
University
- Appalachian State University.
User
- a person who uses Information Resources.
Policy and Procedure Statements
Acceptable Uses
4.1.1 Individuals subject to this policy are responsible for exercising good reasonable judgment regarding what is the acceptable use of Information Technology and Information Resources. Generally, acceptable uses include, but are not limited to, the following:
- Lawful uses not otherwise prohibited by UNC System or University policies.
- Use of Information Technology and Information Resources to conduct University business.
- Personal use of University maintained Information Technology that does not violate prohibitions listed in 4.2.7.
- The University shall not be responsible for any personal material or information stored on University Information Technology. The University assumes no responsibility for backing up personal material or personal information stored on University Information Technology and shall have no obligation to produce any such personal material or information at any point during or after an individual’s period of employment, enrollment, or other affiliation. The user accepts all responsibility of removing personal materials prior to their separation with the University. This provision does not apply to current students’ academic work stored on University Information Technology.
Prohibitions
4.2.1 Individuals subject to this policy are responsible for understanding that specific activities are prohibited unless a written exception is agreed to and provided by the Chief Information Officer or his delegate.
4.2.2 Users may not attempt to intentionally hide their identity for malicious purposes. All use of University Information Technology must be identified as to the individual or device using the system. Obfuscation or intentional misrepresentation of identity (e.g., shared credentials, spoofed communications, etc.) for any malicious purpose, including access to and use of Information Technology, is prohibited.
4.2.3 Users may not intentionally attempt to expand or offer IT infrastructure services to others, through the implementation of unapproved hardware, software or cloud services. The infrastructure may not be extended or otherwise modified without the oversight and approval of ITS. This includes, but is not limited to, servers that provide services to multiple users, network communications devices, multi-user storage devices, or network-based camera systems.
4.2.4 Users residing in residence halls may be subject to additional prohibitions as defined by University Housing.
4.2.5 Users, excluding authorized personnel, may not intentionally attempt to intercept, monitor, redirect, alter or otherwise adversely impact another user’s use of University Information Resources. Users, excluding authorized personnel, may not read, copy, or delete another user’s electronic data without the expressed prior approval of said user.
4.2.6 Users may not engage in cyberstalking, harassment or infringe upon the privacy of other users’ lawful use of University’s Information Resources.
4.2.7 Users may not intentionally engage in any activity that negatively impacts Information Resources.
4.2.8 Employees’ personal use of Information Resources in accordance with 4.1.3 above may not 1) interfere with an employee's job performance, 2) interfere with activities that directly support the University mission, 3) violate UNC System and University policies including, but not limited to, policies prohibiting the use of University Information Technology and Information Resources to endorse, campaign for, secure support for or oppose any candidate, political party, partisan political group, referendum, or issue in an election; or 4) constitute use of Information Resources to seek commercial gain or private profit, except as allowed under applicable University policies including policies concerning intellectual property rights and external professional activities for pay. Supervisors have discretion to further restrict or forbid personal use as they reasonably deem necessary.
4.2.9 Users may not engage in any activity that intentionally circumvents administrative controls or in any way attempts to gain or provide unauthorized access to Information Resources.
4.2.10 Additional activities that are prohibited, specific to certain types of use such as Network Access, Storage, etc. may be described in other more specific standards located at https://its.appstate.edu/it-governance/it-policy-standards-guidelines
Additional References
Authority
Contact Information
Original Effective Date
Revision Dates
- June 21, 2017