List of possible policies for inter institution dialogue beDocument Transcript
USUAppropriate Use of Computing, Networking, and Information Resources This policy is intended to be consistent with Utah State University’s established culture of academic freedom,intellectual curiosity, openness, and integrity by defining the requirements and limits of appropriate use ofinformation technology resources and services including computers, digital networks, and information resources atUtah State University. These rules are in place to protect faculty, staff, students, and the University. Inappropriateuse exposes Utah State University to risks including compromise of network systems and services, loss ofconfidential data, loss of the resource for legitimate use, and legal liability.Computer Management The intention of this policy is to decrease the availability of Utah State University’s computing resources tounauthorized outsiders. Computing resources and confidential data are sought by unauthorized outsiders for theirown purposes, often at the expense of the University or the user of the computer. Proper management ofcomputers reduces these risks of loss and the legal, financial, and personal consequences that may result.Wireless Network Deployment & Access Wireless network technologies play an increasingly important role at Utah State University. The purpose of thispolicy is to establish the intent, direction, and expectation with respect to the deployment (including installation,operation, and maintenance) of wireless technology at Utah State University. USU Information Technology (IT) istaking on the initiative to provide 100% wireless coverage for the institution.Internal Bulk Email The intention of this policy is to assign authority and responsibility for content and volume of internal bulk mail sothat its use is: a) acceptable to the majority of recipients; b) protects the privacy of recipients; c) and is within thecapacity of the systems that generate, transmit, and store the messages.Banner Identification Number It is the intention of this policy to recognize that Banner identification (ID) numbers will be treated as publicidentifiers, rather than Social Security Numbers, with appropriate office practices which recognize the non-confidential status of the Banner ID number.Network Monitoring & Vulnerability Scanning PolicyComputers that are connected to the Utah State University Network are at risk of compromise resulting inunauthorized access to computing resources (processor power and storage space) and to confidential data(personal and financial) stored on or transmitted through the computer as part of university operations. This Policydefines a means by which vulnerable and/or compromised computers might be identified and isolated from thenetwork pending correction of the problem.Information Privacy
The objective of this policy is to provide assurance of Institutional respect for privacy of information placed byusers on University computers and to define the circumstances and limits on exceptions to that privacy. Users arealso cautioned about potential exposure of information and limited privacy on the Internet.Institutional Email SystemThe intention of this policy is to collect all official and business communications of the university in one emailsystem of record for security, audit ability, records management, document preservation, archiving anddestruction, as appropriate.UVUEthics in Computer UsageEveryone within the UVU community who uses institution computing and communications facilities has theresponsibility to use them in an ethical, professional and legal manner. This means that users agree to abide by thefollowing conditions: 1. The integrity of the systems must be respected. 2. Privacy of all users must not be intruded upon at any time. 3. Users must recognize that certain data are confidential and must limit their access to such data to uses in direct performance of their duties. 4. The rules and regulations governing the use of facilities and equipment must be respected. 5. No one shall obtain unauthorized access to other users accounts and files. 6. The intended use of all accounts, typically for institution scholarly work, instruction and administrative purposes, must be respected. 7. Users shall become familiar with and abide by the guidelines for appropriate usage for the systems and networks that they access.Academic Freedom and Information AccessUVU is a community of scholars in which the ideals of freedom of inquiry, freedom of thought, freedom ofexpression, and freedom of the individual are sustained. The commitment is also expressed in the FacultyAcademic Freedom, Professional Responsibility and Tenure, which endorses the "Statement on Academic Freedomin the 1940 Statement of Principles of the American Association of University Professors (AAUP)." The institutionscommitment parallels the national "Library Bill of Rights," which affirms the importance of making information andideas available in an environment free from censorship. This policy statement on information access throughcomputer networks compliments the institutions overall "Policy on Ethics in Computer Usage," which describesthe responsibilities of the institution community to use computer resources in an ethical, professional and legalmanner.Institutional Data Management and AccessInformation maintained by the institution is a vital asset that will be available to all employees who have alegitimate need for it, consistent with the institutions responsibility to preserve and protect such information byall appropriate means. The institution is the owner of all administrative data; individual units or departments mayhave stewardship responsibilities for portions of that data. The institution intends that the volume of freelyaccessible data be as great as possible, given limitations of budget. The value of data as an institutional resource isincreased through its widespread and appropriate use; its value is diminished through misuse, misinterpretation,or unnecessary restrictions to its access. The institution expressly forbids the use of administrative data foranything but the conduct of institution business. Employees accessing data must observe requirements for
confidentiality and privacy, must comply with protection and control procedures, and must accurately present thedata in any use. The institution determines levels of access to administrative data according to principles drawnfrom various sources. State and federal law provides clear description of some types of information to whichaccess must be restricted. In an academic community, ethical considerations are another important factor indetermining access to administrative data.Monitoring and Review of Employee Electronic Communications or FilesIn compliance with federal law, UVU cannot guarantee privacy nor should a user have any expectationof privacy in any message, voice communication, file, image or data created, sent, retrieved or receivedby use of the institutions equipment and/or access. The institution reserves the right to monitor anyand all aspects of its computer systems and to do so at any time, without notice, and without the userspermission.The institution holds as core values the principles of academic freedom and free expression. Inconsideration of these principles, the institution will not monitor the content of electroniccommunications of its employees in most instances, nor will it examine the content of employeeelectronic communications or other employee electronic files stored on its systems except under certaincircumstances. In this context, "electronic communications" includes, but are not limited to, telephonecommunications, so-called "voice mail," e-mail, online chat, and computer files traversing the institutionnetwork or stored on institution equipment.Responsibility for Security of Computing Devices Connected to the UVU NetworkThe purpose of this policy is to clearly define requirements for owners and overseers of UVU network-connected devices to close security gaps. It also describes loss of network access for noncompliance, aswell as an exception process.Use of University Technology EquipmentThis policy describes the general guidelines for using institution information technology equipment.Private Sensitive InformationInstitutional information technology resources are at risk from potential threats such as human error,accident, system failures, natural disasters, and criminal or malicious action. The purpose of this policy isto secure the private sensitive information of faculty, staff, students, and others affiliated with theinstitution, and to prevent the loss of critical operational information.Processing and Control of Distributed Administrative DataWhile most administrative data reside on hardware maintained by the Office of InformationTechnology (OIT) and are managed by the Data Management Group, some data reside in and aremanaged by other university departments. Given the critical nature of administrative data, it mustbe managed in a consistent, secure manner across the entire institution. The purpose of thisdocument is, therefore, to define requirements that must be met by any and all departments thathave or will have management responsibility for administrative data.Retention of Electronic FilesThe purpose of this policy is to establish rules and procedures for the retention of electronic documents,messages and files in accordance with state and federal law and the established practices of theuniversity.WSU
The purpose of the Information Security Policy is to: Provide policy to secure High-Risk, Restricted and/or Confidential information of faculty, staff, students, and others affiliated with the University, and to prevent the loss of information that is critical to the operation of the University. Provide reasonable and appropriate procedures to ensure the confidentiality, integrity and availability of the University’s Information Technology Resources. Prescribe mechanisms which help identify and prevent the compromise of information security and the misuse of University data, applications, networks and computer systems. Define mechanisms which protect the reputation of the University and allow the University to satisfy its legal and ethical responsibilities with regard to its networks’ and computer systems’ connectivity to networks outside the University. Provide written guidelines and procedures to manage and control information considered to be High-Risk, Restricted and/or Confidential whether in electronic, paper or other forms. Protect the integrity and validity of University data. Ensure the Security and protection of High-Risk, Restricted and Confidential information in the University’s custody, whether in electronic, paper, or other forms.Acceptable Use PolicyWeber State University provides students, faculty and staff with access to both an internal campusnetwork and to the Internet. Such access, used appropriately, legitimately advances the mission of theuniversity. But there is always the possibility for misuse. This Acceptable Use Policy provides guidelinesfor the use of network and computing resources that reflect the mission statement of the university,protects WSU community members and others from harm, and helps to preserve the availability ofnetwork resources for all WSU community members.Network Security/Firewall Policy Access to information available through the university’s network systems must be strictly controlled in accordance with approved network access control criteria, which are to be maintained and updated regularly.Payment Card Handling Policy
The purpose of this policy is to protect payment card data and to comply with the Payment Card Industrys Data Security Standards (PCI DSS) requirements for transmitting, handling and storage of payment card data. Throughout this policy the term payment card is used to refer to credit, debit and charge cards. This Policy does not include information on Purchasing Cards. For information on Purchasing Cards (PCARDs) please refer to PPM 5-25i (documents.weber.edu/ppm/5- 25i.htm).University Telecommunications ServicesTo set forth general telephone policies of the University.U of UData Management 1. Institutional Data is a valuable University asset. It is information about University constituencies students, faculty, staff, resources (funds, space, etc.) that is captured and used in the day-to-day services and operations of the University. It is used as the basis for administrative reports, both internal and external to the University. It enables administrators to assess the needs of the University community and modify services accordingly. It is vital not only in the day-to-day operations of the University, but to short and long-term planning as well. 2. The purpose of this policy is to protect this valuable asset, permit the sharing of it through accurate and consistent definitions, and provide a coordinated approach to its use and management. In all cases, applicable state and federal statutes and regulations that guarantee either protection or accessibility of institutional records take precedence over this policy.Information ResourcesTo outline the Universitys policies for students, faculty and staff concerning the use of the Universityscomputing and communication facilities, including those dealing with voice, data, and video. This policygoverns all activities involving the Universitys computing facilities and information resources, includingelectronically or magnetically stored information. Every user of these systems is required to know andfollow this policy.World Wide WebTo outline the Universitys policy for students, faculty and staff concerning the use of the UniversitysWorld Wide Web information resources.
IT Security 1. University Information Technology Resources are at risk from potential threats such as human error, accident, system failures, natural disasters, and criminal or malicious action. 2. The purpose of this policy is to secure the private sensitive information of faculty, staff, patients, students, and others affiliated with the University, and to prevent the loss of information that is critical to the operation of the University.Use and Security of PropertyTo outline the universitys policy toward the use of university property and the manner in which itshould be safeguarded against possible loss or misuse.