Appropriate Use Policy for Information Technology
|Subject:||Appropriate Use Policy for Information Technology|
|Date Issued:||Policy issued January 8, 2010|
|Effective Date:||February 8, 2010|
|Affected Entities:||Campus Community|
|Responsible Entity:||Vice President of Instructional and Information Technology|
|Revisions, if any:||This policy supersedes Interim Appropriate Use Policy for Information Technology date adopted June 3, 2002|
The purpose of this Policy is to help ensure reliable and proper user access to Cal Poly Pomona Information Technology (University IT) resources and the lawful use of these resources.
This Policy applies to all users of University IT resources. There is no intent to infringe on other University policies, procedures and documents including, but not limited to, Academic Freedom, Intellectual Property and Contract agreements. In the case of detected misuse, intentional or otherwise, it may be necessary to suspend the use of University resources for an individual user until the integrity of service for all University users is restored. Access will not be revoked without cause.
Description of University Policy
Appropriate use of University IT resources shall:
- Be for the purposes of furthering the mission of the University.
- Be for the purposes for which they are assigned.
- Be in accordance with all license and contractual agreements to which the University is a party.
- Comply with policies of any network over which such data or information must be routed to reach its final destination.
- Not interfere with the operation of University IT resources nor unreasonably interfere with the appropriate use of University IT resources by other users.
- Not indirectly violate this Policy by using any device, software, or services of another network provider to circumvent the intent or meaning of this Policy.
- Not compromise the security and confidentiality of data that is the property of University or any other user of University IT resources.
- Not be for personal purpose other than incidental and minimal use.
- Not be for private commercial use unless authorized by contract.
- Not intentionally misrepresent personal identity.
- Be in accordance with state and federal law.
- Not conflict with any other approved University Policy.
Affected and Responsible Entities
Use of the University’s IT resources requires that the user must:
- Comply with all software licenses of programs and data.
- Use only those computers and computer accounts for which authorization has been granted.
- Use campus accounts in conformity with this Policy.
- Be responsible for taking reasonable measures to protect the user’s password(s) and University data to which the user has access.
The responsibility for implementing and interpreting this Policy resides with the Vice President of Instructional and Information Technology (I&IT) and authorized designees. Interpretations and disciplinary referrals shall be done in consultation with relevant administrative units, bargaining units, law enforcement agencies, and individuals. Questions regarding this Policy should be directed to the office of the Vice President of I&IT. Implementation includes actions taken by the VP of I&IT or an authorized designee to uphold the intent of this Policy. Such actions include the following:
1) Creating and maintaining procedures to support the intent of this Policy.
2) Enforcement of the intent of this Policy.
3) Requiring specific training and/or granting permissions for the use of IT resources.
4) Entering into agreements on behalf of the University with third parties to ensure the integrity of University IT resources.
In no case shall any action be contrary to any other University policy, contractual agreements or bargaining unit agreements. Any procedure developed by a department, college, school, or division must conform to the policy in this document. Copies of this document shall be available online.
The Vice President of I&IT is authorized to take actions necessary to ensure the availability and integrity of campus information resources. This may include temporarily disabling a user’s access when there exists evidence that user’s actions represent inappropriate use as defined in this Policy and impacts other users and/or the integrity of data or systems. When this is necessary, the user will be contacted and advised of the Policy and specific inappropriate actions. Access will be restored quickly once the Policy violation has been resolved. The Vice President of I&IT may refer repeated, intentional, or egregious violations to the appropriate office under existing procedures for consideration of corrective/disciplinary action.
Inappropriate use may be brought to the attention of the Vice President of I&IT by technical staff, other members of the campus community, or off-campus entities (e.g., when an off-campus system is being attacked by a computer on the campus or attached to the campus network). The Vice President or designee is required to respond to such complaints. Investigation of complaints occasionally requires the inspection of a user’s computer or files. When proper cause exists, authorized system administrators, when authorized by the Vice President of Instructional and Information Technology, will inspect content only as required for purposes of the investigation.
Consequences of Non-compliance
Violation of Policy
Violation of the Appropriate Use Policy for Information Technology could also subject the employee to additional training/reprimands/corrective action which may be placed in the Official Personnel File. Violation may also result in disciplinary action, which may only be administered in a manner consistent with the terms of the applicable collective bargaining agreement in accordance with the applicable provisions of the California Education Code.
A student who violates university policies or regulations is subject to disciplinary action as prescribed in the student code of conduct.
Non-student/non-employee violations of the Appropriate Use Policy for Information Technology could also subject the user to temporary or permanent disabled IT access and other administrative remedies, as deemed appropriate.
The University is not responsible for loss of information from computing misuse, malfunction of computing hardware, malfunction of computing software, or external contamination of data or programs. The staff in Instructional and Information Technology and all other system administrators must make every effort to ensure the integrity of the University’s computer systems and the information stored thereon. However, users are advised that no computer or computer network is inherently private and that no security or back-up system is 100% reliable.
Definition of Selected Terms
Use of University IT resources not contrary to the intent of this Policy.
Individual(s) authorized by either posted job description or recorded written assignment by the President and/or the Vice President for I&IT to enforce the intent of this Policy.
Information Resources or IT Resources:
Data or information and the software and hardware that make that data or information available to users.
An action against the intent of this Policy. Examples of misuse include the following:
- Attempting to modify or remove shared computer equipment, software, or peripherals without proper authorization.
- Accessing computers, computer software, computer data or information, or networks without proper authorization, regardless of whether the computer, software, data, information, or network in question is owned by the University. (e.g., use of a campus computer or campus network to break into an on-campus or off-campus resource is a violation of this policy.)
- Circumventing or attempting to circumvent normal resource limits, logon procedures, and security regulations.
- Using computing facilities, computer accounts, or computer data for purposes other than those for which they were intended or authorized.
- Violating any software license agreement or copyright, including copying or redistributing copyrighted computer software, data, or reports without proper authorization.
- Modifying system facilities, operating systems, or disk partitions on shared hardware; attempting to crash or tie up a University computer; damaging or vandalizing University computing facilities, equipment, software, or computer files.
- Disclosing or removing proprietary information, software, printed output or magnetic media without the explicit permission of the owner except when so authorized by the HEERA manager or designee or an authorized system administrator.
- Reading other users’ data, information, files, or programs on a display screen, as printed output, or via electronic means, without the owner’s explicit permission except when so authorized by the HEERA manager or designee or an authorized system administrator.
- Using information resources for unauthorized monitoring of electronic communications.
- Knowingly running or installing on any computer system or network, or giving to another user a program intended to damage or place excessive load on a computer system or network. This includes, but is not limited to programs known as computer viruses, Trojan Horses, and worms.
Personal purpose as defined by California Government Code, Section 8314 means “those activities the purpose of which is for personal enjoyment, private gain or advantage, or an outside endeavor not related to state business. Personal purpose does not include the incidental and minimal use of public resources, such as equipment or office space, for personal purposes, including an occasional telephone call.”
As used in this document, University includes the campus community, students, auxiliaries, contractors, and other outside organizations that use our equipment, software, and /or databases.
University IT Resources:
University IT resources encompass software, hardware, networks and data owned and/or licensed by the University.
Use is defined to be the operation of University IT resources. This includes direct operation of University-owned hardware or software. It also includes transmission of data across the University’s network infrastructure regardless of ownership of the sending/receiving device
Someone who makes use of University IT resources is the user.
President J. Michael Ortiz
February 8, 2010