IRM-002: Acceptable Use of the University’s Information Technology Resources

Date: 10/23/2017 Status: Final
Last Revised: 10/23/2017
Policy Type: University
Oversight Executive: Chief Information Officer
Applies To: Academic Division, the Medical Center, the College at Wise, and University-Related Foundations.
Reason for Policy:

Use of the University’s information technology (IT) resources shall support the basic missions of the University in teaching, research, public service, and healthcare. Users of the University’s IT resources are responsible for using these resources appropriately and respecting the rights of others.

Definition of Terms in Statement:
  • Information Technology (IT) Resources:

    All resources owned, leased, managed, controlled, or contracted by the University involving networking, computing, electronic communication, and the management and storage of electronic data regardless of the source of funds including, but not limited to:

    • Networks (virtual and physical), networking equipment, and associated wiring including, but not limited to: gateways, routers, switches, wireless access points, concentrators, firewalls, and Internet-protocol telephony devices;
    • Electronic devices containing computer processors including, but not limited to: computers, laptops, desktops, servers (virtual or physical), smart phones, tablets, digital assistants, printers, copiers, network-aware devices with embedded electronic systems (i.e., “Internet of things”), and supervisory control and data acquisition (SCADA) and industrial control systems;
    • Electronic data storage devices including, but not limited to: hard drives, solid state drives, optical disks (e.g., CDs, DVDs), thumb drives, and magnetic tape;
    • Software including, but not limited to: applications, databases, content management systems, web services, and print services;
    • Electronic data in transmission and at rest;
    • Network and communications access and associated privileges; and
    • Account access and associated privileges to any other IT resource.
  • Non-Student Users:

    All users except for those whose sole affiliation with the University is student or applicant.

  • Public Information Technology (IT) Resources:

    IT resources that are available to broad groups of users within the University community. They include, but are not limited to: public-access computer facilities, shared multi-user computing systems, and the network services that Information Technology Services (ITS) and all other University schools and departments manage. The word “public,” in this context, describes a resource that is available broadly to members of the University community. It does not imply that these resources are available to persons from outside the University community.

  • User:

    Everyone who uses University information technology (IT) resources. This includes all account holders and users of University IT resources including, but not limited to: students, applicants, faculty, staff, medical center employees, contractors, foundation employees, guests, and affiliates of any kind.

Policy Statement:

All users of University information technology (IT) resources are required to use them in an ethical, professional, and legal manner. This policy applies to all users of the University’s information technology resources, regardless of location or affiliation. 

Users must be granted University IT resource accounts in accordance with the Accounts Provisioning and De-provisioning Standard.

  1. Acceptable Use Requirements:
    All Users Agree to Abide by the Following Conditions. All users must:
  1. Respect the integrity of the University’s IT resources.
    Users must:
  • Become familiar with and abide by the guidelines for appropriate usage for the University’s IT resources that they access.

Users must not:

  • Divulge or share passwords, PINs, private keys, hardware tokens, or similar authentication elements to anyone else, and they must not exploit sessions left open, or otherwise misappropriate, assume, or steal the “identity” of another user (see Authentication Standard);
  • Obtain or attempt to obtain unauthorized access to the University’s IT resources;
  • Circumvent or attempt to circumvent security controls on the University’s IT resources; nor
  • Allow unauthorized users access to the University’s IT resources.
  1. Protect the University’s IT resources.
  2. Respect and not violate the privacy of others through access or use of the University’s IT resources. (See policy IRM-012, Privacy and Confidentiality of University Information.)
  3. Respect the intended use of all the University’s IT resources, typically for University research, instruction, public service, health care, student services, and administrative purposes. All unauthorized use is prohibited. For Non-Student Users, commercial use is prohibited, but incidental personal use is permitted. (See policy PRM-011, Use of Working Time and University Equipment for Personal or Commercial Purposes.)
  4. Respect the rules and regulations governing the use of IT facilities and equipment. The University expects all users to cooperate in using public IT resources for their intended purposes and in discontinuing their access when requested to do so.
  5. Not use the University’s IT resources to access, use, copy, distribute, or otherwise reproduce or make available to others any copyright-protected materials, including digital materials and software, [see Digital Millennium Copyright Act (DMCA)] except as permitted under copyright law (especially with respect to “fair use”) or specific license.
  6. Abide by the Acceptable Use Standards.

In addition to the above, all Non-Student Users:

  1. Must successfully complete either the University’s or Health System’s online security awareness training at least annually, which includes acceptance of the Electronic Access Agreement.
  2. Are subject to the State Use of Internet and Electronic Communication Systems Policy.
  3. Must not except to the extent required in conjunction with a bona fide, agency-approved research project or other agency-approved undertaking, no user shall utilize agency-owned or agency-leased computer equipment to access, download, print or store any information infrastructure files or services having sexually explicit content (see § 2.2-2827. Restrictions on State Employee Access to Information Infrastructure).
  1. Compliance with Policy:
    Any misuse of data or IT resources may result in limitation or revocation of access to University IT resources. In addition, failure to comply with the requirements of this policy may result in disciplinary action up to and including termination or expulsion in accordance with relevant University policies. Violation of this policy may also violate federal, state, or local laws.

    Questions about this policy should be directed to the Contact Office.

Procedures:
Acceptable Use
Standards and Procedures
Standards Procedures
Connecting Network Equipment Connecting Network Equipment
External Physical Connections External Physical Connections
Copyright of Digital Materials Copyright of Digital Materials
Accounts Provision/Deprovisioning  
Authentication  
  Exceptions
  Electronic Access Requirements

Responsible Computing Handbook for Faculty and Staff
Responsible Computing Handbook for Students

Related Information:

IRM-003, Data Protection of University Information
IRM-004, Information Security of University Technology Resources

IRM-012, Privacy and Confidentiality of University Information

PRM-011, Use of Working Time and University Equipment for Personal or Commercial Purposes

State Use of Internet and Electronic Communication Systems Policy

§ 2.2-2827. Restrictions on State Employee Access to Information Infrastructure

§ 18.2-374. Production, publication, sale, possession, etc., of obscene items

Digital Millennium Copyright Act
(DMCA)

Major Category: Information Resource Management
Next Scheduled Review: 10/23/2020
Approved by, Date: Policy Review Committee, 06/27/2017
Supersedes (previous policy):
Ethics in Computer Usage, Obscene Material, Sexually Explicit Material, Communications Systems Policy, Copyright Protection, Digital Copyright Protection, Information Access