UVA Logo
IRM-002: Acceptable Use of the University’s Information Technology Resources

Date: 10/23/2017 Status: Final
Last Revised: 10/29/2024
Policy Type: University
Oversight Executive: Vice President and Chief Information Officer
Applies To:

Academic Division, the Medical Center, the College at Wise, and University-Associated Organizations.

Reason for Policy:

Use of the University’s information technology (IT) resources shall support the mission of the University in teaching, research, public service, and healthcare. Users of the University’s IT resources are responsible for using these resources appropriately and respecting the rights of others.

Definition of Terms in Statement:
  • Information Technology (IT) Resources:All resources owned, leased, managed, controlled, or contracted by the University involving networking, computing, electronic communication, and the management and storage of electronic data regardless of the source of funds including, but not limited to:
    • Networks (virtual and physical), networking equipment, and associated wiring including, but not limited to: gateways, routers, switches, wireless access points, concentrators, firewalls, and Internet-protocol telephony devices.
    • Electronic devices containing computer processors including, but not limited to: computers, laptops, desktops, servers (virtual or physical), smart phones, tablets, digital assistants, printers, copiers, network-aware devices with embedded electronic systems (i.e., “Internet of things”), and supervisory control and data acquisition (SCADA) and industrial control systems.
    • Electronic data storage devices including, but not limited to: internal and external storage devices (e.g., solid state and hard drives, USB thumb drives, Bluetooth connected storage devices), magnetic tapes, diskettes, CDs, DVDs.
    • Artificial intelligence tools, including generative AI tools such as UVA Copilot and UVAChat+.
    • Software including, but not limited to: applications, databases, content management systems, web services, and print services.
    • Electronic data in transmission and at rest.
    • Network and communications access and associated privilege.
    • Account access and associated privileges to any other IT resource.
  • Non-Student Users:All users except for those whose sole affiliation with the University is student or applicant.
  • Public Information Technology (IT) Resources:IT resources that are available to broad groups of users within the University community. They include but are not limited to: public-access computer facilities, shared multi-user computing systems, and the network services that Information Technology Services (ITS) and all other University schools and departments manage. The word “public,” in this context, describes a resource that is available broadly to members of the University community. It does not imply that these resources are available to persons from outside the University community.
  • University Records:Recorded information that documents a transaction or activity by or with any appointed board member, officer, or employee of the University. Regardless of physical form or characteristic, the recorded information is a University record if it is produced, collected, received or retained in pursuance of law or in connection with the transaction of university business. The medium upon which such information is recorded has no bearing on the determination of whether the recording is a University record. University records include but are not limited to: personnel records, student records, research records, financial records, patient records, and administrative records. Record formats/media include but are not limited to: email, messaging (texts, instant messaging, etc.), posts (social media or collaboration software), databases, electronic files, paper, audio, video, and images (digital and printed).
  • User:Everyone who uses University IT resources. This includes all account holders and users of University IT resources including, but not limited to: students, applicants, faculty, staff, medical center employees, contractors, University-Associated Organization employees, guests, and affiliates of any kind.
Policy Statement:

All users of University IT resources are required to use them in an ethical, professional, and legal manner. This policy applies to all users of the University’s information technology (IT) resources, regardless of location or person's affiliation.

Users must be granted University IT resource accounts in accordance with the Accounts Provisioning and De-provisioning Standard.

  1. Acceptable Use Requirements:
    All users agree to ensure the confidentiality and integrity of the University’s IT resources. All users must:

    Users should:

    • Complete either the University’s or Health System’s online security awareness training at least annually.

    Users must not:

    • Divulge or share passwords, PINs, private keys, hardware tokens, or similar authentication elements with anyone else.
    • Obtain or attempt to obtain unauthorized access to the University’s IT resources.
    • Circumvent or attempt to circumvent security controls on the University’s IT resources.
    • Allow unauthorized users access to the University’s IT resources.
    • Exploit sessions left open, or otherwise misappropriate, assume, or steal the “identity” of another user. (See Authentication Standard and UVA Health System Policy IT-002: Use of Electronic Information and Systems.)
    • Violate the privacy of others through access or use of the University’s IT resources. (See policy IRM-012: Privacy and Confidentiality of University Information and UVA Health System Policy INM-001: Requirements Concerning Confidential Information.)
    • Use the University’s IT resources to access, use, copy, distribute, or otherwise reproduce or make available to others any copyright-protected materials, including digital materials and software, except as permitted under copyright law (especially with respect to “fair use”) or specific license. (See Copyright Act.)

    In addition to the above, all Non-Student Users:

  2. University IT Resources:
    All users agree to protect the University’s IT resources.
  3. Compliance with Policy:
    Any misuse of data or IT resources or failure to comply with the requirements of this policy may result in limitation or revocation of access to University IT resources. In addition, failure to comply with the requirements of this policy may result in disciplinary action up to and including termination or expulsion in accordance with relevant University policies. Violation of this policy may also violate federal, state, or local laws.

    Questions about this policy should be directed to University Information Security (InfoSec).

Major Category:
Information Resource Management
Next Scheduled Review:
12/21/2025
Approved By, Date:
Policy Review Committee, 06/27/2017
Revision History:

Updated list of Standards 10/29/24; Removed External Physical Network Standard/Procedure 7/16/24; External Physical Network Connections standard and procedure Added GenAI tools to definition of IT Resources, 2nd and last bullets in Section 1 3/6/24; Added 14th bullet in Section 1 (SB 1459 bars official use of TikTok and WeChat) 7/1/23; Revised 12/21/22, 5/16/20.

Supersedes (previous policy):

Ethics in Computer Usage, Obscene Material, Sexually Explicit Material, Communications Systems Policy, Copyright Protection, Digital Copyright Protection, Information Access