Appropriate Use of Information
Resources UPPS No. 04.01.07
Issue
No. 3
Effective Date: 07/10/2008
Review: March 1 E3Y
01.01 This
UPPS establishes policies and procedures for the appropriate use of information
resources. This policy is established to achieve the following:
a. To ensure compliance with applicable
statutes, regulations, and mandates regarding the management of information
resources;
b. To establish prudent and acceptable practices
regarding the use of information resources; and
c. To educate individuals who may use
information resources with respect to their responsibilities associated with
such use.
UPPS No.
01.04.00, Appropriate Release of Information
UPPS No. 01.04.24, Policy on Copyrighted Computer
Software
UPPS No. 04.01.01, Security of Texas State Information
Resources
UPPS No. 04.01.01 Attachment I, Information Resources Security Manual
UPPS No. 04.01.05, Network Use Policy
03.01 Information
Resources – Any and all devices capable of receiving, storing, managing, or
transmitting electronic data including mainframes, servers, personal computers,
notebook computers, hand-held computers, personal digital assistant (PDA),
pagers, distributed processing systems, network connected display devices,
network attached and computer controlled medical and laboratory equipment (i.e.
embedded technology), telecommunication resources, network environments,
telephones, fax machines, printers, computer printouts, storage media, and
service bureaus. Additionally, it includes the systems, procedures, equipment,
facilities, software, and data that are designed, built, operated, and
maintained to create, collect, record, process, store, retrieve, display, and
transmit information.
03.02 NetID
– NetID stands for Network Identification. This is the name used to identify a person
or other entity when connecting to certain applications and services available
on the Texas State network. NetID’s have
an associated password that serves to authenticate the identity of the NetID
owner.
03.03 User
– An individual or automated application or process that is authorized access
to an information resource by its owner, in accordance with the owner’s
procedures and rules.
04.01 Texas
State provides each of its authorized users with a computer account, known as a
Texas State NetID, which facilitates access to the University’s information
resources. In accepting a Texas State NetID or any other access ID, the
recipient agrees to abide by applicable Texas State policies and legal
statutes, including all federal, state, and local laws. Texas State
reserves the right at any time to limit, restrict, or deny access to its
information resources and to take disciplinary or legal action against anyone
in violation of these policies or statutes.
04.02 Applicable university policies and procedures include all Texas State UPPSs and departmental policies and procedures that address the usage of Texas State information resources. Also applicable are university policies prohibiting harassment, plagiarism, or unethical conduct. Laws that apply to the use of Texas State’s information resources include laws pertaining to theft, copyright infringement, insertion of viruses into computer systems, and other computer-related crimes. This policy applies to all university information resources, whether administered centrally or departmentally; whether on-campus or off-campus. Information resources include hardware, software, communication networks and access devices, electronic storage media, manuals, and other documentation. Also included in this definition are data files that reside on hardware or media owned or supplied by the University, regardless of size, source, or type of storage media, including e-mail messages, system logs, web pages and software.
04.03 Texas
State provides information resources for the purpose of accomplishing tasks
related to the University’s mission. Use of or access to Texas State
computers, networks, data and software may be restricted due to specific
research, teaching or other purposes in keeping with Texas State’s
mission. Texas State’s computer information resources are not a public
forum.
04.04 Texas
State considers email to be a significant information resource and an
appropriate mechanism for official university communication. The University
provides official university e-mail addresses and services to its students,
faculty, staff, and organizational units for this purpose and to enhance the
efficiency of educational and administrative processes. In providing these
services, the University anticipates that e-mail recipients will access and
read university communications in a timely fashion. Faculty, staff, and students may forward
e-mail from their official university address to an alternate e-mail address at
their own risk, however, the University is not responsible for e-mail that has
been forwarded to any other address.
04.05 Subject
to applicable policies and statutes, students who have registered and paid
their fees are allowed to use Texas State’s information resources for school-related
and personal purposes. Personal use must not result in any additional expense
to the University or violate restrictions detailed in Section 05 of this UPPS.
The Texas State NetID’s of graduating students are deactivated ninety days
after graduation. Continuing students may retain their Texas State NetID’s as
long as they remain enrolled for the current or a future semester.
04.06 Employees
of Texas State are allowed to use Texas State’s information resources in the
performance of their job duties as long as they adhere to all applicable
policies and statutes. Incidental personal use of Texas State information
resources by an employee is permitted, subject to review and reasonable
restrictions by the employee’s supervisor. Such personal use must not violate
any applicable policies and statues, must not interfere with the employee’s job
performance, and must not result in any additional expense to the University.
Employees may obtain a Texas State NetID upon verification of employment by the
appropriate administrative head.
An
employee’s access to Texas State’s information resources will be terminated
immediately upon the employee’s separation from employment at Texas State.
There are two limited exceptions to this access termination requirement:
a. A Texas State retiree retains access
to the information resources specified in UPPS No.
04.04.53, Honors and Benefits for Retired Faculty and Staff;
b. Former employees retain access to the
University’s web-enabled, employee self-service (ESS) functions for a period
not to exceed 90 calendar days following the date of separation. Examples
of these ESS functions include retrieval of remuneration statements, mailing
address updates, and similar functions that afford access only to the former
employee’s personal information.
Other
exceptions require specific, prior authorization from the Assistant Vice
President for Technology Resources.
04.07 Censorship
is not compatible with the goals of Texas State. The University will not limit
access to any information due to its content, as long as it meets the standard
of legality. The University reserves the right, however, to place
reasonable time, place and manner restrictions on expressive activities that
use its information resources.
04.08 Texas
State’s information resources are subject to review and disclosure in
accordance with:
a. the Texas Public Information Act and other laws (see UPPS No. 01.04.00, Appropriate Release of Information);
b. other policies or legal requirements, such as subpoenas and court orders;
c. efforts to protect and sustain their operational integrity;
d. security reviews or audits; and
e. such other purposes required to protect the University’s interests and those of other users. Users should not expect privacy from disclosure in any messages or other use of Texas State's information resources.
Anyone
using Texas State’s information resources expressly consents to monitoring by
the University for these purposes and is advised that if such monitoring
reveals possible evidence of criminal activity, university administration may
provide that evidence to law enforcement officials. Further, all users
should understand that while the University takes reasonable precautions, it is
unable to guarantee the protection of electronic files, data, or e-mails from
unauthorized or inappropriate access.
04.09 Intellectual
property laws extend to the electronic environment. Users should assume
that works communicated through Texas State computer networks are subject to
copyright laws, unless specifically stated otherwise.
04.10 Information resources are considered valuable assets of the University. Further, computer software purchased or licensed by the University is the property of the University or the company from whom it is licensed. Any unauthorized access, use, alteration, duplication, destruction, or disclosure of any of these assets may constitute a computer-related crime, punishable under Texas and federal statutes.
05.01 The
following actions constitute inappropriate use of the University's information
resources and are strictly prohibited for all users.
a. Use of University information resources for illegal activities or purposes. The University may deal with such use appropriately, and may report such use to law enforcement authorities. Illegal activities or purposes include unauthorized access, intentional corruption or misuse of information resources, theft, obscenity, and child pornography.
b. Failure to comply with laws, policies, procedures, license agreements, and contracts that pertain to and limit the use of the University's information resources.
c. The abuse of information resources includes any willful act that: endangers or damages any specific computer software, hardware, program, network, data or the system as a whole, whether located on campus or elsewhere on the global Internet; creates or allows a computer malfunction or interruption of operation; injects a computer virus or worm into the computer system; sends a message with the intent to disrupt University operations or the operations of outside entities; produces output that occupies or monopolizes information resources for an unreasonable time period to the detriment of other authorized users; consumes an unreasonable amount of communications bandwidth, either on or off campus, to the detriment of other authorized users; or fails to adhere to time limitations that apply at particular computer facilities on campus.
d. Use of University information resources for personal financial gain or commercial purpose.
e. Failure to protect a password or Texas State NetID from unauthorized use.
f. Falsely representing one’s identity through the use of another individual’s Texas State NetID or e-mail alias, or permitting the use of a NetID and password by someone other than their owner
g. Unauthorized use of or access to any electronic file.
h. Unauthorized use, access, duplication, disclosure, alteration, damage, or destruction of data contained on any electronic file, program, network, web page, or university hardware or software.
i. Unauthorized duplication, use or
distribution of software and other copyrighted digital materials (including
copyrighted music, graphics, etc.) is a violation of this policy. All software
and many other digital materials are covered by some form of copyright,
trademark, license or agreement with potential civil and criminal liability
penalties. Exceptions must be specifically authorized by the copyright or
trademark holder or by the fair use provisions of the copyright law. See also UPPS No. 01.04.24, Policy on Copyrighted Computer
Software.
j. Participating or assisting in the deliberate circumvention of any security measure or administrative access control that pertains to University information resources.
k. Using university information resources in a manner that violates other university policies, such as racial, ethnic, religious, sexual or other forms of harassment.
l. Using university information resources to knowingly transmit spam mail, chain letters, malicious software (e.g., viruses, worms, or spyware), or personal advertisements, solicitations or promotions.
m. Modifying any wiring or attempting to extend the network beyond the port (i. e., adding hubs, switches or similar devices) in violation of the University’s Network Use Policy (UPPS No. 04.01.05).
n. Using Texas State’s information resources to affect the result of a local, state, or national election or to achieve any other political purpose.
o. Using Texas State’s information resources to state, represent, infer, or imply an official university position without appropriate authorization.
06.01 Each
user shall utilize university information resources responsibly and respect the
needs of other users.
06.02 Each
person is responsible for any usage of his or her Texas State NetID. Users must
maintain the confidentiality of their passwords.
06.03 A
user must report any abuse or misuse of information resources or violations of
this policy to their department head or to the Office of the Assistant Vice
President for Technology Resources.
06.04 When
communicating with others via university information resources (e.g., e-mail),
a user's communications should reflect high ethical standards, mutual respect
and civility.
06.05 Users
are responsible for obtaining and adhering to relevant, acceptable network use
policies (see UPPS No. 04.01.05).
06.06 Administrative heads and supervisors must report ongoing or serious problems regarding the use of Texas State information resources to the Office of the Assistant Vice President for Technology Resources.
07.01 There
will be occasions when auditors may require access to Texas State information
resources. Access is permitted in accordance with these guidelines.
07.02 Internal
auditors from Texas State shall be allowed access to all University activities,
records, property, and employees in the performance of their duties.
07.03 The
Director of Internal Audit and Compliance shall notify the Office of the Vice
President for Information Technology, Office of the Assistant Vice President
for Technology Resources, and the University Attorney’s office prior to
accessing individual data files.
07.04 State
and federal auditors will be granted access to university information resources
and data files on an as needed basis, as approved by the Office of the Vice
President for Information Technology.
08.01 Failure
to adhere to this policy may lead to the revocation of a user’s Texas State
NetID, suspension, dismissal, or other disciplinary action by the University,
as well as referral to legal and law enforcement agencies.
08.02 Statutes
pertaining to the use of university information resources include the
following:
a. Texas Administrative Code, Title 1, Part 10, Chapter 202 - Regulations from the Department of Information Resources establishing requirements for state agencies regarding computer security.
b. Texas Penal Code, Chapter 33: Computer Crimes - Texas law pertaining to computer crimes. This statute specifically prohibits unauthorized use of university computers, unauthorized access to stored data, or dissemination of passwords or other confidential information to facilitate unauthorized access to the University’s computer system or data.
c. Texas Penal Code, § 37.10: Tampering with Governmental Record - Prohibits any alteration, destruction, or false entry of data that impairs the validity, legibility or availability of any record maintained by the University.
d. United States Code, Title 18, Chapter 47, § 1030: Fraud and Related Activity in Connection with Computers - Federal law specifically pertaining to computer crimes. Among other stipulations, prohibits unauthorized and fraudulent access to information resources.
e. Computer Fraud and Abuse Act (Part of Title 18, Chapter 47, U.S.C. § 1030) - Makes it a crime to access a computer to obtain restricted information without authorization; to alter, damage, or destroy information on a government computer; and to traffic in passwords or similar information used to gain unauthorized access to a government computer.
f. The Computer Abuse Amendments Act of 1994 (Part of Title 18, Chapter 47, U.S.C. § 1030) - Expands the Computer Fraud and Abuse Act of 1986 to address the transmission of viruses and other harmful code.
g. Federal Copyright Law - Recognizes that all intellectual works are automatically covered by copyright. The owner of a copyright holds the exclusive right to reproduce and distribute the work.
h. Digital Millennium Copyright Act - Signed into law on October 20, 1998, as Public Law 105-304. Created to address the digitally networked environment, the DMCA implements the WIPO Internet Treaties; establishes safe harbors for online service providers; permits temporary copies of programs during the performance of computer maintenance; and makes miscellaneous amendments to the Copyright Act, including amendments that facilitate Internet broadcasting.
i. Electronic Communications Privacy Act (U.S.C., Title 18) - Prohibits the interception or disclosure of electronic communication and defines those situations in which disclosure is legal.
j. Computer Software Rental Amendments Act of 1990 - Deals with the unauthorized rental, lease, or lending of copyrighted software.
k. Texas Government Code § 556.004 - Prohibits using state resources or programs to influence elections or to achieve any other political purpose.
09.01 Reviewers of this UPPS include the following:
Position Date
Asst. Vice President for Technology March 1 E3Y
Resources
Special Assistant to the Vice
President March 1 E3Y
For Information Technology
Information Security Officer March 1 E3Y
University Attorney March 1
E3Y
This UPPS has been approved by the following individuals in their official capacities and represents Texas State policy and procedure from the date of this document until superseded.
Assistant Vice President for Technology Resources; senior reviewer of this UPPS
Vice President for Information Technology
President