Acceptable Use of Information Technology Resources
These rules are in place to ensure an optimal learning and working environment, and the assurance of freedom in academic pursuit.
The Acceptable Use of Information Technology Resources Policy is intended to guide users around acceptable use of computer and network services.
Reason for Policy
The purpose of this Acceptable Use of Information Technology Resources Policy (AUP) is to outline the acceptable use of computer and network services provided and/or used by users of Information Technology (IT) at Adelphi University (the University), including the equipment and additional resources used to provide these services. These rules are in place to ensure an optimal learning and working environment, and the assurance of freedom in academic pursuit. In addition, this policy protects the information used by administration and staff so that it is maintained at proper levels of availability, confidentiality, and integrity. Inappropriate use exposes the University to risks including virus attacks, compromise of network systems and services, policy violations, and legal issues.
Who Is Governed by this Policy
All end-user and application management accounts on computerized information systems operated by or on behalf of Adelphi University.
Proper use of University IT resources follows the same standards of common sense and courtesy that govern the use of other public facilities. Therefore, the basic premise of the AUP is that University IT resources are permitted to be used in order to perform and/or support legitimate instructional and/or research activities and work.
Examples of improper use include, but are not limited to:
- Any use of University IT resources unrelated to legitimate instructional or research computing if it interferes with another user’s legitimate instructional or research computing;
- Any use of University IT resources that violates another person’s intellectual property rights;
- Any use of University IT resources that violates another person’s privacy;
- Any use of University IT resources that violates any other Adelphi policy, any local, state or federal law, or which is obscene, defamatory, harassing, discriminatory, or may damage the University’s good name and reputation;
- Any use of University IT resources resulting in commercial gain or private profit (other than allowable under the University’s intellectual property policies).
The Adelphi AUP is published and available for review by all users through the Adelphi University Website, and it is also contained in the student, faculty and employee handbooks. All potential users who wish to have access to Adelphi University IT resources will be required to acknowledge receipt of the Adelphi AUP prior to being allowed access to these resources. A user who requires access on more than one occasion will be required to reset his or her password every one hundred twenty (120) days and provide further explicit acknowledgements of receipt of the AUP as part of the process to reset the password. A user who fails to reset his or her password and acknowledge receipt of the AUP will be denied access to Adelphi University IT resources.
General Use and Ownership
- Data is a critical and valuable asset of the University. All members of the Adelphi community have a responsibility to protect University data from unauthorized creation, access, modification, disclosure, transmission, or destruction and are expected to be familiar with and comply with this policy.
- All data and information assets created with or stored on systems operated by, or on behalf of the University, remain the property of the University, unless previously agreed upon in an explicit written and duly executed agreement or approved policy.
- The University highly values the individual’s privacy. However, driven by the need to protect the University’s information assets, users must not expect an absolute level of privacy. Where necessary, designated employees are able and authorized to access email accounts, monitor the network, access files and databases, etc., without obtaining prior approval of the user in question.
- Information system accounts that expire or are closed may be deleted, including any data or information contained in them.
- Control of files associated with expired accounts may be transferred to the account holder’s supervisor or designee.
- All users are required to comply with the University’s published IT policies.
- Loopholes in information security systems or knowledge of a special password must be reported to the Office of Information Technology (IT Department) as soon as possible and must not to be used to damage information systems, obtain extra resources, take resources from another user, gain access to systems, or use systems for which proper authorization has not been given.
Institutional Access to Individual User Resources
General Monitoring. Adelphi University highly values individual privacy and does not routinely monitor, inspect or disclose individual usage of Adelphi University computer resources without the individual user’s consent. Under most circumstances, if the University requires information located in an Adelphi computer resource, it will request it from the custodian or author.
Monitoring Without Notice. Adelphi University may specifically monitor and inspect the activity and accounts of individual users of its computer resources, including (but not limited to) individual login sessions, e-mail and other communications, without notice, to ensure that they are secure and being used in conformity with Federal, State and local law, as well as with this AUP and other University guidelines. Therefore, to the extent allowed by applicable law, the University reserves the right to examine and use any content found on the University’s information technology resources in the following scenarios:
- When reasonably necessary to protect the security or integrity of Adelphi University computer resources;
- When reasonably necessary to protect the safety, security or property of any other person or entity;
- When reasonably necessary to diagnose and resolve technical problems involving system hardware, software or communications;
- When it is reasonably necessary to determine whether Adelphi University may be subject to liability;
- When there is a reasonable basis to believe that Adelphi University policy or Federal, State or local law has been or is being violated;
- When the user has voluntarily made the content accessible to the public; or
- As otherwise required by law.
A register of IT department staff members who are authorized to conduct monitoring incidental to performing routine technical maintenance, troubleshooting, testing, or information security analysis will be maintained. Incidental monitoring will be minimized to the extent possible and monitored data will not be retained any longer than needed.
All monitoring that is not incidental to routine technical maintenance, troubleshooting, testing, or information security analysis will require an explicit authorization and is subject to acceptance by the IT department. A register will be maintained that specifies the persons who may authorize, accept or conduct non-incidental monitoring.
Security and Proprietary Information
- Passwords must be kept secure and accounts may not be shared.
- Authorized users are responsible for the security of their passwords and accounts, and will be held accountable for any (mis) use of their accounts.
- When using encryption to protect the confidentiality of files, users are required to consult with the IT Department to discuss best practices.
- Because portable computers are especially vulnerable, special care must be exercised to secure confidential information when using mobile equipment.
- All systems that are connected to the University network, whether owned by the University or by a third party, must be continually executing approved virus-scanning software with a current virus database.
- Disabling or tampering with mechanisms that protect University IT resources is prohibited.
- Users must use extreme caution when opening email attachments received from unknown senders, which may contain viruses, email bombs, or “Trojan horse code”.
- Suspected breaches of information security must be reported to the IT Department. Users are required to cooperate fully with any investigation that is conducted by the IT Department.
- In order to protect the availability, confidentiality, and integrity of the University’s network, information assets, and computer equipment, the IT Department is authorized to revoke any and all access to computer and/or network resources from a user at any time.
Network connectivity is provided in the residence halls for recreational use, as well as for academic use. Recreational use of the general wireless network is also permitted. All recreational use of IT resources is subject to all limitations that are outlined in this AUP.
The following activities are, in general, prohibited. Employees may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g., systems administration staff may have a need to disable the network access of a host if that host is disrupting production services). The items listed below are by no means exhaustive, but attempt to provide a framework for activities which fall into the category of unacceptable use.
System and Network Activities
The following activities are prohibited:
- Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by the University.
- Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which the University or the end user does not have an active license.
- Willingly introducing malicious programs into the network or server (e.g., viruses, worms, Trojan horses, email bombs, etc.).
- Revealing your account password to others or allowing use of your account by others. This includes family and other household members when work is being done off-campus.
- Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the user is not an intended recipient or logging into a server or account that the user is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, “disruption” includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.
- Conducting investigations to identify the source of suspected technical problems or misconduct, unless explicitly authorized in a job function and in accordance with established policies and procedures.
- Executing any form of network monitoring which will intercept data not intended for the user’s host, unless this activity is a part of the user’s normal job/duty.
- Circumventing user authentication or security of any host, network or account, or circumventing or disabling any security controls.
- Interfering with or denying service to any user other than the user’s host (e.g., denial of service attack).
Employees may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g., systems administration staff may have a need to disable the network access of a host if that host is disrupting production services).
Email and Communications Activities
The following activities are also prohibited:
- Sending unsolicited messages (via email, instant messages, posting to websites, etc.), including the sending of “junk mail” or other advertising material to individuals who did not specifically request such material (email spam).
- Any form of harassment or discriminatory statements via email, instant messaging, telephone or any other communications form, whether through language, frequency, or size of messages.
- Unauthorized use, or forging, of information that can be used to identify the originator of a message.
- Use of unsolicited email, instant messaging, or posting to Internet-based forums originating from within the University’s networks or other network service providers on behalf of, or to advertise, any service hosted by the University or connected via the University’s network.
Termination and Suspension of Accounts
Termination due to departure
A user who departed whose affiliation with the University is terminated (regardless of whether that termination is voluntary or involuntary) may have his or her user account terminated, unless other policies or procedures dictate differently.
Termination due to change of status
When the nature of a user’s affiliation with the University changes, either through graduation, change of responsibilities or for any other reason, their access rights may be reviewed and he or she may have to reapply for privileges. At such time, the user’s account may be terminated and content stored in accounts may be transferred or disposed.
Termination or suspension of accounts due to policy violations
Adelphi University reserves the right to terminate or suspend access at any time and without notice to anyone whose use of its information technology resources violates the law, this policy or other University policies, or threatens system or network security, performance, or integrity.
The University will, in appropriate circumstances, terminate or suspend the network access of users who infringe upon the copyrights of others
The University has the right to remove from its information technology resources any material or access it believes violates this policy, pending an investigation of misuses or finding of violation.
If it is known or anticipated that a user will become involved in litigation and the information in account of the user may be pertinent to such anticipated or actual litigation, the account information will be held for a reasonable amount of time.
Compliance with this policy
Designated employees in the IT Department are responsible for monitoring compliance with this policy and for dealing with minor violations of this policy.
Reporting of violations
Violations of this AUP that have been determined by the IT Department to originate from faculty, administration or staff may be reported to the Associate Vice President of Human Resources and Labor Relations, or to her designee.
Violations of this AUP that have been determined by the IT Department to originate from students may be reported to the Dean of Student Affairs, or to his designee.
In addition, violations of this AUP that may potentially involve violations of the law may be reported to the Assistant Vice President of Public Safety and Transportation, or his designee.
In cases of computer misconduct, IT Department may notify the appropriate dean or University official, who in turn will determine the course of any investigation or disciplinary action.
Deviation from policy
Permission to deviate from this policy may be granted in writing only by the Chief Information Officer or his delegate.
This policy does not have definitions associated with it at this time. Upon periodic policy review this area will be evaluated to determine if additional information is needed to supplement the policy.
This policy does not have forms associated with it at this time. Upon periodic policy review this area will be evaluated to determine if additional information is needed to supplement the policy.
This policy does not have related information at this time. Upon periodic policy review this area will be evaluated to determine if additional information is needed to supplement the policy.
- Last Reviewed Date: Fall 2013
- Last Revised Date: Fall 2017
- Policy Origination Date: Fall 2013
Who Approved This Policy
Office of Information Technology