Acceptable Use Policy
Purpose
This Acceptable Use Policy (the “Policy”) of Saint Peter’s University (the “University”) establishes the rights and responsibilities of all Users (defined herein) regarding the appropriate use of the University Information Systems (defined herein). This Policy is not intended to cover every situation, but instead to provide general guidelines for all users. The University may change this Policy at any time without notice.
Definitions
“University Information Systems” refers to all information technology resources including but not limited to computers, networks, network user accounts, servers, printers, software, phone, video and voicemail systems, electronic mail, and web pages developed, maintained and/or managed by the University and/or its affiliates. This includes all University owned, licensed, or managed hardware and software and the use of the University networks via a physical or wireless connection, regardless of the ownership of the computer or device connected to the network.
“User” refers to any University student, faculty, staff, or affiliate using the University Information Systems.
“Domain Administrator” refers to any individual with express permission and authority from the University to administer and facilitate access to the University Information Systems.
“User Account” refers to any account assigned by a University Domain Administrator to faculty, student, staff, or affiliate. A User who has been assigned a User Account has permission to use the University Information Systems within the parameters determined by the Domain Administrator, this Acceptable Use Policy, and other University policies and regulations.
Principal of Least Privilege (PoLP) is a basic security guideline stating that “every program and every user of the system should operate using the least set of privileges necessary to complete the job.”
Scope of the Policy
This Policy applies to all Users of the University Information Systems. All Users are subject to the applicable provisions of the University Personnel Policies and Procedures manual, the student handbook, The NET, and all other policies and procedures established by the schools and administrative offices of
the University. The requirements set forth in this Policy apply to all Users, regardless of the ownership or location of the device (e.g., computer) used to access the University Information Systems.
A. Restrictions
The University reserves the right to protect its University Information Systems and to restrict User access to University Information System activities that are related to the University. These systems are primarily intended for the academic, educational, and research purposes of the University. The University reserves the right to define what constitutes unauthorized use.
The University and its Users must comply with relevant federal and state laws, including but not limited to, appropriate use, copyright and fair use, and privacy laws.
B. Use of Computers and Equipment Not Owned by the University
There are many possible combinations of interaction among the software needed by the remote user and the average mix of programs on most home computers. Troubleshooting software and hardware conflicts can take many hours, and a complete reinstall of operating systems and application software is often the only remedy for problems. For these reasons, the University will provide support for University-owned equipment and software only.
The owner of any device connected to the University Information Systems is responsible for the security of and activity generated by that device. Users must ensure that the latest patches, software and antivirus updates are installed on their devices.
The University will bear no responsibility if the installation or use of any University software on individually-owned computers (computers not owned by the University) causes system lockups, crashes, or complete or partial data loss on such individually-owned equipment.
Upon separation from the University, all University-owned software, including all University-licensed software, must be removed from non-University owned computers. This includes but is not limited to mobile devices, laptops, and home computers.
C. Computer Usage
Computers, computer files, internet access, and software furnished to employees at the University are primarily for business purposes and employees are responsible for seeing that these systems are used in an effective, ethical, and lawful manner. Although incidental personal use of these systems is permitted, any personal use of these systems is expected to be on the User’s own time and is not to interfere with the person’s job responsibilities. Use of these systems may not cause any harm or embarrassment to the University and such use must comply with this Acceptable Use Policy.
Employees should not use a password, access a confidential file, or retrieve any stored confidential communication without authorization.
The University purchases and licenses the use of various computer software for business purposes and does not own the copyright to this software or its related documentation. Unless authorized by the software developer, the University does not have the right to reproduce such software for use on more than one computer.
Employees may only use software on local area networks or on multiple machines according to the software license agreement. The University prohibits the illegal duplication of software and its related documentation.
Unless permission is granted by the Information Technology Department, employees are not permitted to install or copy software on University equipment. Only software that is licensed to or owned by the University is to be installed on University computers.
D. Network User Accounts
To utilize the University network, the University requires all Users to log on with the accounts that have been provided to them by the Office of Information Technology. Users are strictly prohibited from sharing User Account information with others or using someone else’s User Account, with or without their permission. Any Users suspecting unauthorized use of their accounts are responsible for changing their passwords and/or contacting the Office of Information Technology through the help desk to have their accounts temporarily or permanently disabled.
E. Appropriate Use of Information Systems
Users are responsible for using the University Information Systems in an efficient, ethical, and lawful manner. Usage that conflicts with this Policy is prohibited, and includes, but is not limited to, the following:
- Supporting commercial interests not related to the work of the University.
- Initiating or propagating electronic chain mail, commercial mailings, or other mass mailings in violation of the CAN-SPAM Act of 2003.
- Intentionally introducing viruses, worms, Trojan horses or other malicious activity.
- Engaging in any activity that interferes with the proper operation of the University Information Systems.
- Installing software on University computers without the authorization of a Domain Administrator.
- Tampering or interfering with the intended use of the University Information Systems.
- Engaging in any unauthorized activities that result in monetary charges to the University.
- Using the University Information Systems to convey fraudulent, defamatory, harassing, obscene, or threatening messages or material and/or any communications prohibited by law.
- Using the University Information Systems to engage in illegal file sharing or any other illegal activities.
- Soliciting, proselytizing or conducting political activity.
- Accessing, creating, storing or transmitting material with the University may deem to be offensive, indecent or obscene.
- Violating the privacy of others.
- Activities that interfere with the ability of others to use University Information Systems, (e.g., consuming excessive amounts of network bandwidth or deliberately degrading performance of the University Information Systems).
- Logging into an account or accessing data not intended for the User.
- Allowing any unauthorized person to use University Information Systems.
- Attempting to avoid or avoiding any user authentication or security procedures.
- Violating the rights of any person protected by copyright, trade secret, patent or other intellectual property or similar laws and regulations (e.g., installing or distributing pirated or other inappropriately licensed software).
- Copying, storing, displaying or distributing copyrighted material without explicit permission of the copyright owner or as otherwise permitted under copyright law.
F. Non-commercial, Personal Use
The University acknowledges that Users of the University Information Systems may engage in non-commercial, personal use (e.g. personal email). Such use is permitted within the following guidelines:
- Use does not interfere with the performance of any User’s University-related responsibilities.
- Use does not interfere with the performance of the University Information Systems.
- Use is not otherwise prohibited by this Policy, by other University policies, or by law.
The University is not responsible for the content of individuals’ personal web spaces, nor the content of servers, programs or files that individuals maintain on personally-owned computers connected to the University’s Information Systems.
G. Electronic Harassment
The University has set forth explicit policies in the student and faculty/staff handbooks regarding harassment. Harassment within the context of the University Information Systems is prohibited and all incidents will be dealt with appropriately.
H. Privacy
The University acknowledges its responsibility – pursuant to this Policy, the Family Educational Rights & Privacy Act (FERPA), the USA Patriot Act of 2001, U.S. Privacy Act, and the Electronic Communications Privacy Act (ECPA) – to respect the privacy of students’ electronic files and communications within the University Information Systems. However, Users of the Information Systems should be aware of the inherent limitations of shared information system resources. The University cannot guarantee the privacy or confidentiality of stored information or electronic communications. The University is not responsible for non-University resources, including but not limited to information residing on the Internet, even if those non-University resources are accessed through the University’s networks.
Information created, sent, received or stored on the University networks are not private. At all times, the University has the right to monitor and access a User’s communications, files, stored information, and activities using the University Information Systems pursuant to applicable state and federal law, rules and regulations and University policies.
If the University monitors or accesses a User’s files, communications, or activities using the University Information Systems, it will respect that which is privileged or otherwise protected from disclosure by law.
I. Sanctions
Violation of this Policy may result in the temporary or permanent disabling of the User Account, depending on the severity of the offense. Other sanctions, including disciplinary action, dismissal and/or termination, and prosecution under applicable state and federal laws, rules and regulations, may apply.