Appropriate
Use of Information Resources UPPS
No. 04.01.07
Issue
No. 6
Effective
Date: 2/3/2012
Page
1 of 9
01. POLICY STATEMENT
01.01 This
UPPS establishes policies and procedures for the appropriate use of information
resources in order to:
a. achieve
university-wide compliance with applicable statutes, regulations, and mandates
regarding the management of information resources;
b. establish
prudent and acceptable practices regarding the use of information resources;
and
c. educate
individuals about the responsibilities they assume when using the university’s
information resources.
02. RELATED DOCUMENTS
UPPS No. 01.04.24, Policy on Copyrighted Computer
Software
UPPS No. 04.01.01, Security of Texas State Information
Resources
UPPS No, 04.01.02, Information Resources Identity and Access
Management
UPPS No. 04.01.05, Network Use Policy
03. DEFINITIONS
03.01 Information
Resources – include all of the following:
a.
all
physical and logical components of the university’s wired and wireless network
infrastructure;
b.
any
device that connects to or communicates electronically via the university’s
network infrastructure, including computers, printers, and communication
devices, both portable and fixed;
c.
any
fixed or portable storage device or media, regardless of ownership, that
contains university data;
d.
all
data created, collected, recorded, processed, stored, retrieved, displayed, or
transmitted using devices connected to the university network;
e.
all
computer software and services licensed by the university; and
f.
support
staff and services employed or engaged by the university to deploy, administer,
or operate the above described resources or to assist the university community
in effectively using these resources.
03.02 NetID
– Network Identifier, the unique identifier used by the university to identify
a person or other entity when accessing the university’s non-public information
resources. Every NetID has an associated password that serves to authenticate
the identity of the NetID owner. For a more extensive description of the NetID
and other aspects of computer account management and access control, see UPPS No.
04.01.02, Information Resources Identity and Access Management.
03.03 User
– An individual or automated application or process with authorization to
access an information resource by its owner, in accordance with the owner’s
procedures and rules.
04. GENERAL GUIDELINES AND PRINCIPLES
04.01 Texas
State provides each of its authorized users with a computer account, known as a
Texas State NetID, which facilitates access to the university’s information
resources. In accepting a Texas State NetID or any other access ID, the
recipient agrees to abide by all applicable Texas State policies and legal
statutes, including all federal, state, and local laws. Texas State
reserves the right at any time to limit, restrict, or deny access to its
information resources and to take disciplinary or legal action against anyone
in violation of these policies or statutes.
04.02 Applicable
university policies and procedures include all Texas State University Policy
and Procedure Statements (UPPS) and departmental policies and procedures that
address the usage of Texas State information resources. Also applicable are
university policies prohibiting harassment, plagiarism, or unethical
conduct. Laws that apply to the use of Texas State’s information resources
include laws pertaining to theft, copyright infringement, insertion of malicious
software into computer systems, and other computer-related crimes. This policy
applies to all university information resources, whether administered centrally
or departmentally, and regardless of where they reside.
04.03 Texas
State provides information resources for the purpose of accomplishing tasks
related to the university’s mission. Texas State expects its faculty and
staff to employ these resources as their first and preferred option for
satisfying their business, research, or instructional needs. Thus, faculty and
staff should engage third-party providers of such resources only after
determining that university-provided resources do not adequately satisfy the
business, research, or instructional need.
The
university may restrict the use of or access to its information resources due
to specific research, teaching or other purposes in keeping with Texas State’s
mission. Texas State’s computer information resources are not a public
forum.
04.04 Texas
State considers e-mail a significant information resource and an appropriate
mechanism for official university communication. The university provides
official university e-mail addresses and services to its students, faculty,
staff, and organizational units for this purpose and to enhance the efficiency
of educational and administrative processes. In providing these services, the
university anticipates that e-mail recipients will access and read university
communications in a timely fashion.
Current
faculty, staff, and students may forward e-mail from their official university
address to an alternate e-mail address at their own risk and subject to
restrictions on transmission of confidential information (see Sections 04.09
and 07.02 of UPPS
No. 04.01.01, Security of Texas State Information Resources). The
university cannot guarantee and is not responsible for the delivery or
protection of e-mail forwarded from the official university address to any
other address. Individuals who forward university e-mail assume personal
responsibility for its timely delivery and its protection from improper
disclosure once it leaves the university network. For this reason, individuals
who routinely receive or expect to receive e-mail containing confidential
information should avoid establishing automated email forwards.
04.05 Consistent
with the provisions of UPPS No.
04.01.02, Information Resources Identity and Access Management, and other applicable
policies and statutes, students who have registered and paid their fees are
allowed to use Texas State’s information resources for school-related and
personal purposes. Personal use must not result in any additional expense
to the university or violate restrictions detailed in Section 05. of this UPPS.
04.06 Consistent
with the provisions of UPPS No.
04.01.02, Information Resources Identity and Access Management, and other
applicable policies and statutes, employees of Texas State are allowed to use
Texas State’s information resources in the performance of their job duties.
State law and university policy permit incidental personal use of Texas State
information resources, subject to review and reasonable restrictions by the
employee’s supervisor. Such personal use must not violate any applicable
policies and statutes, must not interfere with the employee’s job performance,
and must not result in any additional expense to the university.
04.07 Censorship
is not compatible with the goals of Texas State. The university will not
limit access to any information due to its content, as long as it meets the
standard of legality. The university reserves the right, however, to place
reasonable time, place and manner restrictions on expressive activities that
use its information resources.
04.08 Texas
State’s information resources are subject to monitoring, review, and disclosure
as provided in Section 07. of UPPS 04.01.02,
Information Resources Identity and Access Management. Consequently, users
should not expect privacy in their use of Texas State's information resources.
04.09 Intellectual
property laws extend to the electronic environment. Users should assume
that works communicated through Texas State computer networks are subject to
copyright laws, unless specifically stated otherwise.
04.10 The
state of Texas and the university consider information resources valuable
assets. Further, computer software purchased or licensed by the university
is the property of the university or the company from whom it is licensed. Any
unauthorized access, use, alteration, duplication, destruction, or disclosure
of any of these assets may constitute a computer-related crime, punishable
under Texas and federal statutes.
05. INAPPROPRIATE USES OF INFORMATION
RESOURCES
05.01 The
following activities exemplify inappropriate use of the university's
information resources. These and similar activities are strictly prohibited for
all users.
a. Use
of university information resources for illegal activities or purposes. The
university may deal with such use appropriately, and may report such use to law
enforcement authorities. Illegal activities or purposes include unauthorized
access, intentional corruption or misuse of information resources, theft,
obscenity, and child pornography.
b. Failure
to comply with laws, policies, procedures, license agreements, and contracts
that pertain to and limit the use of the university's information resources.
c. The
abuse of information resources includes any willful act that: endangers or
damages any specific computer software, hardware, program, network, data or the
system as a whole, whether located on campus or elsewhere on the global
Internet; creates or allows a computer malfunction or interruption of
operation; injects a computer virus or worm into the computer system; sends a message
with the intent to disrupt university operations or the operations of outside
entities; produces output that occupies or monopolizes information resources
for an unreasonable time period to the detriment of other authorized users;
consumes an unreasonable amount of communications bandwidth, either on or off
campus, to the detriment of other authorized users; or fails to adhere to time
limitations that apply at particular computer facilities on campus.
d. Use
of university information resources for personal financial gain or commercial
purpose.
e. Failure
to protect a password or Texas State NetID from unauthorized use.
f. Falsely
representing one’s identity through the use of another individual’s Texas State
NetID or permitting the use of a NetID and password by someone other than their
owner.
g. Unauthorized
attempts to use or access any electronic file system or data repository.
h. Unauthorized
use, access, duplication, disclosure, alteration, damage, or destruction of
data contained on any electronic file, program, network, web page, or
university hardware or software.
i. Unauthorized
duplication, use or distribution of software and other copyrighted digital
materials (including copyrighted music, graphics, etc.) is a violation of this
policy. All software and many other digital materials are covered by some form
of copyright, trademark, license or agreement with potential civil and criminal
liability penalties. The copyright or trademark holder or the fair use
provisions of the copyright law must specifically authorize exceptions. See
also UPPS No. 01.04.24, Policy on Copyrighted Computer
Software.
j. Participating
or assisting in the deliberate circumvention of any security measure or
administrative access control that pertains to university information
resources.
k. Using
university information resources in a manner that violates other university
policies, such as racial, ethnic, religious, sexual or other forms of harassment.
l. Using
university information resources for the transmission of spam mail, chain
letters, malicious software (e. g., viruses, worms, or spyware), or personal
advertisements, solicitations or promotions.
m. Modifying
any wiring or attempting to extend the network beyond the port (i. e., adding
hubs, switches or similar devices) in violation of the university’s network use
policy (UPPS No. 04.01.05).
n. Using
Texas State’s information resources to affect the result of a local, state, or
national election or to achieve any other political purpose (consistent with
Texas Government Code § 556.004).
o. Using
Texas State’s information resources to state, represent, infer, or imply an
official university position without appropriate authorization.
06. RESPONSIBILITIES OF USERS
06.01 Each
user shall utilize university information resources responsibly and respect the
needs of other users.
06.02 Each
person is responsible for any usage of his or her Texas State NetID. Users must
maintain the confidentiality of their passwords.
06.03 A
user must report any abuse or misuse of information resources or violations of
this policy to their department head or to the office of the Vice President for
Information Technology.
06.04 When
using its information resources, the university encourages communications that
reflect high ethical standards, mutual respect, and civility.
06.05 Users
are responsible for obtaining and adhering to relevant, acceptable network use
policies (see UPPS No. 04.01.05).
06.06 Administrative
heads and supervisors must report ongoing or serious problems regarding the use
of Texas State information resources to the office of the Vice President for Information
Technology.
07. ACCESS TO UNIVERSITY INFORMATION
RESOURCES BY AUDITORS
07.01 Consistent
with Chapter III, paragraph 7.4 of the Texas State University System (TSUS)
Rules and Regulations, the TSUS director of Audits and Analysis and auditors
reporting to him or her, either directly or indirectly, while in the
performance of their assigned duties, shall have full, free, and unrestricted
access to all university information resources, with or without notification or
consent of the assigned owner of the resources. The university shall afford
this access consistent with Section 07. of UPPS No.
04.01.02, Information Resources Identity and Access Management.
07.02 The
university shall provide state, federal, and other external auditors with
access to university information resources with prior approval by the vice
president for Information Technology.
08. LIABILITY FOR FAILURE TO ADHERE TO THIS
POLICY
08.01 Failure
to adhere to this policy may lead to the revocation of a user’s Texas State
NetID, suspension, dismissal, or other disciplinary action by the university,
as well as referral to legal and law enforcement agencies.
08.02 Statutes
pertaining to the use of university information resources include the
following:
a.
The
federal Family Educational Rights and Privacy Act (commonly known as FERPA) –
restricts access to personally identifiable information from students’
education records.
b.
Texas
Administrative Code, Title 1, Part 10, Chapter 202 – establishes information security
requirements for Texas state agencies and public higher education institutions.
c.
Texas
Penal Code, Chapter 33: Computer Crimes – specifically prohibits unauthorized use of university
computers, unauthorized access to stored data, or dissemination of passwords or
other confidential information to facilitate unauthorized access to the
university’s computer system or data.
d.
Texas
Penal Code, §37.10: Tampering with Governmental Record – prohibits any alteration,
destruction, or false entry of data that impairs the validity, legibility or
availability of any record maintained by the university.
e. United
States Code, Title 18, Chapter 47, §1030: Fraud and Related Activity in
Connection with Computers – prohibits unauthorized and fraudulent access to
information resources, accessing a computer to obtain restricted information
without authorization; altering, damaging, or destroying information on a
government computer without authorization; trafficking in passwords or similar
information used to gain unauthorized access to a government computer, and
transmitting viruses and other malicious software.
f. Copyright
Law, 17 U.S.C. §§ 101-810, 18 U.S.C. § 2318, 44 U.S.C. §§ 505 & 2113 – forms the primary basis of
copyright law in the United States, as amended by subsequent legislation. The Law spells out the basic rights of
copyright holders and codifies the doctrine of ‘fair use.’”
g. Digital
Millennium Copyright Act (DMCA), 17 U.S.C. §§ 512 as amended and 28 U.S.C. §
4001 – criminalizes production and dissemination of technology, devices, or
services intended to circumvent measures that control access to copyrighted
works. The Act amended Title 17 of the United States Code to extend the
reach of copyright, while limiting the liability of Internet service providers (like Texas State) for copyright infringement by their users,
provided the service provider removes access to allegedly infringing materials
in response to a properly formed complaint.
h. Electronic
Communications Privacy Act (U.S.C., Title 18) – prohibits the interception
or disclosure of electronic communication and defines those situations in which
disclosure is legal.
i. Computer
Software Rental Amendments Act of 1990 – deals with the unauthorized
rental, lease, or lending of copyrighted software.
j. Texas
Government Code §556.004 – prohibits using state resources or programs to
influence elections or to achieve any other political purpose.
k. Health
Insurance Portability and Accountability Act (HIPAA), 45 C.F.R 164 – Sets
security management requirements and broad management controls to protect the
privacy of patient health information.
l. Federal
Information Security Management Act of 2002 (FISMA), 44 U.S.C. § 3541 –
requires every federal agency to develop, document, and implement an agency-wide
information security program. The law was amended by FISMA 2010, which
changed the focus from paperwork compliance to continuous monitoring and threat
mitigation.
09. REVIEWERS OF THIS UPPS
09.01 Reviewers
of this UPPS include the following:
Position Date
Special Assistant to the Vice
President March 1 E3Y
for Information Technology
Associate Vice President for March 1 E3Y
Technology Resources
Information Security Officer March 1 E3Y
TSUS Associate General Counsel March 1 E3Y
10. CERTIFICATION STATEMENT
This UPPS has been approved by the
following individuals in their official capacities and represents Texas State policy and
procedure from the date of this document until superseded.
Special
Assistant to the Vice President for Information Technology; senior reviewer of
this UPPS
Vice
President for Information Technology
President