RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

Transcription

1 RUTGERS POLICY Sectin: Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible Executive: Vice President fr Infrmatin Technlgy and Chief Infrmatin Officer Respnsible Office: Office f Infrmatin Technlgy (OIT) Originally Issued: 2/1/2000 Revisins: 8/31/2010; 1/23/2013; 10/10/2013 (Updated title), 7/3/2014; 10/27/2014 Errrs r Changes? Cntact: itplicies@rutgers.edu 1. Plicy Statement This plicy utlines the acceptable use f university infrmatin technlgy resurces, which include, but are nt limited t, equipment, sftware, netwrks, data, and statinary and mbile cmmunicatin devices whether wned, leased, r therwise prvided by Rutgers University. 2. Reasn fr Plicy Preserving access t infrmatin technlgy resurces is a cmmunity effrt which requires each member t act respnsibly and guard against abuses. Therefre, bth the cmmunity as a whle and each individual user have an bligatin t abide by the standards established here fr acceptable use. 3. Wh Shuld Read This Plicy All members f the Rutgers University cmmunity. 4. Related Dcuments Plicies.rutgers.edu: Infrmatin Technlgy - Sectin 70 Plicies.rutgers.edu: Clinical, Cmpliance, Ethics & Crprate Integrity - Sectin 100 Plicies.rutgers.edu: Identity Theft Cmpliance Plicy, Sectin Plicies.rutgers.edu: Cpyright Plicy, Sectin OIT Plicies Website: RU Secure Website: 5. Cntacts Infrmatin Prtectin and Security, OIT rusecure@rutgers.edu All regulatins and prcedures are subject t amendment. Page 1 f 5

2 6. The Plicy ACCEPTABLE USE POLICY FOR INFORMATION TECHNOLOGY RESOURCES A. Intrductin It is the plicy f Rutgers University t maintain access fr its cmmunity t lcal, natinal and internatinal surces f infrmatin and t prvide an atmsphere that encurages the free exchange f ideas and sharing f infrmatin. Nevertheless, Rutgers reserves the right t limit r restrict the use f its infrmatin technlgy resurces based n applicable law, institutinal plicies and pririties, and financial cnsideratins. Access t the university's infrmatin technlgy resurces is a privilege that requires each member t act respnsibly and guard against abuses. Therefre, bth the cmmunity as a whle and each individual user have an bligatin t abide by the fllwing standards f acceptable use. This plicy utlines the standards fr acceptable use f university infrmatin technlgy resurces, which include, but are nt limited t, equipment, sftware, netwrks, data, and statinary and mbile cmmunicatin devices wned, leased, r therwise prvided by Rutgers University. This plicy applies t all users f Rutgers infrmatin technlgy resurces. This includes but is nt limited t, faculty, staff, students, guests, and external individuals r rganizatins. B. User Respnsibilities: 1. Each user may use nly thse infrmatin technlgy resurces fr which he r she has authrizatin. Vilatins include but are nt limited t: using resurces withut specific authrizatin using anther individual's electrnic identity accessing files, data r prcesses withut authrizatin 2. Infrmatin technlgy resurces must be used nly fr their intended purpse(s). Vilatins include but are nt limited t: misusing sftware t hide persnal identity, r t interfere with ther systems r users misrepresenting a user s identity in any electrnic cmmunicatin using electrnic resurces fr deceiving, harassing r stalking ther individuals sending threats, hax messages, chain letters, r phishing intercepting, mnitring, r retrieving withut authrizatin any netwrk cmmunicatin using university cmputing r netwrk resurces fr advertising r ther cmmercial purpses circumventing r attempting t circumvent security mechanisms using privileged access t university systems and resurces fr ther than fficial duties directly related t jb respnsibilities making university systems and resurces available t thse nt affiliated with the university All regulatins and prcedures are subject t amendment. Page 2 f 5

3 using frmer system and access privileges after assciatin with Rutgers has ended 3. The access t and integrity f infrmatin technlgy resurces must be prtected. Vilatins include but are nt limited t: creating r prpagating cmputer viruses, wrms, Trjan Hrses, r any ther malicius cde preventing thers frm accessing an authrized service develping r using prgrams that may cause prblems r disrupt services fr ther users degrading r attempting t degrade perfrmance r deny service crrupting r misusing infrmatin altering r destrying infrmatin withut authrizatin 4. Applicable state and federal laws and university plicies must be fllwed. Vilatins include but are nt limited t: failure t respect the cpyrights and intellectual prperty rights f thers making mre cpies f licensed sftware than the license allws dwnlading, using r distributing illegally btained media (e.g., sftware, music, mvies) uplading, dwnlading, distributing r pssessing child prngraphy accessing, string r transmitting infrmatin classified as Restricted data (e.g., scial security numbers, patient health infrmatin, driver s license numbers, credit card numbers) withut a valid business r academic reasn r transmitting such infrmatin withut using apprpriate security prtcls (e.g., encryptin). Using third party services (e.g. Htmail, Yah) r nn-encrypted services t transmit Rutgers infrmatin classified as Restricted. Frwarding r aut-frwarding Restricted infrmatin t a nn-rutgers service. Distributing infrmatin classified as Restricted, unless acting as an authritative University surce and an authrized University distributr f that infrmatin and the recipient is authrized t receive that infrmatin. Using media tls (e.g., Facebk, YuTube, Dximity, Serm) t cmmunicate r stre University infrmatin classified as Restricted. Using third party clud strage r data sharing tls (e.g. iclud, Carbnite, Drpbx) t stre University infrmatin classified as Restricted. 5. Users must respect the privacy and persnal rights f thers. Vilatins include but are nt limited t: accessing, attempting t access, r cpying smene else s electrnic mail, data, prgrams, r ther files withut authrizatin. All regulatins and prcedures are subject t amendment. Page 3 f 5

4 divulging sensitive persnal data t which users have access cncerning faculty, staff, r students withut a valid business r academic reasn. C. Privacy: The university recgnizes that all members f the university cmmunity have an expectatin f privacy fr infrmatin in which they have a substantial persnal interest. Hwever, this expectatin is limited by the university s needs t bey applicable laws, prtect the integrity f its resurces, and prtect the rights f all users and the prperty and peratins f the university. The university reserves the right t examine material stred n r transmitted thrugh its infrmatin technlgy facilities if there is reasn t believe that the standards fr acceptable use in this plicy are being vilated, r if there is reasn t believe that the law r university plicy are being vilated, r if required t carry n its necessary peratins. Reasnable effrts will be made t ntify the user f the need fr access t infrmatin in which he r she has a substantial persnal interest stred n r transmitted thrugh the university's infrmatin technlgy resurces unless prhibited by law, incnsistent with university plicy, r incnsistent with the university carrying ut its nrmal peratins. Fr example, infrmatin stred n the university s infrmatin technlgy system may be accessed by the university under certain circumstances, including but nt limited t: 1. Access by technicians and system administratrs t electrnic recrds in rder t address emergency prblems, rutine system maintenance, r ther uses related t the integrity, security and availability f the university s infrmatin technlgy systems, including but nt limited t: a. Emergency Prblem Reslutin Technicians may access technical resurces when they have a reasnable belief that a significant system r netwrk degradatin may ccur. b. System-generated, Cntent-neutral Infrmatin Technicians may access and use system-generated lgs and ther cntent- neutral data fr the purpses f analyzing system and strage utilizatin, prblem trubleshting, and security administratin. c. Incident Respnse - The incident respnse functin within the university Infrmatin Prtectin and Security Office (IPS) is respnsible fr investigating reprts f abuse r misuse f university infrmatin technlgy resurces. Incident respnse staff may use system-generated, cntent-neutral infrmatin fr the purpses f investigating technlgy misuse incidents. d. Netwrk Cmmunicatins - Security analysts f the university Infrmatin Prtectin and Security Office (IPS) may bserve, capture, and analyze netwrk cmmunicatins. Netwrk cmmunicatins may cntain cntent data and in sme cases this cntent may be viewed t cmplete analysis. e. User Request Technicians may access infrmatin technlgy resurces in situatins where a user has requested assistance diagnsing and/r slving a technical prblem. 2. Infrmatin requested pursuant t New Jersey Open Public Recrds Act which requires disclsure f electrnic cmmunicatin and ther data n the university system subject t the exemptins within that Act. Such access is apprved thrugh the Office f the University Custdian f Recrds and all reasnable effrts are made t ntify the user in questin prir t the release f such infrmatin. All regulatins and prcedures are subject t amendment. Page 4 f 5

5 3. Infrmatin required t cmply with a valid subpena, a curt rder r e-discvery. Such access is apprved thrugh the Office f General Cunsel. 4. Audits and investigatins undertaken by gvernmental entities r by the Office f Enterprise Risk Management, Ethics and Cmpliance r by university auditrs including the Department f Internal Audit r ther university units authrized t carry ut university plicy. 5. The need f the university t carry n its nrmal peratins (e.g., in the case f accessing the electrnic recrds f a deceased, incapacitated r unavailable individual). D. Technician and System Administratr Respnsibilities: Technicians, System Administratrs and thers invlved in prviding University s infrmatin technlgy resurces have additinal respnsibilities regarding Acceptable Use. Where pssible the number f persns granted privileged access shuld be limited and the rights granted shuld be accrding t the least-privilege access principle. If cntent can t be restricted, persns in these psitins shuld treat the cntents as Restricted infrmatin. E. Vilatins: 1. Vilatrs f this plicy are subject t suspensin r terminatin f system privileges and disciplinary actin up t and including terminatin f emplyment. 2. If a suspected vilatin invlves a student, a judicial referral may be made t the Dean f Students at the schl r cllege f the student's enrllment. Incidents reprted t the Dean will be handled thrugh the University Cde f Student Cnduct. 3. It is a vilatin f this plicy t unnecessarily delay acting n a directive t take crrective actin t secure data r electrnic credentials. All regulatins and prcedures are subject t amendment. Page 5 f 5