RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer



Similar documents
Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

GUIDANCE FOR BUSINESS ASSOCIATES

Internet and Policy User s Guide

Personal Data Security Breach Management Policy

Key Steps for Organizations in Responding to Privacy Breaches

Meopham School Information Technology Code of Conduct

FERRIS STATE UNIVERSITY SCHOOL of NURSING CODE of CONDUCT

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT

How To Ensure That The Internet Is Safe For A Health Care Worker

VCU Payment Card Policy

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES

Information & Communications Technology ICT Security Compliance Guide (Student)

Yur Infrmatin technlgy Security Plicy

ensure that all users understand how mobile phones supplied by the council should and should not be used.

Cloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013

How To Ensure Your Health Care Is Safe

Process for Responding to Privacy Breaches

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

THIRD PARTY PROCUREMENT PROCEDURES

Heythrop College Disciplinary Procedure for Support Staff

Plus500CY Ltd. Statement on Privacy and Cookie Policy

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine

Immaculate Conception School, Prince George Bring Your Own Device Policy for Students

Workers Disability Compensation Claims Procedures Issued: January 1, 1994 Revised: March 29, 2012

New York Institute of Technology Faculty and Staff Retention Policy

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

First Global Data Corp.

TITLE: Supplier Contracting Guidelines Process: FIN_PS_PSG_050 Replaces: Manual Sections 6.4, 7.1, 7.5, 7.6, 7.11 Effective Date: 10/1/2014 Contents

HIPAA HITECH ACT Compliance, Review and Training Services

Privacy Breach and Complaint Protocol

Privacy and Security Training Policy (PS.Pol.051)

Creating an Ethical Culture and Protecting Your Bottom Line:

Audit Committee Charter

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.

DisplayNote Technologies Limited Data Protection Policy July 2014

UBC Incident Response Plan V1.5

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Sources of Federal Government and Employee Information

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

IT Account and Access Procedure

Data Protection Policy & Procedure

Wire Transfer Request

Chapter 7 Business Continuity and Risk Management

ERISA Compliance FAQs: Fiduciary Responsibilities

PADUA COLLEGE LIMITED ACN ABN

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

Purpose Statement. Objectives

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company,

For students to participate in BYOD please follow these two steps

IT Help Desk Service Level Expectations Revised: 01/09/2012

Systems Support - Extended

Remote Working (Policy & Procedure)

Frequently Asked Questions About I-9 Compliance

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY

Legal Issues Bulletin

Information Services Hosting Arrangements

Erie Community College. Acceptable Use Policy Last Revision: December 17, College Information Technology Services

Session 9 : Information Security and Risk

Financial Accountability Handbook

Change Management Process For [Project Name]

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy

State Fleet Card Oversight Usage and Responsibilities

Cell Phone & Data Access Policy Frequently Asked Questions

Draft for consultation

CORPORATE CREDIT CARD POLICY

Data Protection Act Data security breach management

Research Report. Abstract: Security Management and Operations: Changes on the Horizon. July 2012

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

Interagency Guidance on Privacy Laws and Reporting Financial Abuse of Older Adults

o o 2) Program Rewards

Transcription:

RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible Executive: Vice President fr Infrmatin Technlgy and Chief Infrmatin Officer Respnsible Office: Office f Infrmatin Technlgy (OIT) Originally Issued: 2/1/2000 Revisins: 8/31/2010; 1/23/2013; 10/10/2013 (Updated title), 7/3/2014; 10/27/2014 Errrs r Changes? Cntact: itplicies@rutgers.edu 1. Plicy Statement This plicy utlines the acceptable use f university infrmatin technlgy resurces, which include, but are nt limited t, equipment, sftware, netwrks, data, and statinary and mbile cmmunicatin devices whether wned, leased, r therwise prvided by Rutgers University. 2. Reasn fr Plicy Preserving access t infrmatin technlgy resurces is a cmmunity effrt which requires each member t act respnsibly and guard against abuses. Therefre, bth the cmmunity as a whle and each individual user have an bligatin t abide by the standards established here fr acceptable use. 3. Wh Shuld Read This Plicy All members f the Rutgers University cmmunity. 4. Related Dcuments Plicies.rutgers.edu: Infrmatin Technlgy - Sectin 70 Plicies.rutgers.edu: Clinical, Cmpliance, Ethics & Crprate Integrity - Sectin 100 Plicies.rutgers.edu: Identity Theft Cmpliance Plicy, Sectin 50.3.9 Plicies.rutgers.edu: Cpyright Plicy, Sectin 50.3.7 OIT Plicies Website: http://it.rutgers.edu/plicies RU Secure Website: http://rusecure.rutgers.edu/ 5. Cntacts Infrmatin Prtectin and Security, OIT 732-445-8011 rusecure@rutgers.edu All regulatins and prcedures are subject t amendment. Page 1 f 5

6. The Plicy 70.1.1 ACCEPTABLE USE POLICY FOR INFORMATION TECHNOLOGY RESOURCES A. Intrductin It is the plicy f Rutgers University t maintain access fr its cmmunity t lcal, natinal and internatinal surces f infrmatin and t prvide an atmsphere that encurages the free exchange f ideas and sharing f infrmatin. Nevertheless, Rutgers reserves the right t limit r restrict the use f its infrmatin technlgy resurces based n applicable law, institutinal plicies and pririties, and financial cnsideratins. Access t the university's infrmatin technlgy resurces is a privilege that requires each member t act respnsibly and guard against abuses. Therefre, bth the cmmunity as a whle and each individual user have an bligatin t abide by the fllwing standards f acceptable use. This plicy utlines the standards fr acceptable use f university infrmatin technlgy resurces, which include, but are nt limited t, equipment, sftware, netwrks, data, and statinary and mbile cmmunicatin devices wned, leased, r therwise prvided by Rutgers University. This plicy applies t all users f Rutgers infrmatin technlgy resurces. This includes but is nt limited t, faculty, staff, students, guests, and external individuals r rganizatins. B. User Respnsibilities: 1. Each user may use nly thse infrmatin technlgy resurces fr which he r she has authrizatin. Vilatins include but are nt limited t: using resurces withut specific authrizatin using anther individual's electrnic identity accessing files, data r prcesses withut authrizatin 2. Infrmatin technlgy resurces must be used nly fr their intended purpse(s). Vilatins include but are nt limited t: misusing sftware t hide persnal identity, r t interfere with ther systems r users misrepresenting a user s identity in any electrnic cmmunicatin using electrnic resurces fr deceiving, harassing r stalking ther individuals sending threats, hax messages, chain letters, r phishing intercepting, mnitring, r retrieving withut authrizatin any netwrk cmmunicatin using university cmputing r netwrk resurces fr advertising r ther cmmercial purpses circumventing r attempting t circumvent security mechanisms using privileged access t university systems and resurces fr ther than fficial duties directly related t jb respnsibilities making university systems and resurces available t thse nt affiliated with the university All regulatins and prcedures are subject t amendment. Page 2 f 5

using frmer system and access privileges after assciatin with Rutgers has ended 3. The access t and integrity f infrmatin technlgy resurces must be prtected. Vilatins include but are nt limited t: creating r prpagating cmputer viruses, wrms, Trjan Hrses, r any ther malicius cde preventing thers frm accessing an authrized service develping r using prgrams that may cause prblems r disrupt services fr ther users degrading r attempting t degrade perfrmance r deny service crrupting r misusing infrmatin altering r destrying infrmatin withut authrizatin 4. Applicable state and federal laws and university plicies must be fllwed. Vilatins include but are nt limited t: failure t respect the cpyrights and intellectual prperty rights f thers making mre cpies f licensed sftware than the license allws dwnlading, using r distributing illegally btained media (e.g., sftware, music, mvies) uplading, dwnlading, distributing r pssessing child prngraphy accessing, string r transmitting infrmatin classified as Restricted data (e.g., scial security numbers, patient health infrmatin, driver s license numbers, credit card numbers) withut a valid business r academic reasn r transmitting such infrmatin withut using apprpriate security prtcls (e.g., encryptin). Using third party email services (e.g. Htmail, Yah) r nn-encrypted email services t transmit Rutgers infrmatin classified as Restricted. Frwarding r aut-frwarding Restricted infrmatin t a nn-rutgers email service. Distributing infrmatin classified as Restricted, unless acting as an authritative University surce and an authrized University distributr f that infrmatin and the recipient is authrized t receive that infrmatin. Using media tls (e.g., Facebk, YuTube, Dximity, Serm) t cmmunicate r stre University infrmatin classified as Restricted. Using third party clud strage r data sharing tls (e.g. iclud, Carbnite, Drpbx) t stre University infrmatin classified as Restricted. 5. Users must respect the privacy and persnal rights f thers. Vilatins include but are nt limited t: accessing, attempting t access, r cpying smene else s electrnic mail, data, prgrams, r ther files withut authrizatin. All regulatins and prcedures are subject t amendment. Page 3 f 5

divulging sensitive persnal data t which users have access cncerning faculty, staff, r students withut a valid business r academic reasn. C. Privacy: The university recgnizes that all members f the university cmmunity have an expectatin f privacy fr infrmatin in which they have a substantial persnal interest. Hwever, this expectatin is limited by the university s needs t bey applicable laws, prtect the integrity f its resurces, and prtect the rights f all users and the prperty and peratins f the university. The university reserves the right t examine material stred n r transmitted thrugh its infrmatin technlgy facilities if there is reasn t believe that the standards fr acceptable use in this plicy are being vilated, r if there is reasn t believe that the law r university plicy are being vilated, r if required t carry n its necessary peratins. Reasnable effrts will be made t ntify the user f the need fr access t infrmatin in which he r she has a substantial persnal interest stred n r transmitted thrugh the university's infrmatin technlgy resurces unless prhibited by law, incnsistent with university plicy, r incnsistent with the university carrying ut its nrmal peratins. Fr example, infrmatin stred n the university s infrmatin technlgy system may be accessed by the university under certain circumstances, including but nt limited t: 1. Access by technicians and system administratrs t electrnic recrds in rder t address emergency prblems, rutine system maintenance, r ther uses related t the integrity, security and availability f the university s infrmatin technlgy systems, including but nt limited t: a. Emergency Prblem Reslutin Technicians may access technical resurces when they have a reasnable belief that a significant system r netwrk degradatin may ccur. b. System-generated, Cntent-neutral Infrmatin Technicians may access and use system-generated lgs and ther cntent- neutral data fr the purpses f analyzing system and strage utilizatin, prblem trubleshting, and security administratin. c. Incident Respnse - The incident respnse functin within the university Infrmatin Prtectin and Security Office (IPS) is respnsible fr investigating reprts f abuse r misuse f university infrmatin technlgy resurces. Incident respnse staff may use system-generated, cntent-neutral infrmatin fr the purpses f investigating technlgy misuse incidents. d. Netwrk Cmmunicatins - Security analysts f the university Infrmatin Prtectin and Security Office (IPS) may bserve, capture, and analyze netwrk cmmunicatins. Netwrk cmmunicatins may cntain cntent data and in sme cases this cntent may be viewed t cmplete analysis. e. User Request Technicians may access infrmatin technlgy resurces in situatins where a user has requested assistance diagnsing and/r slving a technical prblem. 2. Infrmatin requested pursuant t New Jersey Open Public Recrds Act which requires disclsure f electrnic cmmunicatin and ther data n the university system subject t the exemptins within that Act. Such access is apprved thrugh the Office f the University Custdian f Recrds and all reasnable effrts are made t ntify the user in questin prir t the release f such infrmatin. All regulatins and prcedures are subject t amendment. Page 4 f 5

3. Infrmatin required t cmply with a valid subpena, a curt rder r e-discvery. Such access is apprved thrugh the Office f General Cunsel. 4. Audits and investigatins undertaken by gvernmental entities r by the Office f Enterprise Risk Management, Ethics and Cmpliance r by university auditrs including the Department f Internal Audit r ther university units authrized t carry ut university plicy. 5. The need f the university t carry n its nrmal peratins (e.g., in the case f accessing the electrnic recrds f a deceased, incapacitated r unavailable individual). D. Technician and System Administratr Respnsibilities: Technicians, System Administratrs and thers invlved in prviding University s infrmatin technlgy resurces have additinal respnsibilities regarding Acceptable Use. Where pssible the number f persns granted privileged access shuld be limited and the rights granted shuld be accrding t the least-privilege access principle. If cntent can t be restricted, persns in these psitins shuld treat the cntents as Restricted infrmatin. E. Vilatins: 1. Vilatrs f this plicy are subject t suspensin r terminatin f system privileges and disciplinary actin up t and including terminatin f emplyment. 2. If a suspected vilatin invlves a student, a judicial referral may be made t the Dean f Students at the schl r cllege f the student's enrllment. Incidents reprted t the Dean will be handled thrugh the University Cde f Student Cnduct. 3. It is a vilatin f this plicy t unnecessarily delay acting n a directive t take crrective actin t secure data r electrnic credentials. All regulatins and prcedures are subject t amendment. Page 5 f 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information