Acceptable Use Policy For Technology Resources
SECTION: Index G – Information Technology
POLICY #: G-02
This document outlines the responsibilities of users of University of Houston-Victoria (UHV) technology resources which are provided to the university community by the Information Technology (IT) Department. Its purpose is to ensure use of the resources complies with applicable local, state and federal requirements while encouraging the proper use of technology in support of the institutional mission. This policy is applicable to all users of UHV technology resources and applies to all forms of computer, network and Internet use by all users of UHV information resources and does not supersede or limit any state or federal laws, nor any other UHV or University of Houston System (UHS) policies regarding confidentiality, information dissemination or standards of conduct. Each user is responsible for becoming familiar and complying with guidelines, policies and procedures relating to the acceptable use of university technology resources. Use of university technology resources constitutes implicit agreement to comply with all related policies and procedures.
- General Use Policy
Generally, all IT provided services should be used for legitimate state business only. However, brief and occasional personal use (i.e. surfing, email exchange) is acceptable if the following conditions are met and understood:
- Personal Responsibility
UHV employee are responsible for actions taken with their personally assigned UHV account and are encouraged to safeguard that account and to report any suspected abuse or theft of their personal information immediately.
All users of UHV network connected resources should keep in mind that all Internet access, email, messaging and other forms of online communication and usage can be recorded and stored along with the source and destination. Log files of all network and Internet traffic are the property of UHV and subject to the Texas Public Information Act and laws applicable to state records retention. Employees have no right to privacy with regard to Internet use while using university owned equipment or through university provided access. Management has the ability and right to request employee’s usage patterns and take action to assure that agency resources are devoted to authorized activities and maintains the highest levels of productivity.
- Permitted Use
Supervisors should work with employees to determine the appropriateness of using University resources for professional activities and career development. Written permission is needed and should be obtained for these activities or they should be included in the employee’s job description. All users of state networks and systems using the Internet shall identify themselves honestly, accurately and completely (including one’s affiliation and function where requested) when providing such information.
Only those expressly authorized to speak to the media or to the public on behalf of UHV may represent the university via any electronic communication. However, in the course of university business an employee may participate in an Internet based news groups, chat rooms or open or closed forums related to their job duties. In these cases, the employee may participate as individuals speaking for themselves, not the university.
Personal use of university owned resources should not impede the conduct of university business and is restricted to university approved users.
Activities relating to personal or corporate profit, viewing, creating or transmitting obscene material (as commonly defined by applicable federal and Texas law), or to produce an output that is unrelated to the objectives for which the account was issued are prohibited.
State employees, contractors and network users must not send, forward, store or receive confidential information on unapproved mobile devices such as smart phones, tablets or laptops, regardless of ownership. UHV supported devices may receive and store confidential information only if the information is encrypted both in transit and at rest. The IT web site list currently supported devices.
User IDs with elevated access privileges are designed for use only to perform specific job functions for which the user has been authorized and only for official university business. Users with elevated access privileges are responsible for using the privileges in accordance with SAM 07.A.10, Information Security Program, Section 5.2.
- Personal Responsibility
- Specific Use Situations
- Web Site Access
Users of UHV IT resources should always remember that the business of UHV is dependent on a reliable and open Internet connection. It is the responsibility of all users to take precautions whenever browsing the Internet, remembering that while IT provides many safeguards against malware and other threats, no amount of protection is perfect and the ultimate responsibility is on the individual user.
UHV IT monitors and tracks the amount and type of Internet traffic on a general scale for the purpose of growth planning and security mitigation. While individual statistics are not collected, all such information is subject to the Texas Public Information Act and laws applicable to state records retention. Users have no right to privacy with regard to web site access and management has the right to view user's usage patterns and take action to assure that this agency’s Internet resources are devoted to authorized activities and promotes an increased level of productivity.
At no time should software be downloaded from an Internet site without first consulting with IT.
- Email Use
The UHV email environment is provided exclusively for the purpose of university business. IT encourages all UHV employees and students to acquire their own personal email address for non-UHV business and personal communication.
As per UHS Policy, SAM 07.A.07: Use of Electronic Messaging Services by Employees, University email may not be forwarded outside the IT supported email environment and all official University business conducted via email shall use the IT provided email environment and the assigned UHV.edu email address.
Employees should treat any new email as suspect and never download or open an attachment unless they were expecting it, regardless of the perceived sender. Any suspect email should be sent via the “Report Phish” button to be reviewed by Information Security.
Any email sent or received through the UHV email environment is considered an official record and is subject to state and agency/institution rules and policies for retention and deletion. To avoid possible delays of bulk emails with attachments, contact IT for better methods.
As per SAM 07 A 08, Data Classification and Protection, no level 1 data may be sent unencrypted. Users should contact Information Security at Security@uhv.edu for appropriate encryption tools and procedures.
This policy applies to Instant Messaging (IM) used within the university and IM used conjointly with the Internet.
The University recognizes that IM is a user friendly and robust way to communicate with coworkers, colleagues, and friends. IT provides Microsoft Teams through Office 365 for all UHV users for the purpose of IM, document exchange, and both audio and video communication and meetings between two or more people within UHV and to host online meetings with others.
Publicly available IM services are not supported by IT and may not be used for university business. Personal use of IM is a privilege, not a right. This privilege may be revoked at any time and for any reason. Personal IM should not impede the conduct of state business.
In the event a public IM is found to be compromised and is disseminating spam or malicious code, Information Security may, at the discretion of the ISO, block all access to this IM service until the service is patched and the security incident mitigated.
This section applies to Peer-to-Peer (P2P) used within the university conjointly with the Internet.
Because of the wide spread use of P2P services for the illegal sharing of copyright material, and the repeated abuse of this tool on the UHV network and networks of the other UHS campuses, only prior authorized use will be permitted and abuse of this privileged will result in the suspension of the user’s account.
Request for permission for P2P use on the UHV network by employees, students, or contractors for legitimate state, institutional business, or legitimate research shall be made in writing to Information Security at Security@uhv.edu. All university network users must follow appropriate state and federal laws and guidelines when copying, storing or transferring copyrighted material. Use of P2P or other file sharing technologies to download or share illegal and/or unauthorized copyrighted content is subject to legal and administrative sanctions.
UHV will cooperate in investigating and resolving any non-compliance or infringement issues and will take such action as reasonably requested by complainant to terminate or correct such non-compliance or infringement. Before copying or transferring licensed or copyrighted data, information or applications, the authorized user will ensure that all notifications and cost are documented and approved.
Authorized use of P2P technologies is a privilege that may be suspended or revoked at any time and for any reason.
- Web Site Access
- Reporting Violations
Users should report to an IT manager, or to Information Security, information they may have concerning instances in which the above conditions have been or are being violated.
When possible violations of these conditions of use are reported or discovered, Information Security has the right to begin an investigation of possible abuse. Information Security and IT Managers, with due regard for the rights of privacy and other rights of users, have the authority to reset passwords and examine files, logs, printouts, or other material that may aid the investigation. Users, when requested, are expected to cooperate in such investigations. Failure to do so may be grounds for suspension of access privileges. While an investigation is in progress, in order to prevent further possible unauthorized activity, the IT Managers or Information Security may temporarily shut down a possibly compromised service or suspend an individual’s account. Affected users will be contacted by the Help Desk. Supervisors of employees or Student Services and Judicial Affairs for students with suspended accounts will be notified to aid in communication.
When possible unauthorized use of technology resources is encountered, the IT manager shall notify the user. The user is expected to take remedial action or to indicate that such use should be permitted. Should unauthorized use continue after notification of the user or should differences of opinion persist, these shall be brought to the attention of the IT Director for recommendations on further action. Upon the recommendation of the IT Director, IT managers may impose limitations on continued use of computing resources. Confirmation of unauthorized use of the computing facilities may also result in disciplinary review, as outlined in the following policies:
- Employee Standards of Conduct, (C-8)
- Discipline and Dismissal of Regular Staff Employees, (C-14)
- Employee Grievances (C-21)
- Academic Sanctions and Appeals (Student Handbook)
The disciplinary review could lead to expulsion from the institution, termination of employment, and/or legal action.
Signature Obtained 07/13/2022
Robert K. Glenn, Ph.D.
Next Review Date: July 2027 (5 years)
Origination: Information Technology
If there are any comments and/or questions regarding this policy, please contact the Sr Director of Information Technology.