Acceptable Use Policy For Technology Resources
Section: Technology Services Index: G-2
Subject: Acceptable Use Policy For Technology Resources
This document outlines the responsibilities of users of University of Houston-Victoria (UHV) technology resources which are provided to the university community by the Technology Services (TS) Department. Its purpose is to ensure use of the resources complies with applicable local, state and federal requirements while encouraging the proper use of technology in support of the institutional mission. This policy is applicable to all users of UHV technology resources and applies to all forms of computer, network and Internet use by UHV employees and does not supersede or limit any state or federal laws, nor any other UHV or University of Houston System (UHS) policies regarding confidentiality, information dissemination or standards of conduct.
Each user is responsible for becoming familiar and complying with guidelines, policies and procedures relating to the acceptable use of university technology resources. Use of university technology resources constitutes implicit agreement to comply with all related policies and procedures.
- General Use Policy
Generally, all TS provided services should be used for legitimate state business only. However, brief and occasional personal use (i.e. surfing, email exchange) is acceptable if the following conditions are met and understood:
- Personal Responsibility
UHV employee are responsible for actions taken with their personally assigned UHV account and are encouraged to safeguard that account and to report any suspected abuse or theft of their personal information immediately.
All users of UHV network connected resources should keep in mind that all Internet access, email, messaging and other forms of online communication and usage can be recorded and stored along with the source and destination. Log files of all network and Internet traffic are the property of UHV and subject to the Texas Public Information Act and laws applicable to state records retention. Employees have no right to privacy with regard to Internet use while using university owned equipment or through university provided access. Management has the ability and right to request employee’s usage patterns and take action to assure that agency resources are devoted to authorized activities and maintains the highest levels of productivity.
- Permitted Use
Supervisors should work with employees to determine the appropriateness of using University resources for professional activities and career development. Written permission is needed and should be obtained for these activities or they should be included in the employee’s job description. All users of state networks and systems using the Internet shall identify themselves honestly, accurately and completely (including one’s affiliation and function where requested) when providing such information.
Only those expressly authorized to speak to the media or to the public on behalf of UHV may represent the university via any electronic communication. However, in the course of university business an employee may participate in an Internet based news groups, chat rooms or open or closed forums related to their job duties. In these cases, the employee may participate as individuals speaking for themselves, not the university, and must include a disclaimer in their comments similar to the following:
This message contains the thoughts and opinions of the author only and does not represent official University of Houston-Victoria policy.
Personal use of university owned resources should not impede the conduct of university business and is restricted to university approved users.
Activities relating to personal or corporate profit, viewing, creating or transmitting obscene material (as commonly defined by applicable federal and Texas law), or to produce an output that is unrelated to the objectives for which the account was issued are prohibited.
State employees, contractors and network users must not send, forward, store or receive confidential information on unapproved mobile devices such as smart phones, tablets or laptops, regardless of ownership. UHV supported devices may receive and store confidential information only if the information is encrypted both in transit and at rest. The TS web site list currently supported devices.
- Personal Responsibility
- Specific Use Situations
- Web Site Access
UHV employees should always remember that the business of UHV is dependent on a reliable and open Internet connection. It is the responsibility of all employees to take precautions whenever browsing the Internet, remembering that while TS provides many safeguards against malware and other threats, no amount of protection is perfect and the ultimate responsibility is on the individual user.
UHV Information Technology Security (ITS) monitors and tracks the amount and type of Internet traffic on a general scale for the purpose of growth planning and security mitigation. While individual statistics are not collected, all such information is subject to the Texas Public Information Act and laws applicable to state records retention. Employees have no right to privacy with regard to web site access and management has the right to view employee’s usage patterns and take action to assure that this agency’s Internet resources are devoted to authorized activities and promotes an increased level of productivity.
At no time should software be downloaded from an Internet site without first consulting with TS.
- Email Use
The UHV email environment is provided exclusively for the purpose of university business. Misuse of this resource can result in excessive spam and a greater possibility of email based malware entering into the UHV network.
Employee’s email account shall not be used for non-UHV business. TS encourages all UHV employees to acquire their own personal email address for non-UHV business and personal communication.
Per UHS policy, SAM 07.A.07: Use of Electronic Messaging Services by Employees, University email may not be forwarded outside the TS supported email environment and all official University business conducted via email shall use the TS provided email environment and the assigned UHV.edu email address.
Employees should treat any new email as suspect and never download or open an attachment unless they were expecting it, regardless of the perceived sender. Any suspect email can be sent as an attachment to the Help Desk (HelpDesk@uhv.edu) for evaluation.
Any email sent or received through the UHV email environment is considered an official record and is subject to state and agency/institution rules and policies for retention and deletion.
No email that contains an individual’s name along with any restricted personal information (e.g. Social Security number) may be sent unless it is encrypted both during transmission and in storage. Users should contact UHV Technology Services for appropriate encryption tools and procedures.
Attachments should be avoided. If needing to send an attachment to multiple users, TS can provide alternative means for sharing these attachments that are faster than email and allow for greater collaboration when working with multiple recipients.
Individuals may only user their university provided email to send, forward or receive confidential or sensitive agency information. Use of non-agency email accounts (e.g. Gmail, Hotmail, Yahoo! or any other email service not controlled by TS) for university business is prohibited due to the risk of exposing or losing this information.
- Instant Messaging
This policy applies to Instant Messaging (IM) used within the university and IM used conjointly with the Internet.
The University recognizes that IM is a user friendly and robust way to communicate with coworkers, colleagues and friends. TS provides Skype for Business for all UHV employees for the purpose of IM, document exchange, and both audio and video communication and meetings between two or more people within UHV and to host online meetings with others.
Publicly available IM services are available but are not supported by TS and should not be used for University business. Personal use of IM is a privilege, not a right. This privilege may be revoked at any time and for any reason. Personal IM should not impede the conduct of state business.
In the event a public IM is found to be compromised and is disseminating spam or malicious code, ITS may, at the discretion of the ISO, block all access to this IM service until the service is patched and the security incident mitigated.
This section applies to Peer-to-Peer (P2P) used within the university conjointly with the Internet.
Because of the wide spread use of P2P services for the illegal sharing of copyright material, and the repeated abuse of this tool on the UHV network and networks of the other UHS campuses, only prior authorized use will be permitted and abuse of this privileged will result in the suspension of the user’s account.
Request for permission for P2P use on the UHV network by Employees or contractors for legitimate state, institutional business, or legitimate research shall be made in writing to IT Security at Security@uhv.edu. All university network users must follow appropriate state and federal laws and guidelines when copying, storing or transferring copyrighted material. Use of P2P or other file sharing technologies to download or share illegal and/or unauthorized copyrighted content is subject to legal and administrative sanctions.
UHV will cooperate in investigating and resolving any non-compliance or infringement issues and will take such action as reasonably requested by complainant to terminate or correct such non-compliance or infringement. Before copying or transferring licensed or copyrighted data, information or applications, the authorized user will ensure that all notifications and cost are documented and approved.
Authorized use of P2P technologies is a privilege that may be suspended or revoked at any time and for any reason.
- Web Site Access
- Reporting Violations
Users should report to a TS manager, or to the individual in charge of their technology resource, information they may have concerning instances in which the above conditions have been or are being violated.
When possible violations of these conditions of use are reported or discovered, TS managers reserve the right to begin an investigation of possible abuse. TS managers, with due regard for the rights of privacy and other rights of users, have the authority to reset passwords and examine files, accounting information, printouts, or other material that may aid the investigation. Users, when requested, are expected to cooperate in such investigations. Failure to do so may be grounds for suspension of access privileges. While an investigation is in progress, in order to prevent further possible unauthorized activity, the Systems Operations Manager, the Network Operations Manager or the ISO may temporarily shut down a possibly compromised service or suspend an individual’s account. Affected users will be contacted by the Help Desk. Supervisors of employees with suspended accounts will be notified to aid in communication.
When possible unauthorized use of technology resources is encountered, the TS manager shall notify the user. The user is expected to take remedial action or to indicate that such use should be permitted. Should unauthorized use continue after notification of the user or should differences of opinion persist, these shall be brought to the attention of the TS Director for recommendations on further action. Upon the recommendation of the TS Director, TS managers may impose limitations on continued use of computing resources. Confirmation of unauthorized use of the computing facilities may also result in disciplinary review, as outlined in the following policies:
- Employee Standards of Conduct, (C-8)
- Discipline and Dismissal of Regular Staff Employees, (C-14)
- Employee Grievances (C-21)
- Academic Sanctions and Appeals (Student Handbook)
The disciplinary review could lead to expulsion from the institution, termination of employment, and/or legal action.
Next review date: May, 2022
Origination: Technology Services