The Administrative Policies

TAP NO. 26: ACCEPTABLE USE OF COMPUTING RESOURCES

Scope

This policy applies to all individuals who are authorized by the University to access and use the University's Computing Resources, including students, faculty, staff, and visitors, contractors, and affiliates as applicable.

Purpose

Inappropriate use of the University's Computing Resources exposes the University to risks including virus attacks, data loss, compromise of network systems and services, and other legal, financial, and reputational risks. This policy, therefore, provides guidelines for acceptable use of the University's Computing Resources. As used herein, the term "Computing Resources" is a broad term intended to encompass all resources, systems, infrastructure, devices, facilities and applications in the university's computing portfolio, whether such Computing Resources are located on university property or accessed remotely.

I. Policy

Access to Computing Resources is a privilege granted to University students, faculty, staff, and other authorized users ("User(s)"). Everyone using Computing Resources is responsible for using them in an appropriate, ethical, and lawful manner.

The following guidelines apply to the use of Computing Resources.

a. University property: Computing Resources are the property of the University. It is not the practice of the University to monitor individual usage of Computing Resources, but Users do not have an expectation of privacy in Computing Resources. The University may monitor and record the usage of Computing Resources as necessary to maintain system efficiency and security, and may further monitor and record the usage of individuals when it has a business need and/or as necessary to respond appropriately in litigation.

b. Intended use: University Computing Resources should be used for legitimate University instructional, research, administrative, mission and approved contract purposes. University business must be conducted using university email accounts (i.e. Microsoft Office365 @duq.edu accounts) and university business should be conducted using university-approved computing resources (i.e. university file shares, university-supported cloud storage shares, university-owned or authorized devices...).

c. Computing Resources may not be used for commercial or political purposes, or personal gain. Incidental personal use of Computing Resources may be permitted if it does not interfere with the University's or the employee's ability to carry out University business, does not go against the University's mission, and does not violate the terms of this Policy.

d. Personal Responsibility and Security: Users of Computing Resources are responsible for all activity associated with their MultiPass accounts and/or login credentials. In order to maintain the security of the University's Computing Resources, Users must not share with or transfer to others their MultiPass account information and/or login credentials except as otherwise necessary and/or appropriate from a business perspective. Similarly, providing false information or obtaining another User's MultiPass account information or login credentials without their permission in order to access Computing Resources is prohibited. Accessing, manipulating, or destroying, without permission or authority, information, communication, and/or data stored or contained in Computing Resources is prohibited. Additionally, Users must log off correctly, physically secure their computers and network connection, and install University-recommended software updates.

e. Interfering with the University's Operations: It is a violation of this policy to interfere with the University's operations by deliberately attempting to degrade or disrupt the performance and/or Security Computing Resources by intentionally introducing any computer virus or similar disruptive force into any Computing Resource; to intentionally submit false, misleading or deceptive Help Desk request; and to intentionally engage in activities which can be reasonably expected to, or do, unreasonably tax Computing Resources.

f. Compliance with Laws and University Policies: Users are expected to use Computing Resources in a way that complies with all University Policies, including those University policies prohibiting harassment and sexual misconduct, and all applicable federal, state, and local laws including the Health Insurance Portability and Accountability Act (HIPAA), the Family Educational Rights and Privacy Act (FERPA), and the Digital Millennium Copyright Act. Users are expected to respect intellectual property rights and to adhere to the terms and conditions of software license agreements for software distributed by the University.

II. Reporting a Violation

a. Violations of this policy should be reported immediately to your supervisor and/or the University's ethics reporting hotline by calling toll-free 1-866-294-8662 or via the web at https://www.ethicspoint.com

b. Reported incidents will be investigated by CTS' Information Security Office in consultation with other campus offices such as Human Resources, the Office of General Counsel, and Public Safety, as appropriate.

c. In the event of a data breach, the University's Information Security Incident Response Plan will be initiated.

III. Related Information

Related information includes, but is not limited to the following items. Although only some laws and University Policies are listed, Users are expected to comply with all applicable University Policies and all federal, state, and local laws.

Computing and Technology Policies and Service Requirements

HIPAA

Digital Millennium Copyright Act

TAP No. 28, Family Educational Rights and Privacy Act (FERPA)

TAP No. 30, Affirmative Action, Equal Educational and Employment Opportunity, and Human Relations in the Workplace and Classroom 

TAP No. 31, Sexual Misconduct and Gender Discrimination 

TAP No. 57, Social Media

Student Handbook

Academic Affairs Policies and Procedures

IV. Violations

Violations of this policy will be reviewed on a case-by-case basis. Employees are subject to formal disciplinary action up to and including termination of employment. Students are subject to the non-exhaustive list of disciplinary sanctions in the Code of Student Rights, Responsibilities, and Conduct for violations of the Code.

V. History

This policy was last revised in April of 2020.

VI. Ownership of Policy

Computing and Technology Services