STANDARD FOR ACCEPTABLE USE

 

The University of Texas at San Antonio

Office of Information Technology

Office of Information Security (OIS) Standards

 

OIS 42 – Standard for Acceptable Use

 


I. STANDARD STATEMENT


 All personnel seeking to access UTSA computing resources must be aware of the duties and responsibilities that are in place to protect the network infrastructure.

 


II. RATIONALE


This standard supports HOP Policy 8-12 Information Resources Use and Security Policy.

 


III. SCOPE



This standard applies to all UTSA faculty, staff, and students.

 


IV. CONTACTS


If you have any questions about OIS-42  - Standard for Acceptable Use contact the following office:

 

The Office of Information Security

informationsecurity@utsa.edu

 


V. DEFINITIONS 


  1. "appropriate network server" - A computer asset meeting the minimum setup criteria: authentication, data protection, server administrator assigned.  (April 2013)
  2. "critical University digital data" - Generally, data that is defined by an entity to be essential to that entity's function and that, if made unavailable, will inflict substantial harm to the entity and the entity's ability to meet its instructional, research, patient care or public service missions.
  3. "Executive Officer" - UTSA President (or delegate), UTSA Provost (or delegate)  (April 2013)
  4. "excessively large (email) message or attachments" - The maximum size for a UTSA email message is 20MB, including the message and all attachments. (April 2013)
  5. "incidental use" - certain activities (accessing the Internet, installng software like iTunes, etc.) are permitted as long as they do not affect the execution of your work duties and they do not incur an expense or hardship to the university.  For example, maxing out your computer hard drive space with your personal files is not permitted.
  6. "Information Security Officer or his/her delegate" - The delegates consist of the UTSA President, Provost or delegate of the Provost. (April 2013)
 


VI. PROCEDURES


 

All faculty and staff members seeking to access UTSA information resources must be aware of the duties and responsibilities that are in place to protect the university network.

 A. Acknowledgement of Acceptable Use Policy
   1. Each User, during the normal compliance training process, reviews and acknowledges their understanding and acceptance of the Acceptable Use Policy.

B. General
 1. UTSA Information Resources are provided for the express purpose of conducting the business and mission of the UTSA.
 2. UTSA Information Resources must not be used to: engage in acts against the mission and purposes of the UTSA, intimidate or harass, degrade performance, deprive access to a UTSA resource, obtain extra resources beyond those allocated, or to circumvent          computer security measures.
 3. Information Resources must not be used to conduct a personal business or for the exclusive benefit of individuals or organizations that are not part of The University of Texas System.
 4. Sexually explicit materials must not be intentionally accessed, created, stored or transmitted other than in the course of academic research where this aspect of the research has the explicit written approval of an Executive Officer of UTSA.
 5. Users must not copy or reproduce any licensed software unless expressly permitted by the software license, use unauthorized copies on UTSA-owned computers or use software known to cause problems on UTSA-owned computers.

C. Information Services Privacy
1. Users have no expectation of privacy regarding any data residing on UTSA computers, servers, or other Information Resources owned or held on behalf of UTSA regardless of whether the data was generated as the result of acceptable (including Incidental Use as described below) or unacceptable use of UTSA's Information Resources.
2. All files, documents, messages in any format and other data residing on UTSA computing resources or held on behalf of UTSA are accessible to UTSA in accordance with the Regents' Rules and Regulations and are subject to access by the UTSA without notice to comply with public information requests, court orders, subpoenas or litigation holds; or for any other purpose consistent with the duties of UTSA. Users have no expectation of privacy in any such data.
 
D. Data Protection
 1. Data will be accessed on a need to know basis. Users of UTSA Information Systems must not attempt to access data or programs contained on systems for which they do not have authorization or consent.
 2. All critical University digital data will be saved on appropriate network servers to ensure backup of the data. All data, including research data, should be backed up for disaster recovery reasons.
 3. All records (electronic or paper) will be maintained in accordance with the UTSA Records Retention Policy.

E. Electronic Mail (email)
The email service provided by OIT (@utsa.edu domain) is the official university email system for employees. Employees of UTSA shall not use other email services for UTSA business. The following email activities are prohibited:
1. Using email for purposes of political lobbying or campaigning except as permitted by the Regents' Rules and Regulations.
2. Posing as anyone other than oneself when sending email, except when authorized to do so by the owner of the email account.
3. Reading another User's email unless authorized to do so by the owner of the email account, or as authorized by policy for investigation, or as necessary to maintain services.
4. Use of email software that poses a significant security risk to other Users on the UTSA network.
5. Sending or forwarding "chain" letters.
6. Sending unsolicited messages to large groups except as required to conduct UTSA business.
7. Sending excessively large messages or attachments unless in performance of official UTSA business.
8. Sending or forwarding email that is likely to contain computer viruses.

F. Confidential or Protected Information (Category I / II data)
1. Users shall not disclose confidential information except to authorized parties as required to accomplish authorized business functions in support of UTSA's mission.
2. All confidential or protected health or student information transmitted over external networks or saved on UTSA servers must be encrypted in accordance with OIT Data Encryption Guidelines. This information must not be sent or forwarded to non-UTSA email accounts provided by other Internet Service Providers, and must not be knowingly transmitted via wireless to or from a portable computing device unless approved wireless transmission protocols and security techniques are utilized.
3. A link to more information about data classification can be found on the Data Classification Examples page.
 
G. Incidental Use of Information Resources
1. Incidental personal use of email, Internet access and other Information Resources by an employee is permitted by UTSA policy but is restricted to employees (it does not extend to family members or other acquaintances). It must not interfere with the normal performance of an employee's duties, must not result in direct costs to UTSA and must not expose the University to unnecessary risks.
2. Non-work related information may not be stored on network file servers.

H. Internet Use
1. Due to network maintenance and performance monitoring and to ensure compliance with applicable laws and policies, all User activity may be subject to logging and review.
2. Email or postings by Users of UTSA network resources to news groups, "chat rooms", "listservs", or social websites must not give the impression they are representing, giving opinions, or making statements on behalf of UTSA, unless authorized. Users should use a disclaimer stating that the opinions expressed are their own and not necessarily those of UTSA.
3. Personal commercial advertising must not be posted on UTSA websites.

I. Security
1. Security programs or utilities that reveal or exploit weaknesses in the security of a system or that reveal data by circumventing established authorization procedures and systems should not be downloaded and/or used, except as authorized by OIT. For example, password cracking programs, packet sniffers, or port scanners shall not be used on UTSA Information Resources. Users must report any identified weaknesses in UTSA computer security and any incidents of possible misuse or violation of this Acceptable Use Policy to an immediate supervisor, department head, or OIT. 

J. Exceptions
1. Any exceptions to this Acceptable Use Policy must be documented and authorized in writing by the ISO or his/her delegate.
 
 
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Last update: September 4, 2014

Effective Date: September 4, 2014

Last Revised: September 4, 2016

Reviewed: August 7, 2017

<< Back