Skip to Search Skip to Global Navigation Skip to Local Navigation Skip to Content
Handbook of Operating Procedures
  • Policy Process

    • Handbook of Operating Procedures
    Chapter 8 - Facilities and University Services
    Previous Publication Date: June 24, 2005
    Publication Date: July 26, 2021
    Policy Owner: VPIMT

     

    8.12 Information Resources Use and Security Policy
    This is not the current policy. For the latest, click here.

    1. Policy Statement
      At The University of Texas at San Antonio (UTSA), computing and information technology resources are dedicated to the support of the common mission of learning, teaching, researching and engaging in community service. Shared use of and access to these resources requires legal and ethical behavior from all users. Some activities on the UTSA network that are technically possible may nevertheless be prohibited.

      UTSA strives to provide a robust, technologically progressive and secure computing environment for use by the University community. The protection of valuable data within its academic, research and administrative computing facilities is of the utmost importance. The University will promote the widest possible access, use and integrity of information technology resources through awareness programs and technical and physical protective measures. In order to fulfill the mission of the institution, the University community must do everything possible to avoid compromise, degradation or disruption of information services vital to the work of faculty, students and staff.

    2. Scope
      This policy provides general information on the principles on which UTSA information security program is based. This policy applies to all users of UTSA computing and information technology resources including faculty, staff, students, guests and external individuals or organizations. Additionally, this policy applies to individuals accessing network services, such as the Internet, on University equipment. UTSA faculty, students and staff rely on networked computers, and the data they create and use, that are contained within those systems to accomplish their work and to achieve the University mission. In order to protect those resources, everyone granted access to UTSA information resources must also follow the Information Resources Acceptable Use Policy.

    3. Purpose
      Protecting the integrity of UTSA shared information resources and preserving access to them is a community effort that requires each member to act responsibly and guard against abuses. Both the University community as a whole and each individual user have an obligation to abide by the standards and best practices of the information security program, as outlined in this policy and in the published standards.

      In order to provide the greatest use of its computing and information technology resources for the entire University community, UTSA reserves the right to limit or restrict their use based on institutional priorities and financial considerations, as well as when presented with evidence of a violation of University policy, contractual agreements or state/federal laws.

      UTSA is committed to academic freedom, regardless of the medium of expression. However, the individual rights of expression or privacy may be superceded by the responsibility of the University to protect the integrity of information technology resources, the rights of all users and the property of the University.

      This policy consists of numerous standards which are accessible via the links in this policy on the Office of Information Technology Web site. These standards set the appropriate guidelines for acceptable practices regarding information technology and resources at UTSA. All members of the UTSA community -- faculty, students, staff — are required to familiarize themselves with these standards and to conform to these rules and practices.

      The standards include the following:

      1. Acceptable Use
      2. Application Administrator
      3. Administrative or Special Access
      4. Application Development and Acquisition
      5. Application Registration
      6. Change Management
      7. Computer Naming Convention
      8. Configuration and Asset Management
      9. Copiers and Printers
      10. Data Center Facility
      11. Data Classification
      12. Data Encryption
      13. Data Owner
      14. Disaster Recovery
      15. Disposal of Computing Devices
      16. Email Management
      17. Enterprise Backup and Data Recovery
      18. Incident Response
      19. Information Resources User
      20. Information Security Administrator
      21. Information Security Risk Assessment
      22. Information Security Training
      23. Information Services Expectation of Privacy
      24. Internet Use
      25. Intrusion Detection
      26. Log in Disclaimer Text
      27. Managing Access to Secured Shared Spaces
      28. Minimum Security for Computer Systems
      29. Network Access
      30. Network Configuration
      31. Office Computer Purchases
      32. Passphrase or Password
      33. Patch Management
      34. Personal Computing Security
      35. Physical Access
      36. Policy Exception and Risk Assumption
      37. Portable Computing Security
      38. Position of Special Trust
      39. Protection Against Malware
      40. Security Monitoring
      41. Server Administrator
      42. Software Licensing
      43. Threat Detection and Prevention
      44. Unauthorized File Sharing
      45. Vendor Access
      46. Web Application Vulnerability Scanning
      47. Wireless Network
      48. Workstation OS Support

    4. Disciplinary Actions
      Violation of this policy and its standards may result in disciplinary action through regular, published disciplinary procedures and may include termination for employees and temporaries; termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; and suspension or expulsion of students. Disciplinary action for faculty members will be referred to the department, the dean, and the Provost Office. Individuals may lose access to UTSA Information Resources and may face civil and/or criminal penalties, depending on the violation.

    5. Applicable Statutes and Existing Policies

      Family Educational Rights and Privacy Act of 1974 (FERPA), as amended in 2000
      Copyright Act of 1976      , as amended
      Foreign Corrupt Practices Act of 1977, as amended in 1988
      Computer Fraud and Abuse Act of 1986, as amended in 1996
      Computer Security Act of 1987
      The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
      USA PATRIOT Act of 2001
      The State of Texas Public Information Act
      Texas Government Code, Section 441
      Texas Administrative Code 1 TAC 202
      IRM Act, 2054.075(b)
      The State of Texas Penal Code, Chapters 33 and 33A
      DIR Practices for Protecting Information Resources Assets
      DIR Standards Review and Recommendations Publications
      The University of Texas System Information Resources Use and Security Policy (UTS165)
      UTSA Student Code of Conduct and Judicial Procedures Sections 201, 202, 203
      UTSA Code of Ethics, Chapter 4, Handbook of Operating Procedures
      UTSA Information Resource Security Standards