Skip to Search Skip to Global Navigation Skip to Local Navigation Skip to Content
Handbook of Operating Procedures
Chapter 8 - Facilities and University Services
Previous Publication Date: June 24, 2005
Publication Date: July 26, 2021
Policy Owner: VPIMT


8.12 Information Resources Use and Security Policy

  1. Policy Statement
    At The University of Texas at San Antonio (UTSA), computing and information technology resources are dedicated to the support of the common mission of learning, teaching, researching and engaging in community service. Shared use of and access to these resources requires legal and ethical behavior from all users. Some activities on the UTSA network that are technically possible may nevertheless be prohibited.

    UTSA strives to provide a robust, technologically progressive and secure computing environment for use by the University community. The protection of valuable data within its academic, research and administrative computing facilities is of the utmost importance. The University will promote the widest possible access, use and integrity of information technology resources through awareness programs and technical and physical protective measures. In order to fulfill the mission of the institution, the University community must do everything possible to avoid compromise, degradation or disruption of information services vital to the work of faculty, students and staff.

  2. Scope
    This policy provides general information on the principles on which UTSA information security program is based. This policy applies to all users of UTSA computing and information technology resources including faculty, staff, students, guests and external individuals or organizations. Additionally, this policy applies to individuals accessing network services, such as the Internet, on University equipment. UTSA faculty, students and staff rely on networked computers, and the data they create and use, that are contained within those systems to accomplish their work and to achieve the University mission. In order to protect those resources, everyone granted access to UTSA information resources must also follow the Information Resources Acceptable Use Policy.

  3. Purpose
    Protecting the integrity of UTSA shared information resources and preserving access to them is a community effort that requires each member to act responsibly and guard against abuses. Both the University community as a whole and each individual user have an obligation to abide by the standards and best practices of the information security program, as outlined in this policy and in the published standards.

    In order to provide the greatest use of its computing and information technology resources for the entire University community, UTSA reserves the right to limit or restrict their use based on institutional priorities and financial considerations, as well as when presented with evidence of a violation of University policy, contractual agreements or state/federal laws.

    UTSA is committed to academic freedom, regardless of the medium of expression. However, the individual rights of expression or privacy may be superceded by the responsibility of the University to protect the integrity of information technology resources, the rights of all users and the property of the University.

    This policy consists of numerous standards which are accessible via the links in this policy on the Office of Information Technology Web site. These standards set the appropriate guidelines for acceptable practices regarding information technology and resources at UTSA. All members of the UTSA community -- faculty, students, staff — are required to familiarize themselves with these standards and to conform to these rules and practices.

    The standards include the following:

    1. Acceptable Use
    2. Application Administrator
    3. Administrative or Special Access
    4. Application Development and Acquisition
    5. Application Registration
    6. Change Management
    7. Computer Naming Convention
    8. Configuration and Asset Management
    9. Copiers and Printers
    10. Data Center Facility
    11. Data Classification
    12. Data Encryption
    13. Data Owner
    14. Disaster Recovery
    15. Disposal of Computing Devices
    16. Email Management
    17. Enterprise Backup and Data Recovery
    18. Incident Response
    19. Information Resources User
    20. Information Security Administrator
    21. Information Security Risk Assessment
    22. Information Security Training
    23. Information Services Expectation of Privacy
    24. Internet Use
    25. Intrusion Detection
    26. Log in Disclaimer Text
    27. Managing Access to Secured Shared Spaces
    28. Minimum Security for Computer Systems
    29. Network Access
    30. Network Configuration
    31. Office Computer Purchases
    32. Passphrase or Password
    33. Patch Management
    34. Personal Computing Security
    35. Physical Access
    36. Policy Exception and Risk Assumption
    37. Portable Computing Security
    38. Position of Special Trust
    39. Protection Against Malware
    40. Security Monitoring
    41. Server Administrator
    42. Software Licensing
    43. Threat Detection and Prevention
    44. Unauthorized File Sharing
    45. Vendor Access
    46. Web Application Vulnerability Scanning
    47. Wireless Network
    48. Workstation OS Support

  4. Disciplinary Actions
    Violation of this policy and its standards may result in disciplinary action through regular, published disciplinary procedures and may include termination for employees and temporaries; termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; and suspension or expulsion of students. Disciplinary action for faculty members will be referred to the department, the dean, and the Provost Office. Individuals may lose access to UTSA Information Resources and may face civil and/or criminal penalties, depending on the violation.

  5. Applicable Statutes and Existing Policies

    Family Educational Rights and Privacy Act of 1974 (FERPA), as amended in 2000
    Copyright Act of 1976
    , as amended
    Foreign Corrupt Practices Act of 1977, as amended in 1988

    Computer Fraud and Abuse Act of 1986, as amended in 1996

    Computer Security Act of 1987

    The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
    USA PATRIOT Act of 2001
    The State of Texas Public Information Act

    Texas Government Code, Section 441

    Texas Administrative Code 1 TAC 202

    IRM Act, 2054.075(b)
    The State of Texas Penal Code, Chapters 33 and 33A

    DIR Practices for Protecting Information Resources Assets
    DIR Standards Review and Recommendations Publications
    The University of Texas System Information Resources Use and Security Policy (UTS165)
    UTSA Student Code of Conduct and Judicial Procedures Sections 201, 202, 203

    UTSA Code of Ethics, Chapter 4, Handbook of Operating Procedures

    UTSA Information Resource Security Standards