CCIT Computer and Network Usage Policy

--Interim--

Acceptable Use of Computers and Networks

at the University of Arizona

I.            Introduction

The University of Arizona provides a wide variety of computing and networking resources to all qualified members of the university community.  Access to computers, computing systems and networks owned by The University of Arizona is a privilege which imposes certain responsibilities and obligations and which is granted subject to university policies and codes, and local, state and federal laws.  All users of these resources must comply with specific policies and guidelines governing their use, and act responsibly while using shared computing and network resources including wireless.  The purpose of this policy is to promote the efficient, ethical and lawful use of the University of Arizona’s computer and network resources. 

II.            Scope

This policy applies to all users of University of Arizona computing and network resources, whether initiated from a computer and/or network device located on or off campus.

 III.            Policy Statement

Individuals using computer resources belonging to The University of Arizona must act in a responsible manner, in compliance with law and University policies, and with respect for the rights of others using a shared resource.  The right of free expression and academic inquiry is tempered by the rights of others to privacy, freedom from intimidation or harassment, protection of intellectual property, ownership of data, and security of information. 

IV.            Acceptable Use Guidelines

The specific usage guidelines that follow are not intended to be comprehensive, but rather to establish and clarify the intent of this policy.  Situations not enumerated here will inevitably arise, and they should be interpreted according to the spirit of this policy.

Each person using the University of Arizona’s computer and network resources should:

1.             Take no actions that violate the Codes of Conduct and Academic Integrity, Classified Staff Personnel Policy Manual, University Handbook for Appointed Personnel, or other applicable policy or law.  This is not a comprehensive list of applicable University policies. In the event of a conflict between policies, the more restrictive use policy shall govern.   

See the following related manuals/documents for more information:

Faculty and Staff Manuals {http://www.hr.arizona.edu/09_rel/polpro.php}

Student Code of Conduct {http://info-center.ccit.arizona.edu/~studpubs/policies/studcofc.htm}

2.             Use security measures to protect the integrity of information, data, and systems. Users shall protect their computer systems and accounts by using strong passwords, installing anti-virus software consistent with management directives and keeping such software, as well as the operating system and application security patches, up to date. Users are responsible for safeguarding their identification codes and passwords, and for using them only as authorized.  Examples of misuse include using a computer account and/or obtaining a password that you are not authorized to use, using the campus network to gain unauthorized access to any computer system, and using a "sniffer" or other methods in an attempt to "crack" passwords. 

See the following related documents for more information:

UA Electronic Privacy Statement {http://w3.arizona.edu/~security/uaelectprivstmt.htm}

UA summary of FERPA {http://www.registrar.arizona.edu/ferpa/}

Guidelines for Collection, Use and Disclosure of Personal Information at the University of Arizona {http://w.3.arizona.edu/~security/Guidelines.htm}

3.             Clearly and accurately identify one’s self in electronic communications. Do not forge or misrepresent one’s identity.  Concealing or masking the identity of electronic communications such as altering the source of an email message by making it appear as if the message was sent by someone else is a violation of this policy. 

See the following related polices for more information:

Electronic Mail Policy {http://w3.arizona.edu/~records/efinal.htm}

Official Student E-mail Policy {http://www.registrar.arizona.edu/emailpolicy.htm}

4.             Use computer and network resources efficiently.  Computing resources are finite and must be shared.  Users may use the University’s computer and network resources for incidental personal purposes, provided that such use does not (A) unreasonably interfere with the use of computing and network resources by other users, or with the University’s operation of computing and network resources; (B) interfere with the user’s employment or other obligations to the University; or (C) violate this policy or other applicable policy or law.  The university retains the right to set priorities on use of the system, and to limit recreational or personal uses when such uses could reasonably be expected to cause, directly or indirectly, strain on any computing facilities, or to interfere with research, instructional or administrative computing requirements, or to violate applicable policies or laws.  Examples of inappropriate use include sending unsolicited e-mails via listservs, newsgroups, or other means (SPAM), sending “chain letters” or engaging in pyramid schemes.

5.             Do not harass or intimidate or use computer and network resources for unlawful acts.  The University, in general, cannot and does not wish to be the arbiter of content maintained, distributed or displayed by users of the University’s computing and network resources.  For example, the University, in general, cannot protect users from receiving e-mail they may find offensive.  Using the University’s computer or network resources for illegal activities, however, is strictly prohibited.  Unlawful use of University computer and network resources can expose the individual user and the University to damages claims, or potential criminal liability.  Unlawful uses may include, but are not limited to: harassment and intimidation of individuals on the basis of race, sex, religion, ethnicity, sexual orientation or disability; obscenity; child pornography; threats; theft; attempting unauthorized access to data; attempting to breach security measures on any electronic communications software or system; attempting to intercept electronic communication transmissions without proper authority; and violation of intellectual property or defamation laws.  Do not use computer systems to send, post, or display abusive, slanderous or defamatory messages, text, graphics, or images. By using the University’s computer and network services, each user accepts the responsibility to become informed about, and to comply with, all applicable laws and policies.

6.             The use of university computer resources and networks is for legitimate academic or administrative purpose. Incidental personal use is permissible to the extent that it does not violate other provisions of this policy, interfere with the performance of employee’s duties, or interfere with the education of students at the university.  Use of your computer account or the network for commercial activities that are not approved by appropriate supervisory University personnel consistent with applicable policy, or for personal financial gain (except as permitted under applicable academic policies) is prohibited. Examples of prohibited uses include using your computer account for engaging in unauthorized consulting services, software development, advertising products/services, and/or other private commercial activity.

See the following related document for more information:

Acknowledgment and Advertising on University of Arizona Web Pages {http://uaweb.arizona.edu/council/advertising.shtml}

7.             Respect copyright and intellectual-property rights. Users must adhere to the U.S. Copyright Act, and the terms and conditions of any and all software and database licensing agreements.   Any form of original expression fixed in a tangible medium is subject to copyright, even if there is no copyright notice.  Examples include music, movies, graphics, text, photographs, artwork and software, distributed in any media -- including online.  The use of a copyrighted work (such as copying, downloading, file sharing, distribution, public performance, etc.) requires either (A) the copyright owner’s permission, or (B) an exemption under the Copyright Act.  The law also makes it unlawful to circumvent technological measures used by copyright owners to protect their works.   Copyright infringement exposes the user, and possibly the University, to heavy fines and potential criminal liability.  Therefore, without limitation of other possible sanctions, the University may refuse, suspend and/or terminate computer and network access, with respect to any user who violates the copyright law, or who uses the University’s computer or network resources contrary to the terms of the University’s software or database license agreements.

See the following related document for more information:

Copyright and the Web {http://uaweb.arizona.edu/council/copyright.shtml}

United States Copyright Office {http://www.loc.gov/copyright}

8.         Respect University property. Misuse of university property includes, but is not limited to, theft or damage of equipment or software, knowingly running or installing computer viruses or password cracking programs, attempting to circumvent installed data protection methods that are designed and constructed to provide secure data and information, or in any way attempting to interfere with the physical computer network/hardware, or attempting to degrade the performance or integrity of any campus network or computer system.

9.             Make only appropriate use of data to which you have access.  Authorized university personnel (e.g. system, network and database administrators, among others) may have access to data beyond what is generally available. Privileged access to data may only be used in a way consistent with applicable laws, University policies, and accepted standards of professional conduct.  Those who have access to databases that include personal information shall respect individual privacy and confidentiality, consistent with applicable laws and University policies regarding the collection, use and disclosure of personal information.  Users should be aware however that state laws and university policies, guidelines and regulations may prevent the protection of certain aspects of individual privacy.  Both the nature of electronic communications, and the public character of the University’s business make certain uses less private than users may anticipate.  For example,, in certain circumstances, the University may permit the inspection, monitoring or disclosure of e-mail, consistent with applicable laws and with the University’s Electronic Mail Policy. 

See the following related polices/documents for more information:

UA Electronic Privacy Statement {http://w3.arizona.edu/~security/uaelectprivstmt.htm}

Electronic Mail Policy {http://w3.arizona.edu/~records/efinal.htm}

UA summary of FERPA {http://www.registrar.arizona.edu/ferpa/}

Guidelines for Collection, Use and Disclosure of Personal Information at the University of Arizona {http://w3.arizona.edu/~security/guidelines.htm}

10.     Respect and adhere to other departmental/college/Internet Service Provider's acceptable use policies. When using a university computer system and/or network to connect to a non University of Arizona system or network, adhere to the prevailing policies governing that system or network. This does not in any way release your obligation to abide by the established policies governing the use of University of Arizona computer systems and networks.

V.            Consequences of Misuse and/or Non-Compliance

Users who misuse University computing and network resources or who fail to comply with the University’s written usage policies, regulations and guidelines are subject to one or more of the following consequences:

§         Temporary deactivation of computer/network access

§         Permanent deactivation of computer/network access

§         Disciplinary actions taken by the department or Dean of Students Office up to and including expulsion from school or termination of employment

§         Subpoena of data files

§         Legal prosecution under applicable Federal and State laws

§         Possible penalties under the law, including fines and imprisonment

Violations, complaints and questions should be reported to the University of Arizona Security Incident Response Team (SIRT) by email (sirt@arizona.edu) or call 621-0100.