|University of Arkansas at Little Rock|
|Policy Name: Information Technology (IT) Acceptable Use|
|Policy Number: 208.1|
|Effective Date: March 3, 2003|
Information technology (IT) has the ability to distribute and examine a vast array of material with unprecedented speed. One requirement however, remains constant: all information technology use must fully respect the rights of the university and IT community members. This Acceptible Use Policy (AUP) is designed to guide faculty, staff, and students in the acceptable use of network and information systems provided by the University of Arkansas at Little Rock (UA Little Rock). More importantly, it is meant as an application of principles of respect using UA Little Rock computer resources, other computer users, and for the medium itself.
The UA Little Rock community is encouraged to make innovative and creative use of information technologies in support of education and research. Consistent with other university policies, this policy is intended to respect the rights and obligations of academic freedom as well as to protect the resources of the university.
The university campus network is an open network and therefore cannot protect individuals against the existence or receipt of material that may be offensive to them. Those who make use of electronic communications are warned that they may come across or be recipients of material they find offensive. Those who use email and/or make information about themselves available on the Internet should be forewarned that the university cannot protect them from invasions of privacy and other possible dangers that could result from the distribution of personal information. IT and network facilities of the university are finite and limited. These facilities should be used wisely and carefully with consideration for the needs of others. When used appropriately, these tools can enhance dialog and communications. When used inappropriately or unlawfully, these tools can infringe on the rights of others. Current use of IT parallels familiar activities in other media and formats and existing university policies already provide guidance. Using electronic media in the place of standard written correspondence, for example, does not fundamentally alter the nature of the communication, nor will it alter the guiding policies. University policies, which already apply to freedom of expression, privacy, and related matters, apply to electronic expression as well. This AUP addresses circumstances which are new or at least unfamiliar in the IT arena and augments rather than replace other applicable university policies.
UA Little Rock IT systems include the computers, terminals, printers, networks, modem banks, and related equipment, as well as data files or documents residing on disk, tape, or other media, which are owned, managed or maintained by Information Technology Services and/or faculty/staff of UA Little Rock. For example, IT systems include institutional and departmental systems, IT systems managed by UA Little Rock Information Technology Services, faculty research systems connected to the campus network, the campus telephone system, and the university’s campus network (which is designed and managed by Information Technology Services). Privately owned equipment, such as laptops, PDAs, and home computers are considered an IT system if attached directly or remotely to the campus network and/or is used to access the UA Little Rock campus network.
A user is any person, whether authorized or not, who makes any use of any IT system from any location. For example, this definition includes persons who access IT facilities via an off campus electronic network, as well as those who use an UA Little Rock dial-in network (e.g., the campus network/Internet) to connect a personal machine to any other networked system or service. An IT user is a user with authorization to access a UA Little Rock IT system(s). IT users include UA Little Rock students, faculty members, staff members, and alumni, or alumnae with accounts on IT systems.
A system administrator is an individual with the authority to determine who is permitted access to a UA Little Rock department system or server. For example, UA Little Rock associate director of networks is the UA Little Rock campus network system administrator.
Network security officer (NSO) is an individual charged with maintaining the security of the UA Little Rock campus network and as such, has the authority to investigate security violations to ensure that security policy is complied with.
The purpose of IT is to further the research, education, and administrative functions of UA Little Rock. To achieve this purpose, these policies intend:
- To ensure the integrity, reliability, and performance of UA Little Rock IT systems and network.
- To ensure that the UA Little Rock community of IT users utilize the campus IT facilities in a fair and equable manner with respect for the rights of the community at large.
- To ensure that IT systems and network are used for their intended purposes.
- To establish sanctions and processes for addressing violations.
The IT AUP applies to all UA Little Rock IT systems owned, managed, or administered by UA Little Rock faculty, staff, and students and any use of those systems. Many particular IT systems (UA Little Rock’s News and World Wide Web sites, campus email services, etc.) have service-specific policies, which apply in addition to this AUP. Please refer to postings available with each system to identify all applicable policies.
The policies described herein are those that the university uses in the normal operation of IT facilities and network. This document does not waive any claim that UA Little Rock may have to ownership or control of any hardware, software, or data created on, stored on, or transmitted through UA Little Rock IT systems and network.
Use of IT Systems
Use of UA Little Rock IT systems is restricted to authorized UA Little rock faculty, staff, alumni and students. The administrator of a campus system, server, and/or campus network component is the responsible authority, which grants authorization for system use and access.
UA Little Rock IT systems and network may be used only for their intended authorized purposes. For example, privately owned computers may not host sites for non-UA Little Rock organizations across the IT managed UA Little Rock network without specific authorization.
Official Electronic Communications
Student e-mail accounts are created within 24 hours of class registration and faculty/staff e-mail accounts created when the initial hiring documents are complete. UA Little Rock E-mail is the official means of electronic communication with students, faculty, and staff. Important university-related information will be sent to individual e-mail accounts. Students are responsible for regularly reading e-mail messages. Types of communication include but are not limited to financial aid information, inclement weather closings, e-bills and payment deadlines, registration information, and library notices. The UA Little Rock e-mail system can be accessed at mail.ualr.edu.
Without specific UA Little Rock administration authorization, activities using IT systems and network for non-UA Little Rock commercial purposes are prohibited. This is not meant to restrict normal communications and exchange of electronic data, consistent with the university’s education and research roles, that may have an incidental financial or other benefit for an external organization. For example, it is not appropriate to discuss products or services with companies doing business with UA Little Rock or to contribute to Facfocus discussing issues relating to commercial products.
All use of UA Little Rock IT systems and network must be consistent with all contractual obligations of the university, including limitations defined in software and other licensing agreements.
Privileges for IT Users
Free Inquiry & Expression
UA Little Rock IT users are afforded free inquiry and expression consistent with the purposes of the university.
UA Little Rock IT users can expect reasonable confidentiality for particular data. Systems administrators will identify categories of data, which will be managed as confidential on a particular IT system and they will make all reasonable efforts to maintain the confidentiality of that data. However, limited risks do apply to confidentiality, for example to technical limitations, software bugs, and system failures. Systems administrators will take reasonable steps to inform IT users of the limits to confidentiality for their respective IT systems. IT users are expected to become familiar with those limit and risks of confidentiality and to manage their confidential data accordingly. Confidentiality of data must comply with the State of Arkansas Freedom of Information Act.
Responsibilities for All Users
Users must not permit or assist any unauthorized person to access IT systems. For example, any non-UA Little Rock organization or individual without appropriate authorization may not use UA Little Rock IT systems. Each campus user must have and use a unique login/password to a campus IT system. Multiple user logins or passwords are in violation of this policy.
Users must not defeat or attempt to defeat any UA Little Rock IT system’s security, for example, by “cracking” or guessing user identifications or passwords, compromising room locks or alarm systems, utilize software that will probe a network user system, or a sniffer gathering login/password data.
Unauthorized Data Access
Users must not access or attempt to access data on any UA Little Rock IT system they are not authorized to access. Users must not make or attempt to make any deliberate, unauthorized changes to data on an IT system. Users must not intercept or attempt to intercept data communications not intended for that user’s access, for example network sniffing or wiretapping.
Users must not conceal their identity when using UA Little Rock IT systems. Users must use their own login ID and password.
Denial of Service
Users must not deny or interfere with or attempt to deny or interfere with service to other users, on campus or off campus, by means of “resource hogging,” deliberate distribution of computer worms or viruses, or modification of any IT system. Knowing or reckless distribution of unwanted mail or other messages is prohibited.
Users must observe intellectual property rights including, in particular, copyright laws as they apply to software, licensing, and electronic forms of information.
External Data Networks
Users must observe all applicable policies of external or off campus data networks when using such networks.
Modification of Data or Equipment
Without specific authorization, users of UA Little Rock IT systems must not cause, permit, or attempt any destruction or modification of data or computing or communications equipment, including but not limited to alteration of data, reconfiguration of control switches or parameters, or changes in firmware. “Specific authorization” refers to permission by the owner or systems administrator of the equipment.
Personal Account Responsibility
Users are responsible for the security of their IT system accounts and passwords. Any user change of passwords must follow published guidelines. Accounts and passwords are assigned to single users and are not to be shared with any other person without authorization by the systems administrator. Changing another person’s password is considered a form of harassment and unethical behavior.
Users are presumed to be responsible for any activity carried out under their IT system accounts.
Responsibility for Content
Representatives of IT publish “official” information in a variety of electronic forms. A statement of the certifying authority publishing the information will normally identify such official information. A certifying authority is that IT department or individual who certifies the accuracy of an electronic document and IT appropriateness for the conduct of IT business.
Users also publish information in electronic forms on IT equipment and/or over UA Little Rock’s networks. UA Little Rock does not have any intention or opportunity to screen such private material and thus cannot assure IT accuracy or assume any responsibility for this material. Any electronic publication provided on or over UA Little Rock equipment and/or networks, which is not legitimately identified by a certifying authority, is the private speech of an individual user. Offensive content is to be reported to the network security officer (NSO) for investigation.
The university’s electronic mail facilities should not be used:
- To send unauthorized mass mailings of any type.
- To send rude, obscene, harassing, or illegal material, or material that in any way conflicts with the regulations of the university.
- To send any material that in any way conflicts with state or federal law.
- To perform an operation or activity that degrades the performance of the UA Little Rock’s IT systems and/or network.
Threats and Harassment
Users may not use a UA Little Rock IT system to threaten or harass any person. A user must cease sending messages or interfering in any way with another user’s use of IT systems if the aggrieved user makes a reasonable request for such cessation.
Removal of Equipment or Documents
Without specific authorization by the system administrator, users must not remove any university-owned or administered equipment or documents from an IT system.
Without specific authorization by the system administrator, users must not physically or electrically attach any foreign device (such as an external disk, printer, network sniffer, sniffer software, network monitoring software, modem, or video system) to an IT system.
Users must not conceal or help to conceal or “cover up” violations by any party. Users are expected to report any evidence of actual or suspected violation of this policy to the systems administrator of the facility most directly involved. In case of doubt, the report should be made to the UA Little Rock network security officer (NSO) and/or UA Little Rock chief information officer (CIO).
Reporting of Security Violations
If a user observes and/or suspects a security violation, he or she is obligated to report such to the UA Little Rock network security officer.
Users of IT systems must show identification including university affiliation upon request by a system administrator, NSO, or university authority.
Access to Data
Users must allow systems administration personnel access to data files on IT Systems for the purpose of making backups, diagnosing systems problems, and investigating policy and/or campus network security violations.
UA Little Rock NSO is authorized to investigate alleged or apparent violations of UA Little Rock IT policy or applicable law involving IT systems and/or network using whatever means appropriate. The NSO will maintain a log and incident reporting of all such incidents. Any emergency action will be logged and security incident appropriateness reviewed after the fact.
The university may restrict the use of its IT and network systems when faced with evidence of violation of University policies, federal or local laws. The university reserves the right to limit access to its networks and IT systems. The university may limit access to material posted on university owned IT systems that is deemed inappropriate or not in keeping with the educational, research and community service missions of this University. Systems administrators are authorized by the University Network Security Policy to apply certain penalties to enforce applicable policies. Such penalties include temporary or elimination of access privileges, which may apply to networks and other IT services or facilities.
When a systems administrator believes it necessary to preserve the integrity of facilities, user services, or data, he or she may suspend any account, whether or not the account owner (the user) is suspected of any violation. The system administrator will attempt to notify the user of any such action.
If, in the opinion of the systems administrator, the violation warrants action beyond a system administrator’s authority, he or she may refer the case to other authorities, such as the NSO, the university disciplinary body appropriate to the violator’s status, or to an employee’s supervisor.
Source: UALR Computing Services Policies, March 3, 2003
Approved By: Jeannie Winston, VCIS, March 3, 2003
Custodian: Information Technology Services