Information Technology Standard 09.1.0

Acceptable Use Standard


Date of Current Revision or Creation:ÌýJuly 1, 2023


The purpose of an Information Technology Standard is to specify requirements for compliance with Â鶹´«Ã½ Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.

Purpose

The purpose of a compliance standard is to provide the University community with a clear understanding of the terms and conditions under which access to any Â鶹´«Ã½ information technology resource is granted.

Definitions

Account holders are users who have been granted computer account permissions to access and use Â鶹´«Ã½ information technology resources.

Information Technology Resources are defined as computers, telecommunication equipment, networks, automated data processing, databases, the Internet, printing, management information systems, and related information, equipment, goods, and services.

Standards Statement

Acceptable Usage Statement

The Acceptable Use Statement is included in the application that account holders complete prior to receiving rights to an account.

Account holders are granted access to computing, networks, telecommunications, and electronically stored information contingent upon their prudent and responsible use. Access is granted to the individual only. Individuals are not authorized to transfer or share access with another. This Acceptable Use Statement applies to all current and future accounts and access to University IT resources. The acceptance of the Acceptable Use Statement is logged.

Terms of Use

Account holders acknowledge understanding of the terms of use and consent to the following:

  • In any investigation of misuse, the University may inspect, without prior notice, the contents of files, voice mail, logs, and any related computer-generated or stored material, such as document output.
  • Computer files may be inspected occasionally by systems personnel when assuring system integrity or performing related resource management duties.
  • Users will comply with the institution's policies and procedures regarding information technology and telecommunication resources.

Â鶹´«Ã½ reserves the right (with or without cause) to monitor, access, and disclose all data created, sent, received, processed, or stored on Â鶹´«Ã½ systems.

Account Holder Responsibilities

Account holders are responsible for the following in the use and security of all accounts.

  • An account is to be used only by the designated user. The designated user is solely responsible for all work done in that account.
  • Each account may be used only for the expressed purpose of supporting the University's mission.
  • Users are responsible for protecting their passwords. Users must take precautions and practice secure password management.
  • Any user feeling pressured to reveal a password or suspect that their account has been compromised should contact the IT Security Team. Non-reported cases of unauthorized access may be classified as intentional and subject to enforcement procedures.
  • Users are responsible for locking or logging out of any device. The account holder may be responsible if someone uses that account to make an unauthorized act.

Unacceptable Behavior

The following actions are considered unacceptable behavior.

  • Account holders may not use information or resources for any illegal or unauthorized purpose or act to violate Federal, State, or local laws or University policies.
  • In accordance with Virginia Code § 2.2-2827: Restrictions on state employee access to information infrastructure, account holders may not utilize University-owned or University-leased computer equipment to access, download, print or store any information infrastructure files or services having sexually explicit content except to the extent required in conjunction with a bona fide, University-approved research project or other University-approved undertaking.
  • In accordance with Virginia Code 2.2-5514.1. Prohibited applications and websites, account holders may not download or use any application, including TikTok or WeChat, or access any website developed by ByteDance Ltd. or Tencent Holdings Ltd. (i) on any University-issued device or University-owned or University-leased equipment or (ii) while connected to any wired or wireless Internet network owned, operated, or maintained by the University, except to the extent authorized (by the Superintendent of State Police or the chief law-enforcement officer of the appropriate locality or institution of higher education) for the purpose of allowing participation in law-enforcement-related matters.
  • Account holders may not participate in any malicious behavior that harms or interfere with others' use of resources.
  • Account holders may not use resources or information for commercial purposes without prior authorization.
  • Account holders may not disrupt network services or tamper with software protections or restrictions.
  • Account holders may not use copyrighted and licensed materials on Â鶹´«Ã½ systems unless Â鶹´«Ã½ owns the materials or Â鶹´«Ã½ has otherwise complied with intellectual property laws governing the materials.
  • Account holders may not transmit unencrypted sensitive data over the Internet.

Enforcement

Misuse of computing, networking, and information resources may result in severe consequences, including the loss of access to information technology resources.

Account Termination

IT management has the responsibility to maintain accurate access privileges to information technology resources.

Access privileges will be terminated for employees transferring departments or leaving University employment.

Student accounts are deactivated in accordance with student enrollment status.

Procedures, Guidelines & Other Related Information

History

Date

Responsible Party

Action

October 2008

ITAC/CIO

Created

October 2009

ITAC/CIO

Reaffirmed

October 2010

ITAC/CIO

Reaffirmed

October 2011

ITAC/CIO

Reaffirmed

October 2012

ITAC/CIO

Reaffirmed

December 2012

IT Policy Office

Minor rewording for clarity
Numbering revision
December 2018 IT Policy Office Definitions and links checked
October 2021 IT Policy Office Definitions and links checked
July 2023 IT Policy Office Revised to add specific legislative language
Ìý