If an audit, security scan or a computer security incident indicates that the University or a department or office within the University is deficient with respect to the security measures established by this Policy, the University, department or office may be subject to any or all of the following:
- Removal of the computer system, server or desktop from the data network until such time as the security problems have been fixed and the system/server/desktop is in compliance with the provisions of this Policy.
- Audit by Audit and Management Advisory Services.
- Investigation by Campus Police and state or federal agencies, depending on the nature of the computer security incident.
Individuals including faculty, staff, students and affiliates who violate the provisions of this Policy are subject to discipline up to and including dismissal or separation from the University. Where applicable, a violation may subject the violator to civil and/or criminal liability. Additionally, the University at all times maintains the right to determine who will be authorized to have access to its information and/or resources.
Persons subject to this Policy may also be bound by copyrights and contractual obligations of the University with respect to use of software and other matters. Other Tufts University policies that relate to this Policy include, but are not limited to the Information Stewardship Policies, the Mailing List Policy and the Email Policy. Each person who is subject to this Security Policy is expected to be familiar with the relevant foregoing policies.