Outlook Web App | Campus Compass | Events | FSP Lookup | Infoboard

Tuesday, May 21, 2013 8:49 PM
Inside Tufts University Information Technology
GO >
this site tufts.edu people
   

ISP - Use of Institutional Systems Policy

blue-brown dot - 12hx23wInformation Stewardship Clear dot Summaryblue-brown dot - 12hx23wFull Policyblue-brown dot - 12hx23wDownload PDF
blue-brown dot - 12hx23wUse of Institutional Systems Clear dot Summaryblue-brown dot - 12hx23wFull Policyblue-brown dot - 12hx23wDownload PDF
blue-brown dot - 12hx23wInformation Classification and Handling Clear dot Summaryblue-brown dot - 12hx23wFull Policyblue-brown dot - 12hx23wDownload PDF
blue-brown dot - 12hx23wInformation Roles and Responsibilities Clear dot Summaryblue-brown dot - 12hx23wFull Policyblue-brown dot - 12hx23wDownload PDF

Use of Institutional Systems Policy

Purpose

This policy sets forth the manner in which Tufts’ institutional systems are to be used in general, and particularly when creating, using, disseminating, retaining, and disposing of institutional data.

Scope

All members of the Tufts community.
 

Policy Statement

The electronic and physical systems owned or licensed by Tufts University used to store or access institutional data are institutional systems. These systems support the University’s instructional, research, and service mission, including all university related activities. Use of these systems, like those of other university resources and activities, is subject to all applicable laws and regulations; university policies, procedures, and standards; and contracts and licenses. All operation of institutional systems should therefore represent Tufts’ values and mission and management expectations for ethical behavior.

Authorized Individual Access

Tufts institutional systems are provided to authorized individuals for University-related purposes. Types of authorized individuals are described in the Eligibility for IT Policy. All access and use must be properly controlled in a manner defined by management, and consistent with individual roles and job responsibilities.

Members of the Tufts community are entrusted with access to institutional systems on an individual basis. Members of the Tufts community are not permitted to extend access further to any other person by any means, including sharing access, providing unauthorized redistribution of services, or otherwise obfuscating the true identity of the user. Users are expected to take reasonable steps to prevent unauthorized access. Authorized access to institutional systems is generally expected to end when a user no longer has an official connection to the Tufts community.

Managers have the authority to limit the personal use of institutional systems. Such personal use cannot involve access to confidential data, interfere with work responsibilities, or place an undue burden on institutional systems.

Resource Management, Monitoring, and No Expectation of Privacy in Use

Use of institutional systems is not ultimately private. While Tufts does not routinely monitor individual usage of resources, normal operation and maintenance of resources requires logging of activity, backup and caching of data, and other activities necessary to provide services and ensure adherence to laws and regulations.

The University may, at is sole discretion and without notice to the individual:

i.
Clear dot
monitor the activity of individuals without notice whenever there is reasonable cause to believe that a law, contract, or any Tufts policy is being violated.
ii.
Clear dot
Utilize the results of any general or individual monitoring in appropriate university disciplinary proceedings or in litigation; and

iii.
Clear dot
disclose the results of any such monitoring, including the contents and records of individual communications, to appropriate University personnel, local, state, or federal law enforcement agencies, and pursuant to legal process (such as a subpoena).
  Clear dot
 
Security and Local Policies/Practices

The University employs various administrative, technical, and physical controls to reduce inherent risks associated with using institutional systems and to safeguard institutional data. However, security cannot be guaranteed solely with centralized controls. School, division, departmental, and individual controls, policies, and practice should establish and maintain appropriate access control and security, including the use of anti-virus software, personal firewalls, secure storage areas for physical media, user accounts, and authorized forms of encryption for institutional data and institutional systems.

Management Controls

Administrative, physical, and technical controls serve to reinforce Tufts’ interpretations of responsible use, verify trust placed in individuals, and limit their authorization to institutional systems and institutional data. Disabling, deliberately circumventing, or probing or testing such controls threatens the entire network of institutional systems, and is a violation of this policy.

When an institutional system has been compromised or may not be operating under appropriate management control—and in order to protect the confidentiality, integrity, or availability of institutional systems, institutional data or to otherwise protect the University—management may temporarily disable, disconnect, or contain any account, device or system, prior to, during, or upon completion of an investigation.

Resource Exhaustion and Disruption of Others

Operation of institutional systems must respect the finite capacity of those systems and limit use so as not to consume an unreasonable amount of systems capacity or to interfere unreasonably with the activity of other users. The University may require users of institutional systems to limit, schedule, coordinate, or refrain from specific uses in order to ensure that adequate resources are available to all users.

Policy Violation

Depending on the circumstances, and in management’s sole discretion, members of the Tufts community who violate this policy may be denied access to institutional data and systems, and may be subject to other penalties and disciplinary action, both within and outside of the University. The University may refer suspected violations of applicable law to appropriate law enforcement agencies.

Review Entities

Information Stewardship Committee
Information Technology Advisory Council
Information Technology Leadership Forum
University Library Council
Institutional Compliance Executive Committee

Approval Date

September 15, 2011
 

Effective Date

September 20, 2011

Executive Sponsor

David Kahle, Vice President for Information Technology and Chief Information Officer
 

Policy Managers

  • University Information Technology
  • Digital Collections and Archives
  • University Counsel

Responsible Offices 

  • University Information Technology
  • Digital Collections and Archives
  • University Counsel

For questions about using electronic institutional systems

For general questions, contact infopolicy@tufts.edu 

Revision

The University reserves the right to change this policy from time to time. Proposed changes will normally be developed by the policy managers with appropriate stakeholders. The review entities have sole authority to approve changes to this policy.

Distribution

http://uit.tufts.edu/?pid=787

Related Policies

blue-brown dot - 12hx23wInformation Stewardship Policy

blue-brown dot - 12hx23wInformation Roles and Responsibilities Policy

blue-brown dot - 12hx23wInformation Classification and Handling Policy

blue-brown dot - 12hx23wEligibility for IT Policy

More Information:
Font Size
Printer-friendly version
 

Tufts Home | Site Map | Site Feedback | Contact University Information Technology
© 2013 Trustees of Tufts College. All rights reserved.

Tufts University