Acceptable Use of Information Resources

The purpose of this policy is to provide high-level guidelines regarding the use of information and computing resources at the University of the Incarnate Word. This policy is in place to ensure that users of university technology resources understand what is acceptable and unacceptable when using information resources provided by the institution. This policy is not, however, an all-inclusive list. Further guidance regarding acceptable use is located in IT standards and procedures, the Employee Handbook, the Faculty Handbook, and the Student Handbook. Guidance from these standards must be observed when using university information resources.

This policy applies to university faculty, staff, administrators, students, including those staying in residence halls, volunteers, contracted employees, and other university affiliates with access to university information resources. In addition to this policy, all users of information and computing resources at UIW are also responsible for adherence to any State or Federal regulations regarding computer use at the university.

Information and computing resources: Terms used interchangeably throughout this document, include but may not be limited to: email, file storage, electronic databases and other digital library information resources, software-as-a-service (SaaS) resources, electronic records, internet access, computers, laptops, tablets, smart phones and the appropriate use of all implemented systems, owned, licensed, or subscribed by the university. Guidance included in the Employee Handbook and the Student Handbook are incorporated by reference in this policy.

Account sharing is prohibited

The sharing of user accounts and/or passwords is strictly prohibited. Account owners are responsible for all activity conducted within their account. Failure to safeguard account information, or engaging in unauthorized account-sharing, may subject the account holder to disciplinary action.

Unauthorized access to network resources is prohibited

Attempting to access, alter, or remove any data without appropriate permission from the data owner is prohibited. The university reserves the right to access data and accounts as necessary to ensure the reliability and security of university information resources.

Commercial use prohibited

UIW information resources are provided for university operational and academic use only. Use of UIW resources for financial gain or commercial purposes is strictly prohibited.

Copyright violations are prohibited

Use of university information resources to share copyrighted materials (files, programs, songs, videos/movies, etc.) without permission of the copyright owner(s), is prohibited. Furthermore, the user may be in violation of copyright laws and the DMCA. When Information Technology discovers or is informed of a copyright violation, Federal Law requires the removal of infringing materials immediately. If IT is unable to remove these materials for any reason, then network access for the offending account or device will be terminated until removal of all infringing material is verified.

Identity theft or forgery is prohibited

Theft, forgery, or other misrepresentation of identity via electronic or any other form of communication is prohibited. Suspected violations of applicable laws will be reported to appropriate authorities.

Physical modification to network resources is prohibited

Do not modify or extend network services and wiring beyond the area of their intended use. This applies to all network wiring, hardware, and jacks. Any student or employee performing unauthorized modification to, or extension of, network services may be held financially responsible for the cost of repairs.

Redirection or masking of services is prohibited

The UIW network may not be used to provide Internet access to anyone outside of the university community for any purpose. UIW-owned or commercially obtained network resources may not be retransmitted outside of the university community. Software or technology designed to hide internet usage (TOR, VPN, anonymizer proxies, etc.) is prohibited, unless a valid business or educational need is approved by the CIO.

Storing UIW data on unauthorized cloud storage sites is prohibited

Data created while conducting university business may not be stored on unapproved external storage services (Google Drive, iCloud, Dropbox, etc.). The Microsoft OneDrive application in UIW's Office 365 environment is the only storage service authorized for storage of university data.

Other prohibited activities

University information resources may not be used to:

• Operate a separate business or organization for profit or non-profit purposes.
• Monitor data on the network using monitoring or "sniffing" software.
• Provide a pass-through site to other campus hosts or provide remote login (e.g. remote desktop) on your computer.
• Engage in any activities generally regarded or construed as "hacking."
• Harass, libel, or slander anyone or engage in fraudulent representations.
• Access, download, post, or transmit material contrary to UIW policies.

Preservation of resources

The university network is a shared resource, and users must respect others' need to use that resource. The university reserves the right to limit the use of individual computing resources at any time when necessary for the benefit of overall network operations or performance. Users or devices using unusually high bandwidth that affects the experience of other users may be disabled or speed limited.

Protection of Multifactor Authentication (MFA) Methods

Any user granted an account is responsible for ensuring that their chosen multifactor authentication methods are always safeguarded from abuse or theft. This includes not approving authenticator push requests when the user is not attempting to access a resource. It also includes not sharing SMS codes with anyone.

Prevent the spread of malware

The security of the UIW network is everyone's responsibility. Computers using the UIW network must include operational anti-virus software. Users must keep Virus Definition Files up to date. The university reserves the right to remove infected or vulnerable computers from the network.

No expectation of privacy

UIW makes every effort to respect the rights of network account holders. However, UIW reserves the right to monitor, intercept, block, or access data transmitted over the university network or, processed or stored on university resources as needed to ensure the reliability and security of UIW information resources. Therefore, we cannot and do not guarantee that users' e-mail or other network activity will be private, and users do not have an expectation of privacy.

University-owned devices for remote work

Any University-owned computing equipment must be safeguarded as if it were in an on-campus office. The following is a non-exhaustive list outlining the responsibilities of users while performing remote work:

• The screen will remain locked when the user is away from the computer.
• Security mechanisms may not be disabled or bypassed.
• University-owned computers are not to be used as personal/family computers.
• Any loss or theft of computing equipment will be reported to UPD and the UIW help desk immediately.
• UIW IT staff will not be responsible for moving equipment between campus and home.
• UIW IT staff will not go to an employee's home office for support. The employee will bring any malfunctioning device to the help desk for assistance.
• The user is required to bring any device back to campus upon request for maintenance, inventory, etc.

Personal computing equipment for remote work

In situations where a university-owned computer is unavailable for remote work, employees are required to ensure their personal devices comply with the following:

• Up-to-date antivirus software must be installed on the computer with current anti-virus definitions.
• Any university data downloaded to or created on the computer must be removed from the computer as soon as work on that data is complete.
• University data must be protected from inadvertent access by other users of the computer or device.
• University credentials may not be stored on any computer/browser in a session where another user can access them.
• All university applications (Cardinal Apps, Banner, Canvas, etc.) must be completely logged out of at the conclusion of each work period.
• The university help desk and technicians will not repair or troubleshoot personal computing equipment

Unauthorized Uses

Notwithstanding references made elsewhere in this policy to the personal use of UIW computing resources, UIW email account holders are not permitted to use UIW's e-mail resources for personal commercial or business activities, personal charitable endeavors, illegal political or other activities, to send or forward chain mail, or for any other purpose or activity prohibited by UIW policies or civil law, unless authorized in writing by the Vice President for Information Resources.

User Identity

Misrepresenting, obscuring, suppressing, or replacing a user's identity on an e-mail system is forbidden. The username, e-mail address, organizational affiliation, and related information included with e-mail or postings must reflect the actual originator of the mail or postings.

Email Etiquette

The university email system will be used in a professional manner, befitting a member of the university. Users will not engage in fraudulent, harassing, obscene, indecent, profane, intimidating, or unlawful communications using this system.

All users of the campus email system will ensure that communications are professional in tone and free of harassing language.

Email Signatures

Email signatures on UIW electronic communications should be professional in nature and must remain neutral, and should contain only the elements needed to identify the sender properly. Stationary use, custom non-UIW graphics, secondary businesses or roles, or the use of personal "taglines" that quote a philosopher, religious text; use a "phrase of the day" or make any philosophical or political statement are prohibited. Signature elements should only include the following items:

• <employee name>
• <employee job title>
• University of the Incarnate Word
• 4301 Broadway , CPO XXX
• San Antonio, Texas 78209
• Telephone 210-XXX-XXXX
• XXXX@uiwtx.edu

E-mail Purging and Archival

Emails will be retained in the university email system according to compliance requirements and the business needs of the university. Users may not "archive" email locally on their computers (i.e. in .pst files) and must instead use the archive function available in Office 365. Users must move any email that they wish to keep beyond the automated retention period to the Office365 Archive folder. The retention periods established by the Information Technology department are defined in the Email Retention and Management Standard.

Email Forwarding

Users are not authorized to auto-forward or otherwise automatically redirect their university email to accounts outside of the university mail system.

Use of Personal Email

University business may not be conducted using personal email accounts. The only authorized mechanism for conducting business is the university email system.

Duty to Protect

The security of university email resources is the responsibility of every user. Users will be cautious when clicking links in email or when sending information over the email system.

Personal Information

The university email system may not be used to transfer sensitive information. This includes, but is not limited to:

• Social Security Numbers
• Financial Information
• Health Information
• University Confidential Information

Inclusion of these information types in email may cause the system to reject the email.

The UIW website is a key resource with significant influence over multiple audiences and provides global access to all aspects of the University. As a campus community, we must maintain uiw.edu and all its subsites according to best practices and at the highest standard possible. Students, faculty, and staff are responsible for the content of the documents they publish. They are also required to abide by all university policies regarding appropriate use of information and computing resources, including the following:

• Information, graphics, and other materials are covered by and subject to all current copyright laws. If permission to display text, graphics, sound, video, etc. that are owned by someone else has not been granted, do not publish it.
• Information presented on the website will be factually accurate and as current as possible. For assistance, please contact the Office of Communications and Brand Marketing.
• UIW follows Section 508 and the Web Content Accessibility Guidelines (WCAG 2.0) produced by the World Wide Web Consortium (W3C). Content for the web must follow 508C compliance guidelines. Each page will be validated and will not be published until compliant. All content must be optimized for all reasonable consumption situations, i.e. tablets, smartphones, mobile devices, modern browsers, and various connectivity speeds.
• All information must be free of inflammatory, derogatory, or offensive text, images, or sounds that exceed the bounds of the academic freedom of faculty.
• All sites hosted on a uiw.edu server are operated and owned by University of the Incarnate Word and should be created and managed, with limited exceptions, through the university's Content Management System. Contracting with third-party design firms, individuals, or web hosts to design a website or host or page is not allowed.
• Any site affiliated with University of the Incarnate Word must be approved by Web Services and the Office of Communications and Brand Marketing. Contracting with third-party design firms, individuals, or web hosts to design a website or host or page is not allowed.
• Use of any UIW-sponsored web site for commercial and/or personal gain is prohibited.

Sanctions

Failure to comply with any of the above guidance or rules may result in termination of network services, loss of computing resource privileges, prosecution by the university, other disciplinary procedures, and/or civil and/or criminal prosecution. The Information Resources Division reserves the right to terminate any network connection without notice should it be determined that network traffic generated from said connection drastically inhibits or interferes with the use of the network by others. Depending on the circumstances, the university reserves the right not to indemnify you in the event of a claim or lawsuit by a third party related to the matters described in this policy.

Enforcement provisions

Violations of these rules are subject to the investigative and disciplinary procedures of the university with the appropriate representatives of the Information Resources Division acting in an advisory role. Complaints against students will be forwarded to and handled by the Director of Judicial Affairs. Complaints against faculty, staff, and university affiliates are forwarded to and handled by the Office of Human Resources.

Limitations of privileges pending administrative or judicial process

In some cases, the university must act more immediately to protect its interests and resources, or the rights and safety of others. The Vice President of Information Resources (or his/her authorized representative) has the authority to suspend or limit account privileges and access to resources in those situations. When services have been suspended in this way, the Vice President for Information Resources shall notify the appropriate office, which will handle the complaint and attempt to notify the network account holder or computer owner. Account suspension, or removal from the network is typically temporary while the complaint is handled through the normal investigative and disciplinary procedures of the university.

Discipline for Violations

Failure to abide by this policy may result in disciplinary action, up to and including termination or being asked to leave the institution. The university investigates and responds to all reported concerns about the responsible use of information resources.