- UTA information resources are provided for the express purpose of conducting the business and mission of the University.
- UTA information resources must not be used to: engage in acts against the mission and purposes of the University, intimidate or harass, degrade performance, deprive access to a University resource, obtain extra resources beyond those allocated, or to circumvent computer security measures.
- UTA Information resources must not be used to conduct a personal business or used for the exclusive benefit of individuals or organizations that are not part of The University of Texas System. Any exceptions must be in support of the University mission and require the prior written approval of an Executive Officer of UTA.
- Obscene materials must not be intentionally accessed, created, stored or transmitted other than in the course of academic research where this aspect of the research has the explicit written approval of an Executive Officer of UTA.
- Faculty, staff, and students must not copy or reproduce any licensed software except as expressly permitted by the software license, use unauthorized copies on University-owned computers or use software known to cause problems on University-owned computers.
- Data will be accessed on a need to know basis. Faculty, staff, students, contractors, guests, or others users of UTA information systems must not attempt to access data or programs contained on systems for which they do not have authorization or consent.
- All critical University data (electronic files) will be saved on network servers to ensure backup of the data. All data, including research data, should be backed up for disaster recovery reasons.
- All records (electronic or paper) will be maintained in accordance with the UTA Records Retention Policy.
- All computers connecting to the UTA network must run current and authorized virus prevention software. Virus protection software must not be disabled or bypassed except as required by the temporary installation of software or for other special circumstance. Computers found to be infected with a virus or other malicious code will be disconnected from the UTA network until deemed safe by UTA.
- Users are encouraged to use email for university related activities and to facilitate the efficient exchange of useful information. Access to email is a privilege and certain responsibilities accompany that privilege. Users of email are expected to be ethical and responsible in their actions.
- Users may engage in political lobbying, campaigning and other activities only as permitted by the Regents; Rules and Regulations and not with the use of State resources.
- Users may not pose as anyone else or read another's email, except when properly authorized to do so or as authorized by policy for investigation, or as necessary to maintain services.
- Users are expected to make efficient use of information resources, especially avoiding wasteful and disruptive activities such as sending or forwarding: chain letters, unsolicited messages, excessively large messages and/or attachments and email that is likely to contain computer viruses or other inappropriate content except as required to conduct official university business.
- Users may not use any email software that poses a significant security risk to other users on the UTA network.
- Delivery of email is guaranteed only to official UTA systems.
|Confidential or Protected Information
- All confidential or protected health or student information transmitted over external networks or saved on University servers must be encrypted in accordance with all applicable encryption guidelines. This information must not be sent or forwarded through non-University email accounts provided by other Internet Service Providers, and must not be knowingly transmitted via wireless to or from a portable computing device unless approved wireless transmission protocols and security techniques are utilized.
|Incidental Use of Information Resources
- Incidental personal use of electronic mail and Internet access is permitted by University policy but is restricted to employees (it does not extend to family members or other acquaintances). It must not interfere with normal performance of an employees duties, must not result in direct costs to UTA, and must not expose the University to unnecessary risks.
- Storage of any non-work related email messages; voice messages, files and documents within the UTA email system must be nominal (less than 5% of a User"s allocated mailbox space).
- Non-work related information may not be stored on network file servers.
- All messages, files and documents stored on UTA computing resources - including personal messages, files and documents - are owned by the institution in accordance with the Regents; Rules and Regulations and are subject to UTA review.
- Any files, messages or documents residing on UTA computers may be subject to public information requests and may be accessed in accordance with this policy. Therefore, a University email account should not be used by any user for email correspondence that is confidential in nature.
- Software for browsing the Internet is provided to authorized users for business, education, research, and patient care purposes.
- Due to network maintenance and performance monitoring and to ensure compliance with applicable laws and policies, all user activity may be subject to logging and review.
- Email or postings by employees, students, or other users of UTA network resources to news groups, chat rooms or Listservs must not give the impression that they are representing, giving opinions, or making statements on behalf of UTA, unless authorized. Faculty and staff members should use a disclaimer stating that the opinions expressed are their own and not necessarily those of UTA.
- Personal commercial advertising must not be posted on UTA web sites.
|Portable and Remote
- All computers and portable-computing devices using UTA information resources must be password protected using the strong password standard adopted by UTA. At a minimum, such passwords are to be changed at least annually, or immediately if there is suspicion that the password has been compromised.
- Employees accessing the UTA network from a remote computer must adhere to all policies that apply to access from within the local campus network. Remote computers are subject to the same rules and security related requirements that apply to University-owned computers.
- Unattended portable computing devices must be physically secure. If it is determined that required security related software is not installed on a remote computer or that a remote computer has a virus, is party to a cyber attack or in some way endangers the security of the UTA, the account and/or network connection will be disabled. Access will be re-established once the computer or device is determined to be safe by UTA.
- Users must not divulge UTA, dialup or modem phone numbers to anyone.
- If critical UTA data is stored on portable computing devices it must be backed up to a network server for recovery in the event of a disaster or loss of information.
- Special care should be taken to protect information stored on laptops and PDA devices, and in protecting such devices from theft.
|Decentralized Technical Resources
- To provide specialized capabilities and services quickly and conveniently, some technical resources at UTA may be operated and maintained by individual colleges or departments.
- Decentralized technical resources may be connected to the university network if they are administered by qualified technical staff and if they adhere to established policies, procedures, standards and guidelines.
- Faculty, staff and students who are designated administrators of decentralized technical resources are responsible for maintaining the appropriate security environment on their systems, including but not limited to current virus scanning software, operating system security updates and appropriate data encryption.
- To protect UTA information resources, decentralized systems will be disconnected from the university network if a threat is posed from that system. The offending system may be reconnected once the threat has been addressed appropriately.
- Every UTA computer/network account, password, any personal identification number (PIN), digital certificate, security token (i.e. Smartcard), or any other similar information or device used for identification and authorization purposes must not be shared. Each user of UTA resources is responsible for all activities conducted using his or her account(s).
- Digital certificate passwords used for digital signatures must never be divulged to anyone.
- Users must not circumvent password entry through use of auto logon, application remember password features, embedded scripts or hard-coded passwords in client software. Exceptions may be made for specific applications (like automated backup) with the approval of the UTA, Information Security Officer (ISO). Any exception situation must include a procedure to change the passwords and must adhere to security policies for password construction. (For more information, see the University"s Password Guidelines.)
- Security programs or utilities that reveal or exploit weaknesses in the security of a system or that reveal data by circumventing established authorization procedures and systems should not be downloaded and/or used, except as authorized by UTA. For example, password cracking programs, packet sniffers, or port scanners on University information resources shall not be used. Users must report any identified weaknesses in UTA computer security and any incidents of possible misuse or violation of this agreement to an immediate supervisor, department head, or the UTA.
- Where technically feasible, all PCs, laptops, personal digital appliance (PDA) devices and workstations should be secured with a password-protected screensaver with the automatic activation feature set at 10 minutes or less to prevent unauthorized access to the device.