Board of Regents Policy IT Policy - Acceptable Use IT-001

To adhere to the Acceptable and Responsible Use policy, users of CSCU IT resources must:

• Use resources solely for legitimate and authorized administrative and academic purposes.

• Ensure that any personal use of CSCU IT resources be limited and have no detrimental impact on institution operations, job performance or CSCU IT resources.

• Protect their User ID and IT resources from unauthorized use. Users are responsible for all activities on their User ID or that originate from IT resources under their control.

• Access only information that is their own or is publicly available or to which authorized access has been given.

• Use only legal versions of copyrighted software in compliance with vendor license requirements.

• Use shared resources appropriately. (e.g. refrain from monopolizing systems, overloading networks with excessive data, degrading services, or wasting computer time, connect time, disk space, printer paper, manuals, or other resources).

To adhere to Acceptable and Responsible Use policy, users of CSCU IT resources must NOT:

• Use CSCU IT resources to violate any CSCU policy or state or federal law.

• Use another person's credentials, User ID, or password to access resources.

• Use another person’s files or data without permission.

• Gain unauthorized access or breach any security measure including decoding passwords or accessing control information, or attempt to do any of the above.

• Engage in any activity that might be harmful to IT resources or to any information stored thereon, such as creating or propagating viruses, disrupting services, damaging files or making unauthorized modifications to computer data.

• Make or use illegal copies of copyrighted materials or software, store such copies on CSCU IT resources, or transmit them over CSCU networks.

• Harass or intimidate others or interfere with the ability of others to conduct CSCU business.

• Directly or indirectly cause strain on IT resources such as downloading large files, unless prior authorization from the appropriate CSCU authority as determined by the institution is given.

• Use CSCU IT resources for unauthorized purposes which may include, but are not limited to, the conduct of a private business enterprise, monetary gain, commercial, religious or political purposes.

• Engage in any other activity that does not comply with the general principles presented above.

There is no expectation of privacy in the use of CSCU IT resources. CSCU reserves the right to inspect, monitor and disclose all IT resources including files, data, programs and electronic communications records without the consent of the holder of such records. Please see the State of CT Electronic Monitoring Notice. However, this section of the policy shall not apply to research on human subjects provided the research is approved by an Institutional Review Board of an accredited institution of higher education and the CSCU staff member is in good standing with their respective institution. CSCU Faculty are solely responsible for notifying the CSCU CIO when they conduct research that qualifies for this exemption.

Each CSCU institution shall incorporate the Acceptable and Responsible Use Policy as part of the terms and conditions for issuing institution computer network accounts. Each CSCU institution shall have all full-time and part-time employees, including student employees, acknowledge that they have read and understand the Acceptable Use Policy. Each CSCU institution shall make the Acceptable Use Policy accessible to all employees and students.

Violations of CSCU Acceptable and Responsible Use policy may result in appropriate disciplinary measures in accordance with local, state, and federal laws, as well as CSCU Policies, general rules of conduct for all college and university employees, applicable collective bargaining agreements, and CSCU student conduct codes.

For purposes of protecting the CSCU network and information technology resources, the BOR Information Security Program Office, in conjunction with college/university IT department, may temporarily remove or block any system, device, or person from the CSCU network that is reasonably suspected of violating CSCU information technology policy. These non-punitive measures will be taken to maintain business continuity and information security; users of the college/university information technology resources will be contacted for resolution.

CSCU recognizes that some portions of the Acceptable and Responsible Use of Information Technology Resources Policy may have to be bypassed from time-to-time because of technical or business reasons.

Accordingly, exceptions may be made provided:

1. The need for the exception is legitimate and approved by the BOR CIO or designee.

2. The exception does not disrupt or compromise other portions of the CSCU service delivery capability.

3. The implementation of the exception is vetted through the Change Management Process.

4. The BOR Information Security Program Office, in conjunction with college/university IT department, is able to establish a monitoring function to assess the operations of the implementation exception.

5. The exception has a defined lifecycle, in that the "retirement" of the exception is scheduled (e.g., "when Release 4.9 is implemented," "at contract termination," etc.)

To request an exception, please submit the Information Security Exception request to SecProg@ct.edu 

• The requestor and BOR Information Security Program Office will define the approved alternative configuration if different than the original proposal of the requestor.

• The exception process is NOT an alternative to the Change Control Management process.

CSCU disclaims any responsibility for and does not warrant information and materials residing on non-CSCU systems or available over publicly accessible networks. Such materials do not necessarily reflect the attitudes, opinions or values of CSCU, its faculty, staff or students.