Information Use and Security Policy

Expectations for all members of the university community
The University of Puget Sound has an interest in providing campus telephones and telephone systems, voice mail, campus computers, servers and network systems, and electronic mail primarily to support its academic programs and the administration of the university. This interest implies some responsibilities and constraints for members of the university community. The university provides appropriate access to these systems to all matriculating students, to faculty and staff, to emeritus faculty members, and to those holding special faculty appointments. All members of the university community—students and employees (faculty, staff, and students)—have a general responsibility to use these resources civilly, lawfully, and in accordance with university standards of conduct.  

Inappropriate use of university electronic communication resources (telephones, voice mail, computers, servers, electronic mail, network systems) include but are not limited to: 

• Disseminating confidential or proprietary information to any unauthorized person
• Sharing access to university systems or information with any unauthorized person
• Charging someone for use of the resources assigned to a student or employee
• Harassing, threatening, defaming, or otherwise interfering with the legal rights of others
• Violating standard citation requirements or using/copying copyrighted software or other copyrighted material in violation of the copyright agreement
• Gaining unauthorized access to other systems
• Disrupting service intentionally
• Introducing or knowingly spreading viruses or destructive programs
• Sending chain letters
• Sending unauthorized blanket e-mail messages. Mass e-mail messages must be authorized as follows:
• The Vice President for Student Affairs and Dean of Students authorizes mass e-mail messages directed to students.
• The Vice President for Finance and Administration authorizes mass e-mail messages directed to staff.
• The Academic Vice President and Dean of the University authorizes mass e-mail messages directed to faculty. 
• Consuming inordinately large amounts of system resources knowingly.

Other policy statements that are incorporated by this reference in the Information Use and Security Policy are:

• Academic Honesty Policy
• Campus Policy Prohibiting Harassment & Sexual Misconduct
• Political Activity Policy
• E-mail, Voice-mail and Internet Use Policy
• Privacy and Appropriate Use of Resources Policy
• Solicitation Policy
• Education Records Policy

Security and use objectives and scope for university personnel
The importance of maintaining the integrity of Puget Sound’s information resources cannot be overstated. The university’s objectives in managing information resources properly are (1) to permit effective planning and decision-making, (2) to conduct university business in a timely and effective manner, and (3) most importantly, to insure that confidential data are handled appropriately. Each faculty member, staff member, student staff member and contractor with access to institutional information resources is responsible for knowing and complying with Puget Sound’s information use and security policies. Supervisors and managers are responsible for regularly training the university personnel and contractors in their areas of responsibility regarding the proper application of the information use and security policies.  

Information resources include data maintained by the university, whether centralized or decentralized, regardless of the medium. Information resources media include but are not limited to electronic communication (electronic mail, telephone, voice mail, fax, network communications, etc.) and other university information resources (databases, computer files and directories, written information, spoken information, etc.) 

Confidential information
“Confidential information” includes, without limitation, any information in whatever form that the university considers to be confidential, proprietary information relating to the university. For example, confidential information includes information relating to the university’s databases, inventions, software (including source code and object code), procedures, purchasing, accounting, marketing and marketing plans, employees, students, donors, trustees, licensees, suppliers, financial status, or contracts. Confidential Information includes information developed by university personnel, alone or with others, or entrusted to the university by its students, donors, trustees or others. 

Department heads are responsible for determining and communicating what information is confidential to the university personnel and contractors in their areas of responsibility. Department heads are also responsible for determining who in their areas of responsibility has a need to know confidential information and for authorizing access to those individuals. When department heads grant access to confidential information to university personnel and contractors, both the department head and the individual or company will sign a non-disclosure and confidentiality agreement to insure that university personnel and contractors have a clear understanding of their roles and responsibilities. Users may not establish Internet or other external network connections that could allow unauthorized persons to gain access to the university’s systems and information. Finally, department heads are responsible for ensuring that university personnel and contractors are trained in the proper use of information systems. 

The Office of Information Services (OIS) is responsible for supporting department heads in managing access to data maintained electronically and for standardizing and streamlining account administration across multiple information technology systems. OIS support includes prompting department heads to review users’ access rights regularly to ensure that access rights are consistent with employees’ job responsibilities.   

Sanctions for policy violations
Failure to comply with the university’s information use and security policies may result in the denial of access to campus information services and/or in sanctions as provided in the university Integrity Code, the Faculty Code, or the Staff Policies and Procedures Manual, up to and including termination of employment or permanent expulsion.

Origination Date: 8/2002
Updated: 4/2008