information security: acceptable use policy

I-1 Acceptable Use Policy (AUP)

Case Western Reserve University
Acceptable Use of Computing and Information Technology Resources

Version 2.0
Last Revision Date: February 6, 2009
Approval Date: March 6, 2009
Approval Authority ITSPAC

Purpose

The purpose of this policy is to outline the acceptable uses of computing and information technology resources for the Case Western Reserve University community. This policy outlines the standards for acceptable use of University computing and information technology resources that include, but are not limited to, equipment, software, networks, data, and telecommunications equipment whether owned, leased, or otherwise provided by Case. This policy is intended to reflect the University's commitment to the principles, goals, and ideals described in the Case Vision Statement and to its core values.

Coordination with Other Policies and Law

Users of information technology resources at Case Western Reserve University are subject to applicable federal, state, and local laws, applicable contracts and licenses, and other university policies, including those for Human Resources, and those contained in the faculty and student handbooks, and notably those policies governing copyright and intellectual property compliance. Users are responsible for ascertaining, understanding, and compliance with the laws, rules, policies, contracts and licenses applicable to their particular uses. Any case of policy conflicts will be addressed by the policy review process.

Access to and Expectations of Persons Using Information Technology Resources

It is the policy of Case to maintain access for its community to local, national and international sources of electronic information sources in order to provide an atmosphere that encourages the free exchange of ideas and sharing of information. Case maintains a variety of information technologies for use as resources for people, catalysts for learning, and increased access to technology and an enriched quality of learning. Access to this environment and the University's information technology resources is a privilege and must be treated with high ethical and legal standards.

Preserving the access to information resources is a community effort that requires each member to act responsibly and guard against abuses. Therefore, both the Case community as a whole and each individual user have an obligation to abide by the following standards of acceptable and ethical use:

  • Use only those computing and information technology resources and data for which you have authorization and only in the manner and to the extent authorized.
  • Use computing and information technology resources only for their intended purpose.
  • Protect the confidentiality, availability, and integrity of computing and information technology resources, including data.
  • Abide by applicable laws and University policies and all applicable contracts and licenses and respect the copyright and intellectual property rights of others, including the legal use of copyrighted material.
  • Respect the finite capacity of resources and limit use so as not to consume an unreasonable amount of resources or to interfere unreasonably with the activity of others.
  • Respect the privacy and personal rights of others.

Access to Case information technology and computing resources is a privilege granted to students, faculty and staff of Case. The University extends access privileges to individual users of the University's information technology and computing resources. The extension of these privileges is predicated on the user's acceptance of and adherence to the corresponding user responsibilities detailed in this policy and addendum. The University reserves the rights to limit, restrict, or extend access to information technology resources.

Applicability

This policy applies to all users of Case computing and information technology resources including faculty, staff, students, alumni, guests, external individuals or organizations and individuals accessing external network services, such as the Internet via University facilities.

The Vice President for Information Technology Services/CIO will determine operational policies, networking standards and procedures to implement the principles outlined in this policy. ITS has the right to protect shared information technology services.

Uses

In general, the Case community shall use University information technology resources (which include privately-owned computers connected to the University network) in connection with the University's core teaching, research, and service missions. Uses that do not significantly consume resources or interfere with other users also are acceptable, but may be restricted by Information Technology Services. Under no circumstances shall members of the University community or others use University information technology resources in ways that are illegal, that threaten the University's tax-exempt or other status, or that interfere with reasonable use by other members of the University community. Any use of University information technology resources, including network infrastructure, for commercial purposes is prohibited.

Sanctions for Violations

Failure to comply with the appropriate use of computing and information technology resources threatens the atmosphere for the sharing of information, the free exchange of ideas and the secure environment for creating and maintaining information property and subjects one to disciplinary action. Any member of the Case community found using computing and information technology resources in violation of this policy may be denied access to university computing resources and may be subject to disciplinary action, both outside and within the university, including, without limitation, suspension of system privileges, expulsion from school, termination of employment and/or legal action as may be appropriate.

Privacy and Security

There is no inherent expectation of privacy for information stored on Case information technology resources, except as provided by federal and state law and other university policy. Every effort will be made to maintain individual privacy, but the university will not be liable for the failure of these privacy efforts. While the university does not routinely monitor individual usage of its computing resources, the normal operation and maintenance of the university's computing resources require the backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns, the scanning of systems and network ports for anomalies and vulnerabilities, and other such activities that are necessary for the rendition of service.

Review of the Policy

This policy may be assessed from time to time to reflect substantive change as a result of changes to the Case information technology resources and/or changes in legal statutes that impact information technology resources, copyright, or other intellectual property issues. The Vice President for Information Technology Services is responsible for determining when the policy needs to be reviewed and the process for review and revision.

Acceptable Use Policy FAQ

© 2013 Case Western Reserve University
Cleveland, OH 44106
216.368.2000
 
Information Technology Services
(legal notice)
 
Contact website owner
 
Contact our service desk
CWRU ITS Social Networks
Translate this page

Share |