...
All devices on campus networks, both University and personally owned, must comply with the University at Albany’s Connecting Devices to the University Network policy and standards documents. The use of any equipment or services that may limit access or performance for others may be restricted or prohibited. Any servers residing on the campus network must comply with Standards for Connecting and Administering Servers to the University Network.
Scope
This policy applies to all users of campus computing and network resources, including but not limited to, all students, faculty and staff, campus affiliates and University guests.
...
Access to campus IT resources is based on the principle of least privilege; people are granted access to electronic assets based on their current role at the University. Any time an individual’s role changes, their access to campus IT resources must be reviewed and updated accordingly. See the University’s Identity Access and Management Policy for more information about computing accounts and access.
...
University employees with network access to institutional data have responsibilities to safeguard and protect such data, particularly that information which is governed by law, policy or regulation. This includes, but is not limited to, personally identifiable information and educational, personnel, health and financial records. All employees with access to institutional data are expected to read, sign and act in accordance with the University’s Access Compliance Agreement. Employees may be subject to additional job-specific requirements to protect institutional data as part of their routine responsibilities.
...
In the normal course of system maintenance, campus IT staff may have access to others’ electronic files. Staff are required to maintain the confidentiality and privacy of information in such files unless required by law or University policy to disclose it. See specifically the section on the University’s Access Compliance Agreement.
Security
All members of the University community assume responsibility for ensuring that campus IT resources and information assets are handled in a manner consistent with the University’s Information Security Policy and Information Security Domains, Supporting Protocols, Standards, and Procedures.
...
Campus IT resources are intended for academic and business purposes consistent with the University’s mission. However, the University recognizes and acknowledges that incidental use of such resources may occur. Occasional, incidental use unrelated to the University’s mission, such as personal email or document storage, is acceptable provided that:
The University doesn’t incur more than minimal costs
The use does not interfere with official business
It does not result in personal financial gain
It is not in violation of any security/access rules
Protecting the University Network and Technology Infrastructure
...
While the University does not monitor the content of individual usage except under the limited circumstances outlined below, the normal operation and maintenance of computing resources require the backup and caching of data and communications, the logging of system activity, the scanning of systems and network ports for anomalies and vulnerabilities, and other such activities for the provision of service. If anomalies or unusual activity are identified in the course of monitoring aggregate network traffic, measures will be taken to protect the confidentiality, integrity and availability of IT resources. The University reserves the right to take any of the following actions if such anomalies or unusual activity is identified:
Access computer systems and networks, including individual login sessions
Limit or remove an individual’s access to campus IT resources
Limit or remove devices from the University network
In the event that the content of individual usage is in need of review, ITS shall consult with the Office of General Counsel and the appropriate campus authorities to ascertain whether such monitoring is necessary and, if so, determine the scope of content which may be viewed. Such examinations are conducted by technical staff in the presence of the vice president or designee(s) of the division requesting access and are limited to those items specified by the scope of review. When possible, efforts will be made to notify individuals prior to reviewing the content of electronic files. However, the University may also monitor individual usage without prior notice under the following limited circumstances:
...
SUNY Policies of the Board of Trustees
SUNY 5603 Use of Facilities by Non-Commercial Organizations
Community Rights and Responsibilities
Identity Access and Management Policy
Information Security Policy
Information Security Domains, Supporting Protocols, Standards, and Procedures
Access to Electronic Records Held in Accounts Subsequent to Termination, Departure or Death
Internet Privacy Policy
Connecting devices to the University Network
Standards for Connecting Devices to the University Network
Standards for Connecting and Administering Servers to the University Network
Class B Domain Space Standards
Wireless Standards
Email as an Official Means of Communication with Students
Info |
---|
Adopted: December 2000 |
Include Page | ||||
---|---|---|---|---|
|