Acceptable Use of Computing and Information Technology Resources
Approved by the Chancellor's Cabinet
OIT is responsible to the Chancellor, all members of the University of Wisconsin-Platteville community, the UW System Board of Regents and the citizens of the State of Wisconsin for the appropriate use of all Computing and Information Technology Resources which reside on the campus and/or are connected by any means to the campus computing network. Therefore, this policy outlines the guidelines we have developed for acceptable use of Computing and Information Technology Resources.
II. SCOPE OF APPLICATION
This policy applies to all students and employees of the University of Wisconsin-Platteville and to all other persons who may legally or illegally use or attempt to use a computing and information technology resource which is on the campus and/or connected by any means to the campus computing network.
III. PURPOSE OF COMPUTING AND INFORMATION TECHNOLOGY RESOURCES
Computing and Information Technology Resources are provided at the University of Wisconsin - Platteville in support of the University's mission, and they are considered strategic resources in providing higher education both on and off campus. The mission statement of this campus is shown in Exhibit 1 which is attached to and a part of this policy statement. Section UWS 21.01 of the Wisconsin Administrative Code, dealing with the use of university facilities also sets forth principles applying to computer use and technology at the university. All members of the university community are required to use these resources in accordance with the policies described in this document, and in the spirit of the mission statement and administrative rules concerning use of university facilities.
IV. ACADEMIC FREEDOM
Free expression of ideas and pursuit of knowledge is considered central to the academic process of this campus. OIT will use this policy to ensure that learning, teaching, research, public service, exploration and experimentation are protected as basic elements of our computing and information technology environment.
The following principles and procedures will guide the campus in protecting this academic freedom.
- OIT does not access or review in any way the email and/or data in any individual or university accounts unless the owner of the account has requested OIT assistance, in writing, to solve a technical or misuse problem.
- OIT monitors network and computing loads to protect the campus from worms, viruses, break-ins (unauthorized entry) and electronic failures. OIT will actively pursue anyone suspected of knowingly disrupting access to university computing resources, or misusing university computing resources. OIT will exercise due diligence in protecting the computing environment, and we will stay alert for risks, weak points and potential violations as outlined in this paragraph.
- Violations of this policy may be found in two ways:
- An individual who feels harmed by a violation of this policy may report the violation to the Assistant Vice Chancellor for Information Services. The Assistant Vice Chancellor for Information Services is then responsible to pursue the violation through existing university policies, procedures, channels and organization structure. Every effort will be made to protect the privacy of the individual making such a report or inquiry.
- All university employees responsible for IT support must report policy violations which they may discover in the course of executing their normal duties. For example, Section V of this policy prohibits the use of illegal software on equipment owned by the university. If an employee is working on a university computing system and discovers illegal software on that computing system, this employee is required to report the violation to his or her supervisor.
- For alleged violations of this policy, the Assistant Vice Chancellor for Information Services or his or her designee will make every effort to resolve the problem by contacting the individual thought to be in violation. If the violation is of a serious nature it will be referred directly to the Office of Student Affairs or the employee's supervisor for action.
- Existing policy and organization structure will be used to achieve compliance and guarantee the right of appeal when item #1 above fails. Specifically:
- If an alleged violation involving a student can not be resolved, the matter will be referred to the Office of Student Affairs for possible action under Chapter UWS 17 - Student Non Academic Disciplinary Procedures.
- If an alleged violation involving a faculty or staff member can not be resolved, the matter will be referred to the person's supervisor or appropriate authority.
- OIT will not remove any information from individual accounts or from electronic bulletin boards maintained in individual accounts unless it is determined that:
- The presence of the information in the account or on the bulletin board involves illegality (e.g., copyrighted material which has not been authorized, software used in violation of a license agreement).
- The information in some way endangers computing and information technology resources, or the information of others (e.g., a computer virus, worm or other destructive device or program).
- The information is determined to be damaging to the university and/or an individual, unrelated to or inconsistent with the mission of the university (See Exhibit 1); or is otherwise not in compliance with the legal and ethical usage responsibilities outlined in Federal, State, UW System and University policies.
- OIT will remove from campus computer systems and networks, any information as defined in #3 above. Such action will not be taken until the Assistant Vice Chancellor for Information Services has reviewed the matter and determined that such action is required to protect the University and its user community. Users whose information is removed will be notified of the removal as soon as possible. Users may appeal any such action by contacting the Assistant Vice Chancellor for Information Services. If the matter is not resolved at this point, all existing channels and organization structures are available to protect the rights of the individual who disagrees with the action.
V. PROPERTY RIGHTS
Computing and Information Technology Resources are the property of the University. Rules prohibiting misuse, theft, or vandalism apply to all software, data and to physical equipment. This includes University owned data, as well as data stored on University computing resources by individuals.
Software is protected by US Copyright laws, and all copying of software and data must be consistent with appropriate copyright and privacy laws.
Conduct which violates these property rights is subject to University disciplinary action, including but not limited to revoking access privileges. This conduct includes, but is not limited to the following:
- Violating copyright laws. Software is never to be copied except as specifically authorized in writing by the license document from the owner, vendor. OIT Policy #1, Campus Software Legality and Responsibility, outlines legal requirements for software use on the campus.
- Copying University owned or licensed software or data to another computer system for personal or external use without prior approval by the owner.
- Attempting to modify University owned or licensed software or data without prior approval by the owner.
- Attempting to damage, disrupt or impede the operation of computing and information technology resources equipment; data, voice and video communications equipment; or data, voice and video communications lines.
- Using University computing and information technology resources for purposes other than those intended by the University body granting access to those resources; especially using them for personal financial gain or allowing access to them by unauthorized persons even if they are members of the University community. For faculty, academic staff, and administrators at the university, use of these resources that may involve financial gain may be governed by Section UWS 8.03 (and related definitions in UWS 8.02), Wisconsin Administrative Code.
- Using any portion of University computing and information technology resources to access non-University computing and information resources for the purpose of:
- Copying privately owned or licensed software or data without prior approval by the owner or in violation of copyright laws.
- Modifying privately owned or licensed software or data without prior approval by the owner.
- Attempting to damage or to disrupt the operation of computing equipment, data communications equipment, or data communications lines.
In general, it is assumed that information stored on campus computing facilities and moving across data networks is confidential, whether protected by the computer system or data network or not, unless the owner intentionally makes the information available to other users. This includes data owned by the University as well as data stored on University computing resources by individuals. Confidentiality and privacy are of paramount importance, and conduct which involves the use of University computer resources or data networks to violate another's rights is subject to University disciplinary action. This conduct includes, but is not limited to the following:
- Accessing data belonging to an individual or the University without authorization by that individual account owner or department, even if the individual or department inadvertently allows access to such information. For example, if a person fails to logoff their computer system and another individual comes behind them and uses the account that was accidentally left open, this policy has been violated by the second person. In this situation, the person finding the open account should report it to OIT so the unit can be safely logged out.
- Copying software or data without the permission of the owner, even if it is readily accessible.
- Knowingly accepting or using software or data which has been obtained by illegal means or by methods violating University policy.
VII. ACCESSIBILITY AND APPROPRIATE USE
Some of the University's computing systems require that each user have unique identification, usually through a username and password combination. This identification is used to grant access to software and data, provide ownership and security of software and data, and to provide identification in system activities (e.g. electronic mail).
Conduct which involves misuse of computer identities is subject to University disciplinary action including but not limited to revoking access privileges. This conduct includes, but is not limited to the following:
University computing systems and data networks are expected to be used in accordance with the University's mission and the rules and policies on the use of university facilities. University computing resources are intended for the use of students, employees, and other authorized persons. Conduct which involves the misuse of computer facilities and data networks is subject to University disciplinary action. This conduct includes, but is not limited to the following:
- Allowing another person the use of your computer identification (password). Computer accounts are to be used only by the person to whom they are issued. Individual User Account passwords may not be shared in any way. They must remain private to the individual user, and they must be carefully safeguarded by that user and by OIT to ensure privacy. The individual to whom the user account is assigned by OIT is the only person who may use that account. Group accounts for classroom and research purposes are available from OIT.
- Using another individuals computer identification, even if the individual has neglected to safeguard it.
- Breaking into any user account or data file to which the person has not been granted specific and authorized access by OIT.
The University's computing environment includes a campus wide network connecting various network and computing facilities at UW-Platteville, as well as connections to regional, national, and international computing networks. Data on networks is considered to be private, and attempts to intercept or disrupt traffic on the networks (campus and non-campus) is subject to University disciplinary action.
- Abusing or harassing another person (user or non-user) through electronic means.
- Using the University's computing facilities in the commission of a crime.
- Distributing unsolicited chain letters.
- Destroying or damaging equipment, software, or data that belongs to the University or other users.
- Disrupting or unauthorized monitoring of electronic communications.
- Using computers and/or network facilities in ways that impede the computing activities of others. For example, in a student laboratory setting, an individual who attempts to use several computing stations at the same time is preventing other students from reasonable use of the computing lab.
Campus networks and network services are maintained and monitored by OIT and/or by authorized University departments. "Monitored" in this case means electronic analysis of network and computing traffic loads to prevent failure of the computing environment and to ensure security. Use of these networks is expected to be consistent with the University mission (see Exhibit 1).
All devices connected to any part of the campus network must be approved by OIT. All network servers must be authorized by the Office of Information Technology (for example, Gopher, Anonymous FTP, FSP, HTTP, NetBUI, IPX, etc). All network addresses and node names are assigned by OIT. All information, data and software housed on servers must be consistent with the University mission, and be in compliance with appropriate local, state, and federal statutes.
Conduct which involves misuse of data networks is subject to University disciplinary action, including but not limited to revoking access privileges. This conduct includes, but is not limited to the following:
- Electronic monitoring of the network for the purpose of examining data other than that destined for the user.
- Violating the usage policies and regulations of the networks that the University of Wisconsin-Platteville is a member of or has authority to use.
- Disrupting campus data networks or of networks that the University is a member of or has authority to use.
- Connecting unauthorized devices to the campus network.
- Operating an unauthorized network server or network service. Examples include, but are not limited to: Gopher, Anonymous FTP, FSP, HTTP, NetBUI, IPX.
- Storing or making available information, data, or software that is inconsistent with the mission of the University, or is otherwise not in compliance with local, state or federal laws.
VIII. STATE AND NATIONAL LAWS
Conduct in violation of University policies may be subject to criminal or civil legal action in addition to University disciplinary action. Also, conduct not explicitly listed in University policies with respect to the use of University computing resources, but in violation of local, state, or federal laws is prohibited and may result in University disciplinary action in addition to criminal or civil legal action.
Originally approved, September 15, 1995 : Robert G. Culbertson, Chancellor
Revision approved, April 21, 1998: Chancellor's Cabinet
EXHIBIT I --- MISSION STATEMENT
Select Mission of the University of Wisconsin-Platteville
EXHIBIT II --- DEFINITION OF TERMS
I. Computing and Information Technology Resources ---- This includes, but is not limited to, the following:
II. Data --- This includes, but is not limited to, the following:
- All University-Owned computers, printers, plotters, scanners, terminals, servers, bridges, repeaters, network cables and connectors, conduit and conduit systems, manholes, air conditioning systems which support computer systems, uninterruptable power supply systems (UPS), disk drives, tape drives, video projection devices, TV monitors of all types, CODEC units, CD-ROM drives and CD-ROM servers as well as single CD-ROM's, multiplexers, inverse multiplexers, and all hardware and firmware which is part of the campus computing network.
- All University-Owned software (licensed from vendors and locally developed).
- All University-Owned data, graphic images, video images and voice files.
Originally approved, September 15, 1995 : Robert G. Culbertson, Chancellor
- All data stored in University computing and information technology resources such as computers, disk drives, tape drives, CD-ROM, and off-site storage locations.
- All graphics, video and voice images which are stored on any Item A above devices and locations.
- Printed Reports.
October 11, 1998