Clemson Computing & Information Technology

Acceptable Use Policy for Employees

Executive Summary

Computing is an integral part of the academic and business functions of the university. Many university functions that an employee encounters in carrying out their job functions and duties will require that employee to interact with the computing infrastructure and available resources. The computing resources at Clemson University are the property of Clemson University. Clemson University reserves the right to take all necessary measures either proactively or in reaction to an event or the possibility of an event to protect those computing resources.

This document outlines the basic expectations of Clemson University on how each employee will interact with the campus computing systems. Each employee is expected to conduct their computing needs in a manner that in no way jeopardizes the availability of the campus system or any connected system whether owned by the university or some other entity.  Additionally, Clemson University strictly prohibits the use of its computing facilities to engage in, participate in, or be party to any illegal activity. The university will monitor its systems in order to protect against such activity. Additionally, university employees are exposed to and have access to sensitive data resources and information, it is expected that the employee will take every known action to protect the privacy and sensitivity of those resources and information.

Any violation of this policy will result in corresponding disciplinary action by the university.  Employees suspected to be in violation of this policy will be reported to the appropriate investigative unit, including but not limited to the Office of Human Resources or the University Police Department.

All employees of Clemson University are expected to be familiar this policy and agree to adhere to it prior to using any computing related facilities.  Acceptance will be considered as a condition of employment with the University.

Purpose

The purpose of this policy is to protect the Information Technology resources and the data that is contained in, or manipulated by those IT resources as used in the daily employment duties of the university employee.  The shift of computing resources from a centralized data center to the desktop has resulted in a corresponding shift of some of the responsibility for maintaining and safeguarding those resources to the individual employee. The equipment, software and data used by each employee are expensive and vital assets of Clemson University that it is the duty of every employee to protect. In addition, Federal and State statutes protect the privacy of much of the information available on University computer systems.

Policy

It is the policy of Clemson University that: Clemson University computing resources are the property of Clemson University to be used for university-related business. Employees have no expectation of privacy when utilizing university computing resources, even if the use is for personal purposes. The university reserves the right to inspect, without notice, the contents of computer files, regardless of medium, the contents of electronic mailboxes and computer conferencing systems, systems output, such as printouts, and to monitor network communication when:

  1. It is considered reasonably necessary to maintain or protect the integrity, security or functionality of university or other computer resources or to protect the university from liability:
  2. There is reasonable cause to believe that the users have violated this policy or otherwise misused computing resources;
  3. An account appears to be engaged in unusual or unusually excessive activity; and
  4. It is otherwise required or permitted by law. Additionally, the username and computing services of the individuals involved may be suspended during any investigation of misuse of computing resources.

Communications

  • President
  • Provost
  • Vice Presidents
  • Vice Provosts
  • Deans
  • Directors/Department Heads
  • Director of Human Resources
  • All Faculty and Staff

General Guidelines

All data pertaining to student records, University administration, research projects, any Federal or State information, and any other information not explicitly deemed public shall be considered confidential and will be safeguarded by each employee having access to that data. All employees will adhere to Federal and State laws concerning privacy. Official releases of data under Freedom of Information requests are to be routed through the appropriate vice-presidential area and/or the Office of General Counsel.

All University data, public or private, will be stored in such a manner as to reasonably protect it from loss due to equipment failure, fire, theft, sabotage or human error. The University Records Manager establishes data retention periods. Data backup procedures will include remote storage of backup data, written backup and recovery procedures and periodic verification of storage media.

Any computer tape, disk (hard drive, CD or floppy) or other storage medium used to store sensitive university data must be totally erased or rendered unreadable before it is discarded or disposed of through property transfer or surplus. Employees should contact departmental Technical Support Providers (TSPs), College Consultants or CCIT personnel for assistance if necessary.

All employees will safeguard their computer usernames and passwords. No employee will allow unauthorized persons access to University data or computing or network resources by sharing their username and password. Employees should reference CCIT documentation on selecting strong passwords. Departmental servers will use CCIT provided security for access to sensitive data or applications. No server will store usernames and passwords on the server.

No employee will knowingly create access into the computing network in such a way as to bypass University security systems. Employees will make reasonable efforts to insure that no software or hardware under their control allows unauthorized access to University data. Administrators of departmental servers will regularly apply operating system security patches and service packs. All unnecessary server services will be turned off.

No employee will attempt to use the University network to gain unauthorized access to other computing resources or data, nor will they knowingly attempt to disrupt the operation of any computer system or network.

No employee will knowingly violate software licenses or copyrights during the course of their job duties or at any time while using University equipment or software. Employees are responsible for producing proof of license for any software installed on their University-supplied computer. Licenses for personally-owned software installed on a university computer should be kept with that computer.

No employee will use University data, computing resources or the network for illegal activities or for personal gain.

All employees will safeguard the software and data resources on their workstation or personal computer by installing University-licensed virus protection software or an equivalent package and running this software at regular intervals. Departmental servers and other shared computing resources will also run virus protection software if it is available. Departmental TSPs or College Consultants can assist in installing and running the virus protection software.

All employees will do their best to ensure all software or data is virus-free before it is installed or loaded on a University computer system. Any detection of a software virus will be reported immediately to the departmental TSP or, if no TSP is available or assigned, the College Consultant, or to the IT Support group in CCIT.

No employee will use the University electronic mail system to falsify the identity of the source of electronic mail messages; send harassing, obscene or other threatening electronic mail; attempt to read, delete, copy, or modify the electronic mail of others without their authorization; or send, without official University authorization, "for-profit" messages, chain letters, or other unsolicited "junk" mail.

Disciplinary Sanctions

The university will impose disciplinary sanctions on employees who violate the above policies. The severity of the imposed sanctions will be appropriate to the violation and/or any prior discipline issued to that employee.

Definitions

References and Related Documents

Username and Password Policy

Revisions

January 2009

Approvals

IT Council