Acceptable Use of Information Technology Resources Policy

Category:  Administrative
Approval:  Senate
Responsibility:  Associate Vice-Principal IT / Chief Information Officer
Date:  May 27, 2014


Definitions:

The following are definitions for key terms used in this policy:

Term Definition
Sensitive Information An electronic set of information or data, such as a database, file or document, that is classified as personal, confidential, or operationally-sensitive, as defined under the ¾ÅÐãÖ±²¥ Data Classification Standard. Whether it is stored on or off campus does not matter.
Unit Head The Department Head or Director of a ¾ÅÐãÖ±²¥ department, or the Principal Investigator or Lead Researcher for a research unit or project.

For other definitions, please see Electronic Information Security Definitions.

 

Purpose/Reason for This Policy:

The purpose of this Policy is to establish the responsibilities of members of the ¾ÅÐãÖ±²¥ community with respect to their use of Information Technology (IT) resources, and those actions necessary or that should be avoided in order to fulfill these responsibilities.

 

Scope of this Policy:

This Policy applies to all ¾ÅÐãÖ±²¥ faculty, staff and students, as well as to contractors or agents engaged by a department or employee, or any individual using ¾ÅÐãÖ±²¥ IT Resources, whether on-campus or remotely.

 

Policy Statement:

The use of ¾ÅÐãÖ±²¥ information technology (IT) resources must be consistent with the academic mission of the University. These IT resources are provided to support the teaching, learning, research and administrative activities of the ¾ÅÐãÖ±²¥ community. As a member or guest of the ¾ÅÐãÖ±²¥ community, you may have access to valuable internal and external networks and resources, and Sensitive Information, and you are expected to use these resources in a responsible, ethical, and legal manner. Your actions should not adversely affect the ability of others to use these resources, or compromise the security and privacy of sensitive information.

 

Responsibilities:

You will use ¾ÅÐãÖ±²¥ IT resources for the academic and administrative purposes for which they are intended. You will:

  1. use only those IT Resources that you have been authorized to use, unless those resources are intended to be generally available to the ¾ÅÐãÖ±²¥ community; and
  2. not use IT Resources for commercial activities unless such activities have been authorized in writing by the University, and do not adversely impact other users, or introduce risk to the security of personal or confidential information or the ¾ÅÐãÖ±²¥ IT infrastructure.

You will not adversely affect the ability of others to use IT resources within or external to ¾ÅÐãÖ±²¥, or compromise the integrity or reliability of those IT resources. You will:

  1. ensure that your personal computer or workstation is maintained in accordance with Electronic Information Security Guidelines; and
  2. not use ¾ÅÐãÖ±²¥ IT resources in a manner that interferes with the normal operation of IT resources within or external to ¾ÅÐãÖ±²¥, or hinders or encroaches on the ability of others to use those resources

You will not compromise the security and privacy of sensitive information. You will:

  1. keep your user authentication credentials, such as user accounts and passwords or similar authentication credentials, secure, such that they cannot be used by others;
  2. choose secure passwords for your user accounts;
  3. preserve the confidentiality of any University information to which you have access in the course of your employment or academic activities at ¾ÅÐãÖ±²¥;
  4. preserve the privacy of any personal or confidential information about or belonging to other individuals, to which you have access in the course of your employment or academic activities; and
  5. take the necessary precautions to prevent theft or unauthorized use of computers, storage devices, and information.

You will use IT resources in a manner which is consistent with all University policies and does not cause damage to the University. You will:

  1. maintain familiarity with ¾ÅÐãÖ±²¥ Information Security Policies, Standards and Guidelines, and seek clarification from ITServices about any elements that are unclear; and
  2. adhere to the terms of any contractual agreements or arrangements between ¾ÅÐãÖ±²¥ and external service providers or organizations, and use such resources for the intended academic and/or administrative purposes only.

You will not violate the rights of others or contravene the laws of Canada and/or the Province of Ontario in your use of IT resources. You will:

  1. respect the copyright and intellectual property rights of others, whether at ¾ÅÐãÖ±²¥ or elsewhere;
  2. respect the licensing agreements and terms for all software, and only install and use software as permitted in the license agreement for that software;
  3. respect the licensing agreements and terms for all electronic resources including databases, journals, books and other print, audio and video content;
  4. not use ¾ÅÐãÖ±²¥ IT resources for any activities or actions which are illegal or do not comply with Canadian or Ontario legislation; and
  5. not use ¾ÅÐãÖ±²¥ IT Resources to do anything that is a violation of the rights of others, such as displaying or distributing obscene, harassing, defamatory, or discriminatory material or messages.

You will report suspected, known or observed IT or information security risks or exposures of a serious nature by following the Procedures for Reporting IT or Information Security Incidents or Risks.

Unit Heads are responsible for ensuring that all supervisors, employees, students, guests and contractors are made aware of their responsibilities under the ¾ÅÐãÖ±²¥ Electronic Information Security Policy Framework.

Failure to comply with these responsibilities will be considered a violation of this policy.

 

Contact Officer:  Information Systems Security Manager - ITServices
Related Policies, Procedures and Guidelines:  Electronic Information Security Policy, Network and Systems Security Policy, Various related Standards, Procedures and Guidelines