RU AccessScheduleRU OnlineDirectoryContact Us
   Future Students Current Students Parents Alumni Faculty & Staff
Print-friendly version
 

Computer and Network Usage Policy
DoIT

July 5, 2005

(Click here for a PDF version of the CNUP)

This policy replaces the Roosevelt University Computer and Network Usage Policy dated January 20, 2000, and all previous versions.

ABSTRACT

Users of Roosevelt’s computer and network resources have an obligation to use them in a responsible way and to respect the rights of others. Computer and network resources at Roosevelt University are maintained solely to support the mission of the University in teaching, learning, research, and professional and community service. This policy provides guidelines for establishing what constitutes appropriate and what constitutes inappropriate use of these resources.

POLICY PURPOSE

The purpose of the Computer and Network Usage Policy is to ensure an information infrastructure that promotes the basic missions of the University in teaching, learning, research, and professional and community service. Computers and networks are powerful enabling technologies for accessing and distributing the information and knowledge developed at the University and for facilitating communication and collaboration among members of the University community and with the world at large. As such, they are strategic technologies for the current and future needs of the University. Because these technologies give individuals the ability to access and copy information from remote sources, users must be mindful of the rights of others to their privacy, intellectual property and other rights. This Usage Policy codifies what is considered appropriate usage of computers and network resources with respect to the rights of others.

With the privileges to use the University’s computer and network resources come specific responsibilities outlined in this policy document.

SUMMARY

This policy addresses appropriate use of University computers, networks, and information contained therein. Users of the University computer and network resources must respect copyrights and all other intellectual property and contractual rights in digitized resources, including but not limited to software, databases, music, graphic images, video, text, and works of fiction and nonfiction. Users must respect the integrity of computer-based information resources and system configurations, refrain from seeking unauthorized access to University computers and networks, refrain from using University resources in any way that interferes with the University’s mission of teaching, learning, research, and professional and community service, and respect the rights of other computer users. Section headings that follow are:

1. POLICY SCOPE AND APPLICABILITY
2. ACCEPTABLE AND UNACCEPTABLE USES
3. LOCAL ADMINISTRATOR RESPONSIBILITIES
4. INFORMATION TECHNOLOGY SECURITY OFFICER RESPONSIBILITIES
5. CONSEQUENCES OF MISUSE OF COMPUTING PRIVILEGES

1. POLICY SCOPE AND APPLICABILITY

a. Applicability - This policy is applicable to all use of Roosevelt University computer and network resources. Authorized users are University students, faculty, staff or other persons who are specifically granted authorization to use computer and network resources and who agree to the terms and limitations of this policy and any conditions of use. Only authorized users may use computer and network resources. Users must agree to the terms of this policy in order to obtain authorization to use Roosevelt computer and network resources.

b. Computer and Network Resources - This policy governs all use of Roosevelt University’s “computer and network respirces.” For purposes of this policy, the term “computer and network resources” is defined to include all computing, networking, and other information technology resources, whether individually controlled or shared, stand-alone or networked and whether owned, leased, operated, or contracted by the University; word processing equipment, personal computers, workstations, servers, mainframes, minicomputers, and associated peripherals and software, regardless of whether used for administration, research, teaching or other purposes; and any portion of the Internet or any other external computer, network, or other resource accessed through the use of any such University resources or equipment.

c. Locally Defined and External Conditions of Use - Individual units within the University may define “conditions of use” for computer and network resources under their control. These conditions must be consistent with this overall policy but may provide additional detail, guidelines and/or restrictions. Where such “conditions of use” exist, enforcement mechanisms defined therein shall apply. These individual units are responsible for publicizing both the regulations they establish and their policies concerning the authorized and appropriate use of the equipment for which they are responsible. Where use of external networks is involved, policies governing such use also are applicable and must be adhered to.

d. Warranties and Liabilities – The University makes no warranties of any kind, whether expressed or implied, for providing computer and network resources to any user. The University bears no responsibility for the accuracy or quality of information or services obtained through computer and network resources. The University will not be responsible for any damages suffered from the use of University computer amd network resources, including loss of data, delays, service interruptions, missed deliveries or failed deliveries. Use of University computer and network resources is at the users’ own risk, including the reliability or security of information obtained, transmitted, received, or stored. Users have no expectation of privacy in network activity or files stored on University equipment. Electronic messages (including E-mail) and files that are transmitted, received, or stored with the use of the University’s resources, whether or not saved or deleted, will be the physical property of the University for inspection and review. Local administrators (see below, section 3) or designees may review files and messages to maintain system integrity, security, and compliance with this policy as described below in section 4.c.

^top

2. ACCEPTABLE AND UNACCEPTABLE USES

A user of University computer and network resources who is found to have violated this policy may be subject to disciplinary action up to and including discharge, dismissal, expulsion, and/or legal action.

a. Copyrights and Licenses - Users shall not infringe upon any intellectual property or contractual rights, including copyrights and licenses to software and other on-line resources such as databases, music, video, graphic images, and both fiction and nonfiction works of literature.

(1) Copying of Software - Copyrighted software may not be copied except as specifically permitted by the owner of the copyright or otherwise permitted by copyright law. Copyrighted software may not be installed onto or copied into, from, or by any University computer or network resource, except pursuant to a valid license or as otherwise permitted by copyright law.

(2) Number of Licensed Users of Software - The number and distribution of copies of copyrighted software must not exceed the number of original copies purchased, unless otherwise stipulated in the license.

(3) Copyrights - In addition to software, all other copyrighted information, including but not limited to music, databases, video, graphic images, and both fiction and non-fiction documents and works of literature, retrieved from computer or network resources must be used in conformance with applicable copyright and other law. Peer-to-peer networking and other file sharing technologies may not be used in any way that results in illegal sharing or unlawful distribution of copyrighted materials.

b. Integrity of Computer Network - Computer users may not take any action or perform any function that would threaten the integrity or orderly and efficient operation of computer and network resources.

(1) Modification, Removal, and Installation of Equipment - Computer users must not attempt to modify or remove computer equipment, software, or peripherals that are part of the University’s computer and network resources without proper authorization. Computer users may not install network or computing devices that are not authorized by the Vice President for Technology and Chief Information Officer or his/her designees. Such devices include but are not limited to wireless access points, network server hardware and software, and network devices such as hubs, routers, and switches. Unauthorized equipment is subject to confiscation.

(2) Except as authorized by a local administrator, no user of classroom or public access computers may modify any system configuration file or reconfigure any computer or computer peripheral. This includes, but is not limited to, such configuration options as screen saver, wallpaper, and browser default homepage.

(3) Encroaching upon Others’ Access and Use - Computer users must not encroach upon others’ access to, efficient use of, or enjoyment of the University’s computer and network resources. This includes but is not limited to: the sending of chain-letters or excessive messages, either locally or off-campus; printing excess copies of documents, files, data, or programs; running grossly inefficient programs when efficient alternatives are known by the user to be available; unauthorized modification of system facilities, operating systems, or disk partitions; attempting to crash or tie up a University computer or network; unnecessarily accessing resources that consume significant bandwidth such as Internet radio, sound, and video files; and damaging or vandalizing University computing facilities, equipment, software or computer files.

(4) Unauthorized or Destructive Programs - Computer users must not intentionally develop or execute programs such as viruses and worms which harm other computer users, access private or restricted portions of the system, and/or damage the software or hardware components of the system. Computer users must ensure that they do not use programs or utilities which interfere with other computer users or which modify normally protected or restricted portions of the system or user accounts. Computer users must not use network links for any use other than permitted in network guidelines. The use of any unauthorized or destructive program may result in legal civil action for damages or other punitive action by any injured party, including the University, as well as criminal prosecution.

c. Unauthorized Access and Access Restriction – Computer and network users must refrain from seeking unauthorized access to or enabling unauthorized access to computer and network resources. Users must also refrain from restricting others from accessing computer and network resources unless authorized to do so by their supervisor.

(1) Abuse of Computing Privileges - Users of University information resources must not access computers, computer software, computer data or information, or networks without proper authorization, nor intentionally enable others to do so, regardless of whether the computer, software, data, information, or network in question is owned by the University. For example, abuse of the networks to which the University belongs or the computers at other sites connected to those networks will be treated as an abuse of University computing privileges.

(2) Reporting Problems - Any defects discovered in system function or system security must be reported to the appropriate Local administrator so that steps can be taken to investigate and solve the problem.

(3) Password Protection - A computer user who has been authorized to use a password-protected account may be subject to both civil and criminal liability if the user discloses the password or otherwise makes the account available to others without permission of the Local administrator.

(4) Access Restriction - All computer users are required to divulge any user-configurable passwords that restrict access to their personal computer to their supervisors. Such user configurable passwords include, but are not limited to, CMOS passwords (i.e., log-in passwords) and screensaver passwords.

d. Usage – Computer and network users must respect the rights of other computer and network users. Many University systems provide mechanisms for the protection of private information from examination by others. Attempts to circumvent these mechanisms in order to gain unauthorized access to computer and network resources or to another person’s information are a violation of University policy and may violate applicable law. Authorized Local administrators may access computer users’ files at any time for maintenance purposes. Local administrators will report suspected unlawful or improper activities to the IT Security Officer.

(1) Unlawful Messages or Use- Use of electronic communication facilities (such as e-mail or chat, or systems with similar functions) to send fraudulent, harassing, obscene, threatening, or other messages that are a violation of applicable federal, state or other law or University policy is prohibited. Any use of University resources that is a violation of any applicable law or University policy is prohibited.

(2) Mailing Lists (listservs) - Users must respect the purpose and charters of computer mailing lists (including local or network news groups, bulletin boards, and threaded discussion forums). The user of an electronic mailing list is responsible for determining the purpose of the list before sending messages to or receiving messages from the list. Use of mailing lists to send fraudulent, harassing, obscene, threatening, or other messages that are a violation of applicable federal, state or other law or University policy is prohibited.

(3) Advertisements - The University’s electronic communication facilities may not be used to transmit commercial or personal advertisements, solicitations or promotions, except as permitted pursuant to Section 2(e)(3), Commercial Use, below.

(4) Information Belonging to Others - Users must not intentionally seek or provide information on, obtain copies of, or modify data files, programs, or passwords belonging to other users, without the permission of those other users.

e. Political, Personal and Commercial Use - The University is a non-profit, tax-exempt organization and, as such, is subject to specific federal, state and local laws regarding sources of income, political activities, use of property and similar matters. It also is a contractor with government and other entities and thus must assure proper use of property under its control and allocation of overhead and similar costs.

(1) Political Use - Computer and network resources may be used for political activities only when in compliance with federal, state and other laws and in compliance with applicable University policies.

(2) Personal Use - Computer and network resources are provided to support University functions. The University does not prohibit the use of its computer and network resources for limited personal activities, but personal use must conform with University policies and must not interfere with the primary goals of supporting teaching, learning, research, and service.

(3) Commercial Use - Computer and network resources may not be used for commercial purposes, except in a purely incidental manner or as permitted by the Vice President for Technology and Chief Information Officer.

f. Confidentiality – All users of University computing and network resources must comply with all university, local, state and federal policies and laws with respect to confidentiality of information, such as the Family Educational Rights and Privacy Act (FERPA).

^top

3. LOCAL ADMINISTRATOR RESPONSIBILITIES

While the University Trustees are the legal “owners” or “operators” of all computers and networks purchased or leased with University funds, oversight of any particular system is delegated to the head of a specific subdivision of the University governance structure, such as a Dean or Vice President. For University-owned or leased equipment, that person is the Responsible Administrator for the purpose of this policy. A supplement to this policy maintains an up-to-date list of Responsible Administrators and the systems that fall within their authority. It is the responsibility of the Information Technology Security Officer (see below, Section 5) to maintain this list and keep it up-to-date. e.

A Responsible Administrator may designate other persons to oversee subsystems within his/her administrative purview. Such designees are called “Local administrators”. For example, one person may be designated as Local administrator for a particular server based database system, another person may be designated Local administrator for desktop computers and peripherals in a particular department, and still another person may be designated Local administrator for desktop computers in a different department, and so forth. In every case, however, a Local administrator must be designated for every network and computer resource, as defined above in Section 1.b., that falls within the administrative purview of a Responsible Administrator.

A Local administrator has additional responsibilities to the University as a whole for the system(s) under his/her oversight, regardless of the policies of his/her department or group. Responsible Administrators, however, have the ultimate responsibility for the actions of those designated as Local administrators.

a. University Responsibilities - The Local administrator should use reasonable efforts:

* To take precautions against theft of or damage to the system components.

* To faithfully adhere to and implement all hardware and software licensing agreements applicable to the system.

* To treat information about, and information stored by, the system’s users in an appropriate manner and to take precautions to protect the security of a system or network and the information contained therein.

* To promulgate information about specific policies and procedures that govern access to and use of the system, and services provided to the users or explicitly not provided. A written document given to users or messages posted on a university computer system accessible to users shall be considered adequate notice.

* To cooperate with the Local administrators of other computer systems or networks, whether within or without the University, to find and correct problems caused on another system by the use of the system under his/her control.

b. Policy Enforcement - Where violations of this policy come to his or her attention, the Local administrator should (1) notify the Information Technology Security Officer and (2) take reasonable actions to implement and enforce the usage policies expressed in this document and to ensure the security of computer and network resources under his or her oversight.

c. Suspension of Privileges - A Local administrator may temporarily suspend access privileges if he or she believes it necessary or appropriate to maintain the integrity of computer and network resources. Any such suspension shall be reported to the Information Technology Security Officer.

^top

4. INFORMATION TECHNOLOGY SECURITY OFFICER RESPONSIBILITIES

The Vice President for Technology and Chief Information Officer shall appoint the University’s Information Technology Security Officer. The Information Technology Security Officer shall be the primary contact for the interpretation, enforcement and monitoring of this policy and the resolution of problems concerning it. Any issues concerning law shall be referred to the University attorneys for advice.

a. Policy Interpretation - The Information Technology Security Officer shall be responsible for interpretation of this policy, resolution of problems and conflicts with local policies, and special situations.

b. Policy Enforcement - Where violations of this policy come to his or her attention, the Information Technology Security Officer is authorized to work with the appropriate administrative units to obtain compliance with this policy.

c. Inspection and Monitoring - Only the President, Provost and Executive Vice President, Senior Vice President for Finance and Operations and Chief Financial Officer, and Vice President for Technology and Chief Information Officer can authorize the inspection of data, monitoring of messages (including e-mail), monitoring of network activity, or tracing of network activity when there is reasonable cause to suspect improper use of computer and network resources.

^top

5. CONSEQUENCES OF MISUSE OF COMPUTING PRIVILEGES

a. Cooperation Expected - Users, when requested, are expected to cooperate with Local administrators in any investigation of system abuse. Users are encouraged to report suspected abuse, especially any damage to or problems with their files. Failure to cooperate may be grounds for cancellation of access privileges, or other disciplinary actions.

b. Corrective Action - If Local administrators have sufficient evidence of misuse of computing resources, and if that evidence points to the computing activities or the computer files of an individual, they should pursue one or more of the following steps, as appropriate, to protect other users, networks and the computer system.

* Provide notification of the investigation to the Responsible Administrator and the University’s Information Technology Security Officer or designee, as well as the user’s instructor, department chair or school director, or supervisor. This step should be taken in every case.

* Temporarily suspend or restrict the user’s computing privileges during the investigation. A student may appeal such a suspension or restriction and petition for reinstatement of computing privileges through the Associate Vice-President for Student Services. A staff member may appeal through applicable grievance procedures. Faculty members may appeal through the Dean of their College.

* With authorization from the Vice President for Technology and Chief Information Officer or designate, inspect the user’s files, diskettes, tapes, and/or other computer-accessible storage media.

* Refer the matter for possible disciplinary action to the appropriate University unit, i.e., the Office of the Associate Vice-President for Student Services for students, the Responsible Administrator as described above for staff, and the Dean of the relevant College for faculty or other teaching or research personnel.

c. Indemnity - All users of the University information technology resources shall agree, as a condition to use such resources, to indemnify the University for any losses, costs, or damages, including reasonable attorney fees, incurred by the University relating to or arising out of any violation of this Policy or conditions of use and any unauthorized charges or fees incurred by such use.

^top

6. MODIFICATIONS

The University may change the terms and conditions of use and/or the provisions of this policy and any conditions of use at any time. Posting such modifications on the University Intranet or at access locations in a conspicuous place shall constitute proper notice.

This policy document is based, in part, on the computer and network usage policy document of Stanford University.

DoIT

© 2006, Roosevelt University, All Rights Reserved
Chicago  430 S. Michigan Ave, Chicago, IL 60605 | 312-341-3500
Schaumburg 1400 N. Roosevelt Blvd, Schaumburg, IL 60173 | 847-619-7300