Loyola University Chicago

Information Technology Services

Acceptable Use Policy for Electronic University Resources

Scope

Computing, networking, telephony, and information resources of Loyola University Chicago are available to advance our education, research, health care and public service missions. Any access and use of these resources and services that interfere with these goals are prohibited. All who access and use these resources will abide by all applicable policies, legal and contractual requirements, and the highest standard of ethical principles and practices, when using these University resources. Breach of or disregard for access and acceptable use policies are grounds for revoking access privileges, and may lead to additional sanctions by the University, including referral to other authorities for civil litigation and criminal prosecution.

Individuals covered

This policy applies to all persons accessing and using computing, networking, telephony and information resources through any facility of the University. These persons include students, faculty, staff, persons retained to perform University work, and any other person extended access and use privileges by the University given the availability of these resources and services, and in accordance with University contractual agreements and obligations.

Systems and resources covered

This policy covers all computing, networking, telephony and information resources procured through, operated or contracted by the University. Such resources include computing and networking systems including those that connect to the University telecommunications infrastructure, other computer hardware, software, data bases, support personnel and services, physical facilities, and communications systems and services.

Policy on access and acceptable use

Computing, networking, telephony and information resources at the University, including access to local, national and international networks, are available to support students, faculty and staff as they carry out the University's instructional, research, health care, administration and public service missions. Therefore, the University encourages and promotes the access and use of these resources by the University community. However, access and use which do not support the University mission are subject to regulation and restriction to insure that they do not interfere with this legitimate work. Any access and use of computing, networking, telephony and information resources must not interfere with the University's instructional, research, health care and public service missions and should be consistent with the person's educational, scholarly, research, service, operational or management activities within the University. Those who access and use University computing, networking, telephony and information resources are to take reasonable and necessary measures to safeguard the operating integrity of the systems and their accessibility by others, while acting to maintain a working environment conducive to carrying out the mission of the University efficiently and productively.

Responsibilities regarding system and resource use

Persons who access and use university computing, networking, telephony and information resources are responsible for:

  • respecting the rights of other individuals, including compliance with other university policies for students, faculty, and staff -- these rights include but are not limited to intellectual property, privacy, freedom from harassment, and academic freedom,
  • exercising caution when committing confidential information to electronic media given that the confidentiality and integrity of such material are difficult to ensure,
  • activity connected with the individual's assigned account,
  • using systems and resources in ways that do not interfere with or disrupt the normal operation of these systems, nor interfere with the access and use of these systems and resources by others allowed to do so,
  • protecting the security of access to University computing and networking systems and the confidentiality and integrity of information stored on University computing and networking systems,
  • knowing and obeying the specific policies established for the system and networks they access.
  • members of the University community with access to University electronic resources may not use these resources in a way that implies that the University is actually or implicitly espousing a particular view, or endorsing any person, organization, product, service or belief; similarly, they may not use the name, logos, facilities or resources of the University for any personal, commercial or similar purposes, or to participate in or intervene in (including the publishing or distribution of statements) any political campaign on behalf of, or in opposition to, any candidate for public office.

Under no circumstances, may individuals give others access to any system they do not administer, or exploit or fail to promptly report any security loopholes. Individuals must act to maintain a working environment conducive to carrying out the mission of the University efficiently and productively.

Individuals may not under any circumstances deliberately circumvent or attempt to circumvent data protection schemes or uninstall or disable any software installed by the university for the purpose of protecting the university from the intentional or unintentional disclosure of information.

Systems and network administration, and facilities management

Administrators of systems and networks have the responsibility to protect the rights of users, to set policies consistent with those rights, and to publicize these policies to their users. They have authority to control or to refuse access to anyone who violates these policies or threatens the rights of other users. They have the responsibility to notify those individuals affected by decisions they have made. Administrators of systems and networks are empowered to take reasonable steps necessary to preserve the availability and integrity of the system, to restore the integrity of the system in case of malfunction, abuse, virus, and other similar situations, and to protect the integrity of University data and other assets. These steps may include deactivating accounts, access codes or security clearances, stopping processes, deleting affected files, and disabling access to computing, networking, telephony, and information resources.

All devices deployed in the PCI environment must be documented listing Acceptable uses for the technology, Acceptable network locations for the technology, along with a list of company approved products. Additionally, all devices within the PCI environment must be labeled containing the owner, contact information, and purpose of the device.

Demand for computing, networking, telephony and information resources may occasionally exceed available resources. Priorities should be established for allocating such resources, giving a higher priority to activities that are more essential to the mission of the University.

Access

Access to University computing resources is granted to ensure that all who use these resources are given sufficient access rights to fully perform their tasks without restriction, but no more. Please review the following policies for details of protecting information when accessing University computing resources:

  • Access Control Policy
  • Vendor Access to Internal Systems Policy
  • Password Standards

Appeal of an administrative decision

Individuals who disagree with an administrative decision may submit an appeal of the decision to the appropriate resource manager or systems administrator. From there, a student may submit an appeal to the Dean of Students, a faculty member through their department administration either to the Provost or to the Vice President for the Health Sciences, and a staff member through their management to the Vice President for Human Resources. Individuals must submit these appeals according to any rules and procedures issued by system administrators or component administrators.

Noncompliance and sanctions

Individual units within the University may define "conditions of acceptable use" for facilities and resources under their control. These statements must be consistent with this general policy but may provide additional detail, guidelines and restrictions. Such "conditions of acceptable use" should indicate the enforcement mechanism. Where no enforcement mechanisms exist, the procedures defined in the applicable University's standards of conduct, i.e., Student Handbook (students), Faculty Handbook (faculty), and Employee Handbook and Personnel Policies (staff), will apply. Where use of external networks is involved, policies governing such use also are applicable and require compliance by individuals using these networks, which include:

Acceptable use policies for these networks are available on the Internet. Disregarding policies and procedures concerning access and use of computing, networking, telephony and information resources may result in the denial or removal of access privileges by administrators of systems and networks, and may lead to disciplinary action under the applicable University's standards of conduct, as cited above. Additionally, such disregard may be referred to other authorities for civil litigation and criminal prosecution under applicable state and federal statutes.

Legal context for this policy

Regarding legal context, all existing laws (local, state and federal) and University policies, regulations and rules apply, including not only those laws, policies, regulations and rules that are specific to computers and networks, but also those that apply generally to personal conduct including Sexual Harassment: Faculty, Staff and Students.

Relationship of this policy with others

This policy supplements the Rights and Responsibilities for the Access and Use of University Computing, Networking, Telephony and Information Resources policies and the Access and Acceptable Use of Public Access Computing and Networking Facilities and Services. These policies are available and can be found on the Loyola University Chicago website. The University reserves the right to change the information, requirements and procedures announced in this policy. This policy will continue to be in effect until a further revision is required and promulgated. Consult the campus computing center or the appropriate system administrator for information on other policies, procedures or directives that supplement this policy.

History

  • September 4, 2009: Initial Policy
  • October 22, 2012: Corrected links
  • August 8, 2014: Add “Access” clause for PCI Compliance
  • October 13, 2014: Add PCI 3.0 labeling requirements
  • May 11, 2015: Annual review for PCI Compliance
  • April 21, 2016: Annual review for PCI Compliance
  • October 25, 2016: Changes to section "Responsibilities Regarding System and Resource Use" as Approved by President's Cabinet.
  • April 19, 2017: Annual review for PCI Compliance
  • July 10, 2018: Annual review for PCI Compliance
  • Aug 8, 2019: Annual review for PCi Compliance

Rights and Responsibilities for the Access and Use of University Computing, Networking, Telephony and Information Resources

Information Technology Services (ITS) is the university organization that provides access to the university computing, networking, telephony, and information resources (hereafter referred to as the network) for Loyola students as well as for Loyola faculty and staff, and sponsored guests.

The University computer network consists of the university-wide backbone network, campus-wide backbone networks, local area networks (including public-access computing centers and labs), and many shared computer systems as well as personal desktop computers. Information Services works to insure that network rights are not violated and network responsibilities are followed.

Network resources also include:

  • Digital information such as files, records, images, audio, video or textual material (including network account information, access and authorization codes) stored on or accessible through the network.
  • Computer and networking programs, programming languages, instructions or routines which are used to perform work on the network.

Individuals covered

This policy applies to all persons accessing and using the network through any facility of the University. These persons include students, faculty, staff, persons retained to perform University work, and any other person extended access and use privileges by the University given the availability of these resources and services, and in accordance with University contractual agreements and obligations.

Rights regarding access and use of network resources and services

Members of the University community and others extended access privileges by the University can expect certain rights as they use the network and its services.

  • Privacy: All members of the community have the right to privacy in their electronic mail when it is used for personal, scholarly and professional purposes—keeping in mind, that the primary use of university electronic mail system must be related to the University's instructional, research, health care and public service missions and to the person's educational, scholarly, research, service, operational or management activities within the University.

    However, it must be recognized that electronic communications are by no means secure, and that during the course of ordinary management of computing and networking services, network administrators may view a person's files including electronic mail. In addition, if an individual is suspected of violations of the responsibilities as stated in this document, that individual's right to privacy may be superseded by the University's requirement to maintain the network's integrity and the rights of others authorized to access the University network. Should the security of a computer or network system be threatened, a person's files may be examined under the direction of the Associate Provost for Information Services/CIO.
  • Safety: While unwanted or unsolicited contact cannot be controlled on the network, persons accessing the network who receive threatening communications should bring them to the attention of Information Services and/or the appropriate authorities. All who access and use the network must be aware, however that there are services and material available though the network which might be considered offensive to groups of persons, and therefore those persons must take responsibility for their own navigation of the network.
  • Intellectual Freedom: The network is a free and open forum for the expression of ideas, including viewpoints that are strange, unorthodox, or unpopular. The network administrators place no official sanctions upon the expression of personal opinion on the network. However, such opinions may not be represented as the views of Loyola University Chicago.

Responsibilities regarding access and use of network resources and services

There are also responsibilities that must be met as part of the privilege of network access. All who access and use the University network are expected to live up to these responsibilities. If you knowingly violate a network responsibility, your network access may be suspended subject to University policies and procedures.

  • You are responsible for the use of your account. You may not give anyone else access to your account. You must not use a Loyola network account that was not assigned to you. You may not try in any way to obtain a password or access code for another person's network account. You may not attempt to disguise the identity of the account or machine you are using.
  • You are responsible for the security of your passwords and access codes. This includes changing them on a regular basis and making sure no one else knows it.
  • You cannot use any communications services, including electronic mail, or other resources, to intimidate, insult or harass others; to interfere unreasonably with an individual's work or educational performance, or to create an intimidating, hostile or offensive working/learning environment, especially within the context of university policies, i.e., Sexual Harassment: Faculty, Staff and Students (policy and procedure).
  • You must not use the University network resources to gain or attempt to gain unauthorized access to remote networks, including remote computer systems.
  • You must not deliberately perform an act which will disrupt the normal operation of computers, workstations, terminals, peripherals, or networks. This includes, but is not limited to, tampering with components of a local area network (LAN) or the high-speed backbone network, otherwise blocking communication lines, or interfering with the operational readiness of a network.
  • You must not run or install on any of the University computer systems, or give to another, a program which is intended to and likely to result in the eventual damage to a file or computer system and/or the reproduction of itself. This is directed towards, but not limited to, the classes of programs known as computer viruses, Trojan horses, and worms.
  • You must not attempt to circumvent access and use authentication, data protection schemes or exploit security loopholes without authorization.
  • You must respect authorial integrity, regarding intellectual integrity, including the use of personal, published or proprietary software, and refrain from plagiarism, invasion of privacy, and copyright violations. You must abide by the terms of all software licensing agreements and copyright laws. You must not make copies of or make available on the network copyrighted material, unless permitted by a license and authorized by system administrator.
  • You must not perform acts which are wasteful of computing resources or which unfairly monopolize resources to the exclusion of others. These acts include, but are not limited to, creating excessive or unnecessary network traffic, sending unauthorized mass mailings, initiating or facilitating electronic chain letters, creating unnecessary multiple jobs or processes, or producing unnecessary or excessive amount of output or printing. Printing excessive copies of any documents including resúmés, thesis, and dissertations is also prohibited.
  • You cannot place on University computing and networking systems, any information which:
    • Infringes upon the rights of another person.
    • Gives unauthorized access to another network account or system.
  • You must not attempt to monitor another person's data communications, nor may you read, copy, change, or delete another persons's files or software, without permission of the person.
  • University computing, networking, telephony and information resources are provided to support the University's missions in instruction, research, health care and public service. These resources may not be used for commercial purposes without authorization from the Vice President for Information Services.
  • Any network traffic exiting the University is subject to the acceptable use policies of the network through which it flows, including the following: Acceptable use policies for these networks are available on the Internet.
  • You cannot use University computing, networking, telephony and information services and resources to perpetuate an act that violates any state or federal laws or any regulation specified in the University policies, including but not limited to the Sexual Harassment: Faculty, Staff and Students (policy and procedures) as well as the University's standards of conduct, i.e., Student Handbook (students), Faculty Handbook (faculty), and Employee Handbook and Personnel Policies (staff).

EDUCOM Code regarding ethical and legal use of software

Loyola University Chicago abides by the EDUCOM Code (1987) regarding the ethical and legal use of software, i.e., EDUCOM Code on Software and Intellectual Rights. The EDUCOM code can be found on the Loyola University Chicago web site and elsewhere on the Internet. In addition, copies of the brochure entitled Using Software: A Guide to the Ethical and Legal Use of Software for Members of the Academic Community which explains the code are available at every campus computing center.

Non-compliance and sanctions

Information Services and other appropriate university authorities should be notified about violations of computer laws and network policies, as well as about potential loopholes in the security of its networks.

Disregarding this policy concerning the rights and responsibilities of those authorized to access and use the University computing, networking, telephony and information resources may result in the denial or removal of access privileges by system or network administrators, and may lead to disciplinary action under applicable University standards of conduct. Additionally, such disregard may be referred to other authorities for civil litigation and criminal prosecution under applicable state and federal statutes.

Appeal of an administrative decision

Individuals who disagree with an administrative decision may submit an appeal of the decision to the appropriate resource manager or systems administrator. From there, a student may submit an appeal to the Dean of Students, a faculty member through their department administration either to the Provost or to the Vice President for the Health Sciences, and a staff member through their management to the Vice President for Human Resources. Individuals must submit these appeals according to any rules and procedures issued by system administrators or component administrators.

Relationship of this policy with others

This policy supplements the Access and Acceptable Use of University Computing, Networking, Telephony, and Information Resources and the Access and Acceptable Use of Public Access Computing and Networking Facilities and Services which are available and can be found on the Loyola University Chicago web site.

The University reserves the right to change the information, requirements and procedures announced in this policy. This policy will continue to be in effect until a further revision is required and promulgated. Consult the campus computing center or the appropriate system administrator for information on other policies, procedures or directives that supplement this policy.

As our experience with this policy and these issues become clearer, revision to it may be necessary. Suggestions from our fellow Loyolans are welcome.

Suggestions and comments concerning the Rights and Responsibilities for the Access and Use of University Computing, Networking, Telephony and Information Resources Policy can be directed to the University Information Security Office at datasecurity@luc.edu.

History and Updates

  • July 1, 1995: Initial Policy
  • December 11, 2004:Revised
  • October 29, 2012: Annual Review for PCI Compliance, Replaced outdated references
  • July 17, 2013: Annual Review for PCI Compliance
  • Author: ISAC
  • Version: 1.1