Because a secure
and properly functioning information system and network resourcescomputer systems and
networks areis
necessary for the University to accomplish its mission of teaching, research,
and service,. T University employs measures
to protect the security of its computer systems, networks information systems resources and user
accounts. In addition, following University policies and procedures and
applicable Oklahoma and federal laws, the University strives to protect
personal privacy and the confidentiality of information. Information will be
handled with the strictest of security and confidentiality standards. However,
the University cannot guarantee the security of its information systems
resourcescomputer systems and networks or the privacy
of the information contained therein.
Although the University does not routinely monitor
individual usage of its information systems resourcescomputer systems and
networks, use of University information
systems resourcescomputer systems and networks is not
completely private. The normal operation and maintenance of the University's information
systems resourcescomputer systems and networks requires the
backup and caching of data and communications, the logging of activity, the
monitoring of general usage patterns, and other activities that are necessary
to assure the availability of information technology services to the entire
user community, to meet internal auditing requirements, and for compliance with state and federal
laws and regulations.
The University may also monitor network activity
of users of University information
systems without prior notice when:
·
the
user has made them accessible to the public.
·
the
monitoring of general activity and usage patterns indicates that an information
systems resource appears to be engaged in unusual or excessive activity that
could impair the security, functioning, or availability of University information
systems resourcescomputer systems and networks.
·
it
reasonably appears necessary to do so to protect the integrity, security,
functioning, or availability of University information systems
resourcescomputer systems and networks.
·
it
is otherwise required by law.
After approval by University Legal Counsel, the
University may also monitor activity and accounts of individual users of
University information systems without prior notice when:
·
it
reasonably appears necessary to do so to protect the University from liability.
·
there
is reasonable cause to believe that the user has violated University policy,
including the Policy on Acceptable Use of Information Resources.
·
it
appears a violation of law has occurred or is in progress.
This monitoring may result in the disclosure of
individual communications to appropriate University personnel and law
enforcement agencies. The
communications could be used in disciplinary, civil, or criminal
proceedings.
In addition, individual communications could be
subject to disclosure under the Oklahoma Open Records Act.
Individuals using information
systems resourcescomputer systems and networks owned by the
University do so subject to applicable laws and University policies. The user University assumes
all no liability risk of for
loss or damage to materials or data.
The University disclaims any responsibility and/or warranties for
information and materials residing on non-University systems or available over
publicly accessible networks. Such
materials do not necessarily reflect the attitudes, opinions, or values of the
University, its faculty, staff, or students.
These
guidelines should not be construed as a limit on any individual's rights under
the constitutions and laws of the United States and Oklahoma.
Interim Policy on
Acceptable
Use of Information Resources
October 30, 2002
The University’s computer
systems and networks are shared resources used by many individuals to carry out
the University’s mission of teaching, research, and service. Use of these resources must be ethical,
reflect academic honesty, respect the rights of other users, demonstrate
respect for intellectual property and ownership of data, respect system
security mechanisms, and engender an environment free from intimidation and
harassment.
By using University information
systems resourcescomputer systems and networks, users agree to
abide by and comply with the applicable policies, procedures, and laws. All
examples given below are illustrative. Application of this policy is not
limited to the examples presented.
Users of information systems
resourcescomputer systems and networks have the
responsibility to:
·
comply
with all University policies, procedures, relevant employment contracts, and
local, state, and federal laws.
·
use
information systems resourcescomputer systems and
networks for authorized administrative, academic, research, or clinical
purposes or other University business.
·
protect
user-IDs and information systems resourcescomputer systems and
networks from unauthorized use. Users are responsible for all activities
that originate from their accounts or systems that they perform or expressly
authorize.
·
access
only information that is their own, that is publicly available, or that they
have been authorized to access.
·
comply
with all copyright laws, licensing terms, patent laws, trademarks, and trade
secrets.
·
use
information systems in a way that does not infringe on the ability of other
users to reasonably access information systems resourcescomputer systems and
networks.
The
following are examples of uses that are unacceptable:
·
use
another individual’s user ID or password without proper authorization.
·
use
computer programs to decode passwords or access system control information
without proper authorization.
·
attempt
to circumvent or subvert system or network security without proper
authorization.
·
engage
in any activity that might be harmful to the systems or to any information on
the systems, such as creating or propagating viruses, disrupting services,
damaging files, making unauthorized modifications to University data, or unauthorized sharing of University data.
·
use
University systems for profit-oriented commercial or partisan political
purposes, such as using electronic mail to circulate advertising for products
or for political candidates.
·
harass
or intimidate another person, such as repeatedly sending unwanted mail or
sending threatening mail.
·
monopolize
information systems without proper authorization. Examples of monopolizing
systems include: removing shared manuals from a laboratory, uploading and
downloading files of sufficient size or quantity to degrade network performance
for other users, sending out chain letters, and sending large unauthorized mass
mailings.
·
attempt
to gain access to information or services without proper authorization.
·
engage
in any other activity that does not comply with the General Principles
presented above, University policies and procedures, or applicable law.
When it is determined that a
system is being used in a way that appears not to comply with University policy
and/or inhibits the ability of other users to reasonably use University
information systems, the system or user account may be temporarily removed from
the network. When technically feasible, a message to the system should be
posted indicating when and why the computer was removed from the network and
the name of the organization that removed it. It is the user’s responsibility
to contact the organization and work to resolve the problem. If the problem cannot be resolved, the Vice
President with responsibility for the person whose system was removed from the
network will determine the proper resolution.
Appeals to the Vice President’s decision will be handled through normal
administrative channels. The Faculty Appeals Board will handle faculty appeals,
the Campus Disciplinary Council will handle student appeals, and the Staff
Senate Executive Committee will handle staff appeals.
The University considers any
violation of these General Principles to be a serious offense and reserves the
right to copy, monitor, and/or examine any files or information residing on
University systems, networks, or computing resources related to the alleged
unacceptable use and to protect its systems and networks from events or
behaviors that threaten or degrade operations.
Violators are subject to disciplinary action including, but not limited
to, those outlined in the Student Code, Staff Handbook, Faculty Handbook
and applicable laws.