University
students, faculty, and staff require reliable computer systems and networks to
accomplish the University's mission of teaching, research, and service. The University therefore employs
measures to protect the security of its computer systems, networks, and
computer accounts. Because secure
and properly functioning information system resources are necessary for the
University to accomplish its mission of teaching, research, and service, the
University employs measures to protect the security of its computer systems,
networks and user accounts. The
University is committed to providing positive work and scholastic
environments. The University
greatly values and makes significant efforts to protect the security and integrity of our users’ information.
In
addition, following University policies and procedures and applicable Oklahoma
and federal laws, the University strives to protect personal privacy and the confidentiality
of information. Information will be handled with the strictest of security and
confidentiality standards. However, the University cannot
guarantee the security of its computer systems and networks systems and
network resourcesresources or the privacy
of the information contained therein.
The guidelines below should not be
construed as a limit on any individual's rights under the constitutions and
laws of the United States and Oklahoma. While the Oklahoma Open Records Act
broadly defines public records that are to be released upon demand, it is the
University's position that non-University personal
electronic files of faculty, staff, and students are not ordinarily to be
considered "public records." Users should be aware that a court of
law, and not University officials, may ultimately decide such issues.
Although
the University does not routinely monitor individual usage of its computer
systems and networks, use of University
computer systems and networks is not completely private. The
normal operation and maintenance of the University's computer systems and
networks requires the backup and caching of data and communications, the
logging of activity, the monitoring of general usage patterns, and other
activities that are necessary to assure the availability of information
technology services to the entire user community, to meet internal auditing
requirements, and for compliance with
state and federal laws and regulations.
The University may also
monitor
network monitorreview the network
activityspecific activity
of userss
of
University information systems without prior notice. The
University may monitor the specific activity of users without prior notice
when:
·
the
user has made the contentm
accessible to the public.
·
the monitoring of general activity and usage
patterns indicates that an information systems resource appears to be engaged
in unusual or excessive activity that could impair the security, functioning, or
availability of University computer systems and networks.
·
it reasonably appears necessary to do so to protect
the integrity, security, functioning, or availability of University computer
systems and networks.
·
it
is otherwise required permitted by law.
After approval
by the CIO, the University may also monitor the specific activity of users in exigent circumstances without prior notice when:
·
monitoring
of general activity and usage patterns indicates that an information systems resource
appears to be engaged in unusual or excessive activity that could impair the
security, functioning, or availability of University computer systems and
networks.
·
it
reasonably appears necessary to do so to protect the integrity, security,
functioning, or availability of University computer systems and networks.
After approval by University Legal Counsel, the
University may also monitorreview the specific activity of users monitor
activity and accounts of individual users of University information systems without
prior notice when:
·
it
reasonably appears necessary to do so to protect the University from liability.
·
there
is reasonable cause to believe that the user has violated University policy, including
the Policy on Acceptable Use of Information Resources.
·
it
appears a violation of law has occurred or is in progress.
This monitoring may result in the disclosure of
individual communications to appropriate University personnel and law
enforcement agencies. The
communications could be used in disciplinary, civil, or criminal
proceedings.
In addition, individual communications could be
subject to disclosure under the Oklahoma Open Records Act.
Individuals using computer
systems and networks owned by the University do so subject to applicable laws
and University policies. The
University assumes no liability for loss or damage to materials or
data. The University disclaims any
responsibility and/or warranties for information and materials residing on
non-University systems or available over publicly accessible networks. Such materials do not necessarily reflect
the attitudes, opinions, or values of the University, its faculty, staff, or
students.
These guidelines should not be construed as a limit
on any individual's rights under the constitutions and laws of the United
States and Oklahoma.
Interim Policy on
Acceptable
Use of Information Resources
December 16,
2002
October 30, 2002
The University’s computer
systems and networks are shared resources used by many individuals to carry out
the University’s mission of teaching, research, and service. Use of these resources must be ethical,
reflect academic honesty, respect the rights of other users, demonstrate
respect for intellectual property and ownership of data, respect system
security mechanisms, and engender promote an environment free from intimidation
and harassment.
By using University computer
systems and networks, users agree to abide by and comply with the applicable
policies, procedures, and laws. All examples given below are illustrative.
Application of this policy is not limited to the examples presented.
Users of computer systems and
networks have the responsibility to:
·
comply
with all University policies, procedures, relevant employment contracts, and
local, state, and federal laws.
·
use
computer systems and networks for authorized administrative, academic,
research, or clinical purposes or other University business.
·
protect
user-IDs and computer systems and networks from unauthorized use. Users are
responsible for all activities that originate from their accounts or systems
that they perform or have
expressly authorized in accordance with the Policy on
Password Sharing. authorized after
receiving written permission from the Department Chair to share a
specific user-ID or password with specific individuals for an identified
purpose.
·
access
only information that is their own, that is publicly available, or that they
have been authorized to access.
·
comply
with all copyright laws, licensing terms, patent laws, trademarks, and trade
secrets.
·
use
information systems in a way that does not infringe on the ability of other
users to reasonably access computer systems and networks.
The
following are examples of uses that are unacceptable:
·
use
another individual’s user ID or password without the proper authorization as described above.
·
use
computer programs to decode passwords or access system control information
without proper authorization.
·
attempt
to circumvent or subvert system or network security without proper
authorization.
·
engage
in any activity that might be harmful to the systems or to any information on
the systems, such as creating or propagating viruses, disrupting services,
damaging files, making unauthorized modifications to University data, or unauthorized sharing of University data.
·
use
University systems for profit-oriented commercial or partisan
political purposes, such as using electronic mail to circulate advertising for
products or for political candidates.
·
harass
or intimidate another person, such as repeatedly sending unwanted mail or
sending threatening mail.
·
monopolize
information systems without proper authorization. Examples of monopolizing
systems include: removing shared manuals from a laboratory, uploading and
downloading files of sufficient size or quantity to degrade network performance
for other users, sending out or forwarding chain letters, and sending
large unauthorized mass mailings.
·
attempt
to gain access to information or services without proper authorization.
·
engage
in any other activity that does not comply with the General Principles
presented above, University policies and procedures, or applicable law.
When it is determined that a
system is being used in a way that appears not to comply with University policy policy and/or inhibits the ability of other users to
reasonably use University information systems, the system or user
account may be temporarily removed from the network. When technically
feasible,
the owner or user of the system should be informed of a message to
the IP address system should be posted indicating
when and why the reason the computer was removed from the
network and the name of the organization that removed it. It is the user’s
responsibility to contact the organization and work collaboratively
with
that organization to resolve the problem.
If the problem cannot be resolved, the Vice President
with responsibility for the person whose system was removed from the network
will determine the proper resolution.
Appeals to the Vice President’s decision will be handled through normal
administrative channels. The Faculty Appeals Board will handle faculty
appeals, the Campus Disciplinary Council will handle student appeals, and the
Staff Senate Executive Committee will handle staff appeals. Grievances shall be handled
by the standard University grievance procedures. In case the grievance procedure requires an
appeal to the Vice President who made the original decision, the Provost will
handle the appeal. If the original
decision was made by the Provost, the Vice President for Administrative Affairs
will handle the appeal..
The University considers any
violation of these General Principles to be a serious offense and reserves the
right to copy, monitor, and/or examine any files or information residing on
University systems, networks, or computing resources related to the alleged
unacceptable use and to protect its systems and networks from events or
behaviors that threaten or degrade operations.
Violators are subject to disciplinary action including, but not limited
to, those outlined in the Student Code, Staff Handbook, Faculty Handbook
and applicable laws.