Interim Policy on Information Systems Security

University students, faculty, and staff require reliable computer systems and networks to accomplish the University's mission of teaching, research, and service. The University therefore employs measures to protect the security of its computer systems, networks, and computer accounts. The University greatly values and makes significant efforts to protect the security and integrity of our users’ information. However, the University cannot guarantee the security of its computer systems and network resources.

The guidelines below should not be construed as a limit on any individual's rights under the constitutions and laws of the United States and Oklahoma. While the Oklahoma Open Records Act broadly defines public records that are to be released upon demand, it is the University's position that non-University personal electronic files of faculty, staff, and students are not ordinarily to be considered "public records." Users should be aware that a court of law, and not University officials, may ultimately decide such issues.

The normal operation and maintenance of the University's computer systems and networks requires the backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns, and other activities that are necessary to assure the availability of information technology services to the entire user community, to meet internal auditing requirements,  and for compliance with state and federal laws and regulations.

The University may monitor the network activity of users without prior notice. The University may monitor the specific activity of users without prior notice when:

• the user has made the content accessible to the public.
• it is otherwise permitted by law.

After approval by the CIO, the University may also monitor the specific activity of users in exigent circumstances without prior notice when:

• monitoring of general activity and usage patterns indicates that an information systems resource appears to be engaged in unusual or excessive activity that could impair the security, functioning, or availability of University computer systems and networks.
• it reasonably appears necessary to do so to protect the integrity, security, functioning, or availability of University computer systems and networks.

After approval by University Legal Counsel, the University may also monitor the specific activity of users without prior notice when:

• it reasonably appears necessary to do so to protect the University from liability.
• there is reasonable cause to believe that the user has violated University policy, including the Policy on Acceptable Use of Information Resources.
• it appears a violation of law has occurred or is in progress.

This monitoring may result in the disclosure of individual communications to appropriate University personnel and law enforcement agencies.  The communications could be used in disciplinary, civil, or criminal proceedings.  In addition, individual communications could be subject to disclosure under the Oklahoma Open Records Act.

Individuals using computer systems and networks owned by the University do so subject to applicable laws and University policies.   The University assumes  no liability  for loss or damage to materials or data.  The University disclaims any responsibility and/or warranties for information and materials residing on non-University systems or available over publicly accessible networks.  Such materials do not necessarily reflect the attitudes, opinions, or values of the University, its faculty, staff, or students.