Information Use & Security Policy
Expectations for All Members of the University Community
The University of Puget Sound, like all communities, functions on the basis of trust. If trust disappears, the entire community is weakened. When dealing with information and information systems, trust is manifested by:
- Maintaining the integrity and confidentiality of information
- Maintaining the security of the systems used to store and transfer that information
- Using those systems appropriately to further the mission of the university
The integrity of the University of Puget Sound's information resources is vital to its ability to maintain trust in all its relationships.
Each faculty member, staff member, student and contractor with access to institutional information resources is responsible for knowing and complying with Puget Sound's information use and security policies. Supervisors and managers are responsible for regularly training the university personnel and contractors in their areas of responsibility regarding the proper application of the information use and security policies.
Information resources include data maintained by the university, whether centralized or decentralized, regardless of the medium (e.g. databases, computer files and directories, written information, spoken information, etc.) and the systems used to store and transfer that information (e.g. electronic mail, telephone, voice mail, fax, servers, networks, etc.).
In each of the university's relationships, such as those with its students, faculty, staff, donors, alumni, and community partners, information is shared or otherwise received that is not intended for general circulation. Although many members of the university community have access to this information, it is vital that they understand the need to maintain the confidentiality of this information in order to preserve the trust vested in the university through its relationships.
The university's relationships that demand respect of confidentiality include:
- Relationships with students, including information on student finances, academic records, medical or mental health records, relatives, and disciplinary action except as provided for in policies covering student information;
- Relationships with employees, including information on compensation, performance, and work history except as provided for in policies covering employee information;
- Relationships with donors, trustees, parents, and alumni;
- Relationships with businesses, governmental agencies, regulatory bodies and peer institutions.
It should be noted that the university is also a party in these relationships and has its own confidentiality interests that need to be respected. These include business information developed by university personnel, business procedures, purchasing, accounting, marketing and marketing plans, licenses, and contracts, parties to agreements, and the identities of business associates. It also includes information about the university's financial status other than that published in the annual financial report.
All community members with access to this information should exercise good judgment and strive to preserve the trust placed in the university through the relationships described above. In addition, the university will explicitly declare the confidentiality of particularly sensitive documents.
Department heads will be responsible for determining and communicating what information is confidential to the university personnel and contractors in their areas of responsibility. Department heads are also responsible for determining who in their areas of responsibility has a need to know confidential information and for authorizing access to those individuals. When department heads grant access to particularly sensitive information to university personnel or contractors, both the department head and the individual or company may be asked to sign a non-disclosure and confidentiality agreement to insure that they have a clear understanding of their roles and responsibilities. Users may not intentionally establish Internet or other external network connections that could allow unauthorized persons to gain access to the university's systems and information and should exercise due care in all such connections. Finally, department heads are responsible for ensuring that university personnel and contractors are trained in the proper use of information systems.
Technology Services (TS) is responsible for supporting department heads in managing access to data maintained electronically and for standardizing and streamlining account administration across multiple information technology systems. TS support includes prompting department heads to review users' access rights regularly to ensure that access rights are consistent with employees' job responsibilities.
The trust placed in the university by those who have relationships with it cannot be maintained unless the entire information system is itself secure. Those who maliciously attain access to the university's system can compromise the integrity and confidentiality of the information stored therein. To this end, it is vital that all with legitimate access to the university's networks act prudently to protect the system's integrity.
The integrity of the university's systems (telephones, voice mail, computers, servers, electronic mail, network systems) can be compromised by individual users in ways that include, but are not limited to:
- Sharing access to university systems or information with unauthorized persons;
- Misrepresenting one's system identity (username and password);
- Failing to protect one's system identity and thereby permitting its abuse by others to gain access to the system;
- Introducing or spreading viruses or destructive programs that disrupt service to the system;
- Gaining access to unauthorized areas of the system.
The University of Puget Sound provides its information systems (telephone systems, voice mail, computers, network systems, and electronic mail) to support its academic programs and the administration of the university. The university provides access to parts of these systems to all matriculating students, to faculty and staff, to emeritus faculty members, and to those holding special faculty appointments. All members of the university community have a general responsibility to use these resources in a civil and lawful manner, in accordance with university standards of conduct, and in support of the administrative and academic needs of the university.
Inappropriate uses of university information systems (telephones, voice mail, computers, servers, electronic mail, network systems) include but are not limited to:
- Excessively or inappropriately using the university's information systems for personal purposes;
- Maliciously or imprudently consuming inordinately large amounts of system resources;
- Using or disseminating copyrighted material (including software) in violation of the copyright agreement or violating standard citation requirements;
- Privately selling access to system resources intended for student or employee use;
- Harassing, threatening, defaming, or otherwise interfering with the legal rights of others;
- Sending blanket e-mail messages unrelated to university business;
- Sending chain letters (messages that ask the recipient to send the message again to multiple new recipients in a structured pattern that through repetition seek ever-wider diffusion). Messages that ask managers, faculty, or staff to share messages with others for purposes of university business are not considered chain letters.
Connections to Other Policies
Other policy statements that include information relevant to the Information Use and Security Policy are:
- Academic Honesty Policy
- Campus Policy Prohibiting Harassment
- Code of Conduct
- Political Activity Policy
- E-mail, Voice Mail and Internet Use Policy
- Privacy and Appropriate Use of Resources Policy
- Solicitation Policy
- Education Records Policy
Sanctions for Policy Violations
Failure to comply with the university's Information Use and Security Policy may result in the denial of access to campus information services and/or in sanctions as provided in the Student Integrity Code, the Faculty Code, or the Staff Policies and Procedures, up to and including termination of employment or permanent expulsion.
Owner: President's Cabinet
Contact: Executive Assistant to the President/Secretary of the Corporation