The University of Puget Sound, like all communities, functions on the basis of trust. If trust disappears, the entire community is weakened. When dealing with information and information systems, trust is manifested by:
The integrity of the University of Puget Sound's information resources is vital to its ability to maintain trust in all its relationships.
Each faculty member, staff member, student and contractor with access to institutional information resources is responsible for knowing and complying with Puget Sound's information use and security policies. Supervisors and managers are responsible for regularly training the university personnel and contractors in their areas of responsibility regarding the proper application of the information use and security policies.
Information resources include data maintained by the university, whether centralized or decentralized, regardless of the medium (e.g. databases, computer files and directories, written information, spoken information, etc.) and the systems used to store and transfer that information (e.g. electronic mail, telephone, voice mail, fax, servers, networks, etc.).
In each of the university's relationships, such as those with its students, faculty, staff, donors, alumni, and community partners, information is shared or otherwise received that is not intended for general circulation. Although many members of the university community have access to this information, it is vital that they understand the need to maintain the confidentiality of this information in order to preserve the trust vested in the university through its relationships.
The university's relationships that demand respect of confidentiality include:
It should be noted that the university is also a party in these relationships and has its own confidentiality interests that need to be respected. These include business information developed by university personnel, business procedures, purchasing, accounting, marketing and marketing plans, licenses, and contracts, parties to agreements, and the identities of business associates. It also includes information about the university's financial status other than that published in the annual financial report.
All community members with access to this information should exercise good judgment and strive to preserve the trust placed in the university through the relationships described above. In addition, the university will explicitly declare the confidentiality of particularly sensitive documents.
Department heads will be responsible for determining and communicating what information is confidential to the university personnel and contractors in their areas of responsibility. Department heads are also responsible for determining who in their areas of responsibility has a need to know confidential information and for authorizing access to those individuals. When department heads grant access to particularly sensitive information to university personnel or contractors, both the department head and the individual or company may be asked to sign a non-disclosure and confidentiality agreement to insure that they have a clear understanding of their roles and responsibilities. Users may not intentionally establish Internet or other external network connections that could allow unauthorized persons to gain access to the university's systems and information and should exercise due care in all such connections. Finally, department heads are responsible for ensuring that university personnel and contractors are trained in the proper use of information systems.
Technology Services (TS) is responsible for supporting department heads in managing access to data maintained electronically and for standardizing and streamlining account administration across multiple information technology systems. TS support includes prompting department heads to review users' access rights regularly to ensure that access rights are consistent with employees' job responsibilities.
The trust placed in the university by those who have relationships with it cannot be maintained unless the entire information system is itself secure. Those who maliciously attain access to the university's system can compromise the integrity and confidentiality of the information stored therein. To this end, it is vital that all with legitimate access to the university's networks act prudently to protect the system's integrity.
The integrity of the university's systems (telephones, voice mail, computers, servers, electronic mail, network systems) can be compromised by individual users in ways that include, but are not limited to:
The University of Puget Sound provides its information systems (telephone systems, voice mail, computers, network systems, and electronic mail) to support its academic programs and the administration of the university. The university provides access to parts of these systems to all matriculating students, to faculty and staff, to emeritus faculty members, and to those holding special faculty appointments. All members of the university community have a general responsibility to use these resources in a civil and lawful manner, in accordance with university standards of conduct, and in support of the administrative and academic needs of the university.
Inappropriate uses of university information systems (telephones, voice mail, computers, servers, electronic mail, network systems) include but are not limited to:
Other policy statements that include information relevant to the Information Use and Security Policy are:
Failure to comply with the university's Information Use and Security Policy may result in the denial of access to campus information services and/or in sanctions as provided in the Student Integrity Code, the Faculty Code, or the Staff Policies and Procedures, up to and including termination of employment or permanent expulsion.
Owner: President's Cabinet
Contact: Executive Assistant to the President/Secretary of the Corporation