Acceptable Use of Information Technology Resources
Computers and other Information Technology (IT) Resources (as defined below) are essential in accomplishing the University's mission. IT Resources need to be used and managed responsibly to ensure the integrity, confidentiality, and availability of those resources for the University's education, research, outreach, and administrative objectives. University community members are granted access to these resources in support of accomplishing the University’s mission.
All users of University IT Resources, whether or not they are affiliated with the University, are responsible for their appropriate use. By making use of these resources, users of IT Resources agree to comply with Board of Regents policies; University administrative policies; federal, state, or local laws; and contractual obligations.
University IT Resources are provided for individuals who are enrolled, employed, or formally affiliated with the University of Minnesota. Units that grant guests access to IT Resources must make their persons aware of their acceptable use responsibilities. The University accepts no responsibility or liability for any unauthorized or personal use of its IT Resources by users.
Acceptable use includes respecting the rights of others, avoiding actions that jeopardize the integrity, confidentiality, or availability of IT Resources, and complying with all relevant legal or contractual requirements.
Acceptable use includes but is not limited to the following list. Users of University of Minnesota IT Resources must agree to and accept the following:
The University takes reasonable steps to protect its IT Resources; however, use of IT Resources does not guarantee absolute security and privacy. Users should be aware that any use of University IT Resources may be monitored, logged, and reviewed by University approved personnel or discovered via legal proceedings.
When the University becomes aware of violations, either through routine system administration activities or from a complaint, it is the University's responsibility to investigate; take action to protect its resources and provide information relevant to an investigation as necessary.
Individuals who use IT Resources in a way that violates a University policy, law, regulation, or contractual agreement, or violates an individual’s rights, may be subject to limitation or termination of user privileges and appropriate disciplinary action, legal action, or both. Alleged violations will be referred to the appropriate University office or law enforcement agency.
The University may temporarily or permanently restrict access to IT Resources if it appears necessary to protect the integrity, security, or continued operation of these Resources or to protect itself from liability.
Individuals or units should report non-compliance with this policy to University Information Security ([email protected]). To report anonymously, use theUniversity UReport confidential reporting system. See Administrative Procedure:Report Information Security Incidents.
Units within the University may define additional conditions of use for IT Resources or facilities under their control. Such additional conditions must be consistent with or at least as restrictive as any governing Board of Regents or Administrative policy, and may contain additional details or guidelines.
The purpose of this policy is to outline the acceptable use of information technology resources at the University of Minnesota in order to:
Executive Summary
The University of Minnesota's Acceptable Use of Information Technology Resources policy outlines the responsible use of IT resources to ensure integrity, confidentiality, and availability. The policy applies to all users, including affiliates and guests, who must comply with university policies, laws, and contractual obligations. Acceptable use includes respecting others' rights, avoiding actions that jeopardize IT resources, and complying with legal requirements. The university may investigate and take disciplinary action for policy violations, and users can report non-compliance to the University Information Security office.
Key Points
- ▸ Responsible use of IT resources is essential for the university's mission
- ▸ All users must comply with university policies, laws, and contractual obligations
- ▸ Acceptable use includes respecting others' rights and avoiding actions that jeopardize IT resources
Merits
Clear Guidelines
The policy provides clear guidelines for acceptable use of IT resources, ensuring users understand their responsibilities
Comprehensive Scope
The policy applies to all users, including affiliates and guests, promoting a consistent and secure IT environment
Demerits
Limited Security Guarantees
The policy states that use of IT resources does not guarantee absolute security and privacy, which may be a concern for sensitive information
Unclear Disciplinary Actions
The policy does not provide specific details on disciplinary actions for policy violations, which may lead to inconsistent enforcement
Expert Commentary
The University of Minnesota's Acceptable Use of Information Technology Resources policy demonstrates a commitment to responsible IT use and security. However, the policy's limitations, such as the lack of security guarantees and unclear disciplinary actions, highlight the need for ongoing review and revision. As IT environments continue to evolve, universities must prioritize cybersecurity, data privacy, and user education to maintain a secure and trustworthy IT environment. By addressing these challenges, the university can ensure that its IT resources support its mission while protecting users and the institution from potential risks.
Recommendations
- ✓ Regularly review and revise the policy to address emerging issues and ensure consistency with changing laws and regulations
- ✓ Provide additional training and resources to support users in complying with the policy and promoting a culture of responsible IT use
