TAP No. 26: Acceptable Use of Computing Resources

Scope

This policy applies to all individuals who are authorized by the University to access and use the University's Computing Resources, including students, faculty, staff, and visitors, contractors, and affiliates as applicable.

Purpose

Inappropriate use of the University's Computing Resources exposes the University to risks including virus attacks, data loss, compromise of network systems and services, and other legal, financial, and reputational risks. This policy, therefore, provides guidelines for acceptable use of the University's Computing Resources. As used herein, the term "Computing Resources" is a broad term intended to encompass all resources, systems, infrastructure, devices, facilities and applications in the university's computing portfolio, whether such Computing Resources are located on university property or accessed remotely.

I.  Policy

Access to Computing Resources is a privilege granted to University students, faculty, staff, and other authorized users ("User(s)"). Everyone using Computing Resources is responsible for using them in an appropriate, ethical, and lawful manner.

The following guidelines apply to the use of Computing Resources.

  1. University property: Computing Resources are the property of the University. It is not the practice of the University to monitor individual usage of Computing Resources, but Users do not have an expectation of privacy in Computing Resources. The University may monitor and record the usage of Computing Resources as necessary to maintain system efficiency and security, and may further monitor and record  the usage of individuals when it has a business need and/or as necessary to respond appropriately in litigation.
  2. Intended use: University Computing Resources should be used for legitimate University instructional, research, administrative, mission and approved contract purposes. University business must be  conducted using university email accounts (i.e. Microsoft Office365 @duq.edu accounts) and university business should be conducted using university-approved computing resources (i.e. university file shares, university-supported cloud storage shares, university-owned or authorized devices...).
    1. Students may opt to have their Duquesne University email messages automatically forwarded to another email account (e.g. @gmail or @outlook), but forwarding of email does not absolve a student of the responsibilities associated with communication sent to official Duquesne University email addresses

      (MultiPassID@duq.edu). Students who opt to have their Duquesne University email messages automatically forwarded to another email account do so at their own risk. The University cannot guarantee the proper handling of email by outside services, third parties, or departmental email servers. Communications from students to University faculty and staff regarding academic matters should be generated from the student's Duquesne University email account (domain duq.edu).
    2. Employees are prohibited from automatically forwarding their University email to a personal email account and must use University email to conduct all University business. Automatic email forwarding exceptions may be granted only in rare circumstances by the Vice President and Chief Information     Officer, in consultation with the appropriate University administrators, based on business need and compliance risk. The University shall, in its sole discretion, determine whether an individual is primarily an employee or a student. Under limited circumstances, ad hoc forwarding of University email to a personal email account, where such University email is not confidential or related to an employee's job duties, may be acceptable. For example, forwarding a University email sent to all employees that describes the University's benefits open enrollment period to a personal email account would be acceptable.
  3. Computing Resources may not be used for commercial or political purposes, or personal gain.   Incidental personal use of Computing Resources may be permitted if it does not interfere with the University's or the employee's ability to carry out University business, does not go against the University's mission, and does not violate the terms of this Policy.
  4. Personal Responsibility and Security: Users of Computing Resources are responsible for all activity associated with their MultiPass accounts and/or login credentials. In order to maintain the security of the University's Computing Resources, Users must not share with or transfer to others their MultiPass    account information and/or login credentials except as otherwise necessary and/or appropriate from a business perspective. Similarly, providing false information or obtaining another User's MultiPass account information or login credentials without their permission in order to access Computing Resources is prohibited. Accessing, manipulating, or destroying, without permission or authority, information, communication, and/or data stored or contained in Computing Resources is prohibited.  Additionally, Users must log off correctly, physically secure their computers and network connection, and install University-recommended software updates.
  5. Interfering with the University's Operations: It is a violation of this policy to interfere with the University's operations by deliberately attempting to degrade or disrupt the performance and/or Security Computing Resources by intentionally introducing any computer virus or similar disruptive force into any Computing Resource; to intentionally submit false, misleading or deceptive Help Desk request; and to intentionally engage in activities which can be reasonably expected to, or do, unreasonably tax Computing Resources.
  6. Compliance with Laws and University Policies: Users are expected to use Computing Resources in a way that complies with all University Policies, including those University policies prohibiting harassment and sexual misconduct, and all applicable federal, state, and local laws including the Health Insurance Portability and Accountability Act (HIPAA), the Family Educational Rights and Privacy Act (FERPA), and the Digital Millennium Copyright Act. Users are expected to respect intellectual property rights and to adhere to the terms and conditions of software license agreements for software distributed by the University.

II.  Reporting a Violation

  1. Violations of this policy should be reported immediately to your supervisor and/or the University's ethics reporting hotline by calling toll-free 1-866-294-8662 or via the web at h ttps://www.ethicspoint.com (https://www.ethicspoint.com)
  2. Reported incidents will be investigated by CTS' Information Security Office in consultation with other campus offices such as Human Resources, the Office of General Counsel, and Public Safety, as appropriate.
  3. In the event of a data breach, the University's Information Security Incident Response Plan will be initiated.

III.  Related Information

Related information includes, but is not limited to the following items. Although only some laws and University Policies are listed, Users are expected to comply with all applicable University Policies and all federal, state, and local laws.

Computing and Technology Policies and Service Requirements

HIPAA

Digital Millennium Copyright Act 

TAP No. 28, Family Educational Rights and Privacy Act (FERPA)

TAP No. 30, Affirmative Action, Equal Educational and Employment Opportunity, and Human Relations in tthe Workplace and Classroom

TAP No. 31, Sexual Misconduct and Gender Discrimination

TAP No. 57, Social Media

Student Handbook

IV. Violations

Violations of this policy will be reviewed on a case-by-case basis. Employees are subject to formal disciplinary action up to and including termination of employment. Students are subject to the non- exhaustive list of disciplinary sanctions in the Code of Student Rights, Responsibilities, and Conduct for violations of the Code.

V. History

This policy was last revised in January 2023.

VI.  Ownership of Policy

Computing and Technology Services.