POLICY:

University computer user accounts and computing facilities are provided for persons who legitimately need access to University computing resources. This includes University faculty, staff and students. Other persons may qualify for a computer user account and access to computing facilities on a case by case basis.

STANDARDS:

Acceptable Use Persons using University resources (users) are responsible for lawful and appropriate use of computing facilities and devices.

Computing resources are for all users. Users must respect the usage rights of others that use UofL resources.

Computing accounts and facilities must not be used in any manner which could be disruptive, degrade the performance of or cause damage to University computing infrastructure, resources or data and/or other users. Personal use should be kept to a minimum and in no case should a University Account be used for non-University business purposes.

Confidentiality of Data

Sensitive Information must not be accessed, copied or disseminated except to the extent necessary to fulfill assigned responsibilities, and then only to the extent that the individual is authorized.
The confidentiality, security and integrity of the University data and computing infrastructure must be maintained at all times by University personnel. This obligation continues beyond the termination of the individual's relationship with the University. Misuse of Computing Accounts or Computing Infrastructure
Misuse of University computing accounts or computing infrastructure is not tolerated. Generally, behavior considered unacceptable if done without a computer in is also unacceptable if done using a computer. Examples of misuse include, but should not be construed as being limited to: Harassment, unauthorized hacking of computing systems, denial of service attacks, spoofing of identity, chain letter distribution, solicitation of non-University business and obscene language. Expectation of Privacy and Disclosure
Privacy of computing activities while using University resources is neither guaranteed nor should it be expected: o User access, security, audit and other logs are maintained to facilitate compliance with laws and regulations as well as to facilitate activity reviews when necessary. o Access may be given to persons outside of the University community on a case-by-case basis or under certain conditions when warranted. Disclosure of this information may not be given to the individual(s) involved. o The University of Louisville does not guarantee the confidentiality or privacy of electronic data or voice mail messages. This should be kept in mind when using these services. o Third party vendors are involved with both internet and voice mail data. All users of electronic data and voice mail should familiarize themselves with policies set forth by these vendors. Electronic mail and messages:
University email accounts are to be used by faculty, staff and administrators in the performance of their job duties and by students to aid them in their education.
Faculty, staff, administrators and students should regularly check their University email accounts for correspondence.
Employees should not use email in a manner that degrades or interferes with job performance or duties.
Sensitive information requires special precautions when emailing, especially outside the University network and must not be automatically forwarded.
Mail forwarded from a user's account to any other account or email address is the responsibility of the user.
Complaints regarding misuse or misconduct will be investigated. Note: The intent of the communication along with the perspective of the recipient is considered during investigations.
Electronic mail use is monitored for resource consumption and storage management. * "Email for life" users and other email users must not use their UofL email address to misrepresent their affiliation with the University.

Administrative Standards:
General

Access to additional required resources not provided upon account creation can be requested by completing the appropriate form (see http://louisville.edu/it/accounts/computeraccounts.html).
Access to a University business application or data may be denied if the appropriately completed authorization does not accompany the request. Access to information is granted based on position requirements and job duties.
All account holders must agree to comply with the computer account usage agreement. Student Account Requests
Students must be registered for classes to request and retain the computer account.
Student accounts will automatically be renewed each Fall and Spring semester, if registration is continuous (students registered in the Spring will be able to retain their account over the Summer semester).
When no longer registered, the student's account will be put on hold for a period of nine months. If the account has not been reactivated by the end of this period, the account will be deleted.

Employee Account Requests

Accounts will be closed upon termination of employment and all contents from the account deleted after one month.
Retired personnel may retain their email accounts, however if at any time no activity has occurred for one month the account will be closed, and its contents deleted one month later.

Sponsored Account Requests

Sponsored accounts may be granted to individuals external to the University of Louisville under the following conditions: o A specific relationship exists with a University unit or individual in support of a University mission, function, project or business. o A University unit or individual is willing to sponsor the individual's computer account. o Sponsored accounts will be reviewed annually as a group to determine whether renewal is necessary.
Sponsored accounts can only be requested by full-time faculty, staff or administrators.

Service Account Requests

Service accounts are granted to University of Louisville units and departments under the following conditions: o The purpose is directly related to university mission, function, project or business; o A need exists to share access to an account; o A need exists to centrally manage and store electronic communications or data; o All individuals who will use the service account must have their own individual computer account.
A service account is the only exception to the computer account naming standard. A service account can have any descriptive name, indicating its purpose, within eight characters. For example, the Security and Account Management (SAM) team in Information Technology has a service account available for the University community to send questions, comments and problems called askSAMIT@louisville.edu.

Termination of an Account

Termination of computer accounts will occur under the following circumstances:
The account holder does not agree to the Computer Account Usage Agreement.
The account holder requests the computer account be closed.
The account holder is no longer affiliated with the University.
The account holder misuses computing facilities or resources.
The department or sponsor requests that the computer account be closed.

Once a computer account has been closed, access to the account or the data contained with in it may be granted to University of Louisville individuals to facilitate the transfer of responsibilities or the retrieval of data.

SCOPE / APPLICABILITY: All persons while conducting/performing work, teaching, research or study activity or otherwise using University resources. Scope/Applicability also includes all facilities, property, data and equipment owned, leased and/or maintained by the University or affiliates.

POLICY AUTHORITY / ENFORCEMENT: The University's Information Security Officer (ISO) is responsible for the development and oversight of these policies and standards. The ISO works in conjunction with University Leadership, Information Technology, Audit Services and others for development, monitoring and enforcement of these policies and standards.

POLICY REVIEW: This policy will be reviewed annually to determine if the policy is in compliance with the applicable security regulations and University direction. In the event that significant regulatory changes occur, this policy will be reviewed and updated as needed.

COMPLIANCE: Failure to comply with these policies and standards and/or any related information security and/or information technology policy, standard or procedure may result in disciplinary action up to and including termination of employment, services or relationship with the University and/or action in accordance with local ordinances, state or federal laws.

REVISION HISTORY: Version / Revision / Date Description 1.0 / July 23, 2007 / Original Publication 1.01 / May 5, 2008 / Revised url for account usage agreement link This policy is subject to change or termination by the University at any time.

This policy SUPERSEDES all prior policies, procedures or advisories pertaining to the same subject. Approved July 23, 2007 by the Compliance Oversight Council Shirley C Willihnganz, Executive Vice President and University Provost, Chair of the Compliance Oversight Council

Browser not supported