”TigerAcceptable Use Policy

Policy Title

Acceptable Use of Information Technology Resources Policy

  1. PURPOSE
    The purpose of this Acceptable Use of Information Technology Resources Policy is to outline the requirements for Acceptable Use as well as prohibited activities in connection with the University’s IT Resources.
  1. SCOPE
    This policy applies to all Users of any of the University’s IT Resources.
  1. POLICY STATEMENT

3.1 General: To ensure safe and reliable use of the University’s IT Resources, every User is responsible for the following:

3.1.1 Be familiar with and understand all applicable Information Security policies, procedures, standards, and guidelines in connection with and related to User roles and responsibilities;

3.1.2 Respect the University’s Information Security policies, procedures, standards, and guidelines (i.e., never attempt to circumvent or “go around” security processes);

3.1.3 Promptly report violations of this policy as directed in the IT Incident Reporting Procedures; and

3.1.4 Adhere to the specific requirements outlined in this policy for Data, User Accounts, Information Systems, Computer Networks, and personally owned resources.

3.2 Data

3.2.1 All Data pertaining to student records, administration, research projects, federal or state Information, and other Data owned or processed by the University shall follow the University’s Data Classification Standards, and must be appropriately safeguarded in accordance with the University’s Minimum IT Security Standards.

3.2.2 No User is permitted access to Data outside the approved needs associated with University roles and responsibilities.

3.3 Accounts

3.3.1 User Account names and passwords are to be kept confidential, be maintained in accordance with the Account and Password Management Policy, and not used for access to non-University Information Systems.

3.3.2 Users are required to lock personal computers, and any other Computing Device, when unattended and disconnect from Information Systems when they are not actively being used.

3.4 Information Systems

3.4.1   Information Systems include University-owned hardware and software used to access or process Information of the University.

3.4.2 All Information Systems must be configured and maintained in accordance with the published Minimum IT Security Standards.

3.5 Computer Network

3.5.1  The Computer Network of the University includes wired and wireless access. Use of these IT Resources must primarily be in support of the University mission.

3.5.2  Incidental personal use of the University’s Computer Network is allowed but must not include prohibited activities identified in this Policy.

3.6 Personally Owned Computers and Mobile Devices

3.6.1   Personal Owned Computers and Mobile Devices used for University business are subject to this policy and must comply with the Minimum IT Security Standards.

3.6.2  Access to Confidential or Restricted data through a Personally Owned Computer or Mobile Device requires coordination with the Office of Information Security to ensure appropriate safeguards are utilized.

3.6.3  Confidential or Restricted data must not be saved to Personally Owned Computers or Mobile Devices.

3.7 Prohibited Activities
Use of IT Resources must comply with University policies and legal obligations (including licenses and contracts), and all federal and state laws.  The following activities are specifically prohibited:

3.7.1 Illegal viewing, downloading, uploading, using, or sharing of pirated copyright materials such as movies, television shows, music, pictures, and software;

3.7.2 Attempting to circumvent University Information Security controls, processes, or procedures to gain unauthorized access to IT Resources and Information;

3.7.3 Conducting activities that negatively impact the performance or availability of IT Resources;

3.7.4 Using another individual’s User Account, whether consensual or unauthorized, to access IT Resources;

3.7.5 Conducting Information gathering or Computer Network reconnaissance activities such as network mapping and vulnerability scanning without prior authorization;

3.7.6 Using IT Resources for illegal activities or for personal gain outside of University approved functions;

3.7.7 Using University electronic messaging Information Systems (email, chat, social media) to:

3.7.7.1 Falsify the identity of the source of electronic messages;

3.7.7.2 Send harassing, obscene or other threatening messages;

3.7.7.3 Read, delete, copy, or modify the electronic communications of others without appropriate authorization; and/or

3.7.7.4 Send, without official University authorization, “for-profit” or other unsolicited “junk” messages.

3.8 Disciplinary Sanctions
The University will impose disciplinary sanctions on Users who violate this policy, or any other IT policies, procedures, and/or applicable state and federal laws. The severity of the imposed sanctions will be appropriate to the violation and/or any prior discipline issued.

 

  1. ADDITIONAL RESOURCES

 

  1. RESPONSIBLE DEPARTMENT
    The Office of Information Security, security@clemson.edu

 

  1. APPROVAL & REVISION HISTORY
    • President Approval: May 23, 2022
    • Last Date of Revision: January 2009 (students), June 2019 (employees)
    • Originally Issued: January 2009