Policy Statement
Computers and other information technology resources are essential tools in accomplishing the Union Theological Seminary’s mission. Information technology resources are valuable assets to be used and managed responsibly to ensure their integrity, confidentiality, and availability for appropriate research, education, outreach and administrative objectives of the institution. Community members are granted access to these resources in support of accomplishing the stated mission.
All users of information technology resources, whether or not affiliated with the Seminary, are responsible for their appropriate use, and by their use, agree to comply with all applicable Seminary policies; federal, state and local laws; and contractual obligations. These include but are not limited to information security, data privacy, commercial use, and those that prohibit harassment, theft, copyright and licensing infringement, and unlawful intrusion and unethical conduct.
Union Theological Seminary accepts no responsibility or liability for any personal or unauthorized use of its resources by users.
Acceptable Use
Acceptable use includes, but is not limited to, respecting the rights of other users, avoiding actions that jeopardize the integrity and security of information technology resources, and complying with all pertinent licensing and legal requirements. Users with access to Union Theological Seminary’s information technology resources must agree to and accept the following:
- Only use information technology resources they are authorized to use and only in the manner and to the extent authorized. Ability to access information technology resources does not, by itself, imply authorization to do so.
- Only use accounts, passwords, and/or authentication credentials that they have been authorized to use for their role at the Seminary.
- Protect their assigned accounts and authentication (e.g., password, and/or authentication credentials) from unauthorized use.
- Only share data with others as allowed by applicable policies and procedures, and dependent on their assigned role.
- Comply with the security controls on all information technology resources used for school business, including but not limited to mobile and computing devices, whether seminary or personally owned.
- Comply with licensing and contractual agreements related to information technology resources.
- Comply with intellectual property rights (e.g., as reflected in licenses and copyrights).
- Accept responsibility for the content of their personal communications and may be subject to any personal liability resulting from that use.
Unacceptable Use
Unacceptable use includes and is not limited to the following list. Users are not permitted to
- Share authentication details or provide access to their seminary accounts with anyone else (e.g., sharing the password).
- Circumvent, attempt to circumvent, or assist another in circumventing the security controls in place to protect information technology resources and data.
- Knowingly download or install software onto seminary’s information technology resources, or use software applications, which do not meet University security requirement, or may interfere or disrupt service, or do not have a clear business or academic use.
- Engage in activities that interfere with or disrupt users, equipment or service; intentionally distribute viruses or other malicious code; or install software, applications, or hardware that permits unauthorized access to information technology resources.
- Access information technology resources for which authorization may be erroneous or inadvertent.
- Conduct unauthorized scanning of information technology resources.
- Engage in inappropriate use, including but not limited to:
- Activities that violate state or federal laws, regulations, or University policies.
- Harassment
- Widespread dissemination of unsolicited and unauthorized electronic communications.
- Engage in excessive use of system information technology, including but not limited to network capacity. Excessive use means use that is disproportionate to that of other users, or is unrelated to academic or employment-related needs, or that interferes with other authorized uses. Units may require users to limit or refrain from certain activities in accordance with this provision.
Privacy and Security Measures
Users must not violate the privacy of other users. Technical ability to access others’ accounts does not, by itself, imply authorization to do so.
Users play an important role in the protection of their personal information. All faculty, staff and students are required to use all available user specific security controls provided by the Seminary as available (including multi-/two-factor authentication) and meet the user specific controls in Administrative Policy: to assist in the protection of assets and the protection of their personal information and assets. Failure on the part of faculty, staff or students to employ in good faith the available security controls and to secure their personal information appropriately will mean that the seminary will not reimburse the faculty, staff or student for the loss of misdirected salary, expense reimbursements, financial aid or any other assets.
Employees must understand that any records and communications they create related to seminary business, electronic or otherwise, on an assigned or personally owned device, may be subject to disclosure under New York State’s Data Practices laws.
The Seminary takes reasonable measures to protect the privacy of its information technology resources and accounts assigned to individuals. However, the University does not guarantee absolute security and privacy. Users should be aware that any activity on information technology resources may be monitored, logged and reviewed by Seminary-approved personnel or may be discovered in legal proceedings. The Seminary assigns responsibility for protecting its resources and data to technical staff, data owners, and data custodians, who treat the contents of individual assigned accounts and personal communications as private and do not examine or disclose the content except:
- as required for system maintenance including security measures;
- when there exists reason to believe an individual is violating the law or Seminary policy; and/or
- as permitted by applicable policy or law.
The Seminary reserves the right to employ security measures. When it becomes aware of violations, either through routine system administration activities or from a complaint, it is the Seminary’s responsibility to investigate as needed or directed, and to take necessary actions to protect its resources and/or to provide information relevant to an investigation.
Enforcement
Individuals who use information technology resources that violate a Seminary policy, law(s), regulations, contractual agreement(s), or violate an individual’s rights, may be subject to limitation or termination of user privileges and appropriate disciplinary action, legal action, or both. Alleged violations will be referred to the appropriate office or law enforcement agency.
The Seminary may temporarily deny access to information technology resources if it appears necessary to protect the integrity, security, or continued operation of these resources or to protect itself from liability.
Individuals or units should report non-compliance with this policy to a member of the senior staff in the organization.
Exceptions
Departments within the Seminary may define additional conditions of use for information technology resources or facilities under their control. Such additional conditions must be consistent with or at least as restrictive as any governing Board or Administrative policy, and may contain additional details or guidelines.