Account - A method of establishing a Users identity and providing the authorization for a user to utilize University Computing Resources.
Authorized User - An individual permitted to make use of University Computing Resources. Authorized users include faculty, staff, students, retirees, alumni, and visitors who have an association with the University that grants them access to University Computing Resources.
Electronic Communications - Any electronic method used to communicate or transfer text, images, sounds, signals, or data, including electronic mail, instant messaging, websites, video recordings, voicemail, facsimiles, pagers, and telephones.
Malicious Software - Software programs that damage or perform other unwanted actions on a computer system. Includes viruses, worms, trojan horses, and spyware.
Shared Service A University Computing Resource available to all Authorized Users.
Titled Account - An account which is created to identify a particular role within the Universitys operation. A titled account does not identify an individual, nor is it owned by an individual.
Unit Head - For the purposes of this policy, unit head is the term used to refer to Deans, Academic, Directors, Executive Directors, the University Librarian, the University Registrar, Division Heads, Heads of Schools, Associate Vice-Presidents and Vice-Presidents as applicable in the circumstances.
University - Memorial University of Newfoundland.
University Computing Resources - Computers, networks, data storage, software applications, e-mail addresses, websites, domain names and identities that are either owned or funded (in whole or in part) by the University or by funds administered by the University.
Visitor An individual that is neither faculty, staff, nor student, who has permission to access a University Computing Resource.
Authorized Users of any University Computing Resources have a responsibility to use them in a way that is lawful, is in compliance with University policy, and is consistent with the purposes for which they were intended.
The University reserves the right to establish technical standards (hardware and software) as appropriate. All Authorized Users will be required to follow these standards.
No person shall access University Computing Resources other than those which they are properly authorized to access.
2.1 Accounts and Identities
The University reserves the right to determine the structure and type of usernames, passwords and other identifying authorization mechanisms used to access University Computing Resources.
2.2 Personal Account Responsibility
Accounts which allow users to access the Universitys Computing Resources are provided to individuals (Authorized Users) for their exclusive use. Authorized Users are prohibited from sharing such Accounts with others. The Authorized User is at all times responsible for the use of their Account.
2.3 Titled Accounts
All information communicated to a Titled Account will be owned by the University. Use and sharing of information in a Titled Account will be managed by the Unit Head.
2.4 Access by non-account holder
Internal - Under certain circumstances, the failure to permit inspection and/or disclosure of an account could significantly impede the legitimate operations of the University, and it may be either inappropriate, not possible (e.g., In instances where an Authorized User has died), or not feasible to obtain prior approval of the Account holder. The University may access and use information contained in the Authorized User's Account where the Unit Head determines that it is necessary, in accordance with the Procedure for Requesting Access by Non-Account Holder.
External - When an Authorized User has died, or is unable to access his/her account, the University may release information contained in the Authorized User's account upon application by their trustee, executor or administrator to the Unit Head of the unit in which the Authorized User last worked, in accordance with the Procedure for Requesting Access by Non-Account Holder.
Requests will be compliant with all federal and provincial legislation and subject to the relevant provisions of any University Collective Agreement. The privacy of all personal information not pertinent to the issue giving rise to the request for access will be protected to such an extent as reasonably possible.
The University provides University Computing Resources as a shared service to all faculty, staff, students, retirees, alumni and visitors.
3.1 Impact on Other Users or the University
The University reserves the right to limit the level of an Authorized Users resource usage where such use, in the opinion of the University, negatively impacts other users or the University Computing Resources.
3.2 Personal Use
Personal use of University Computing Resources and services is permitted provided such use does not compromise the performance of an employees duties, compromise the operation of the University, cause the University to incur costs, damage the Universitys reputation or involve activities that are inconsistent with the University's mission, except where otherwise authorized under applicable collective agreements.
3.3 Commercial Use
University Computing Resources shall not be used for commercial purposes or for the benefit of non-University organizations unless these purposes are consistent with University policies and procedures or authorized under applicable collective agreements or duly authorized contracts.
3.4 Campaigning and Lobbying
The Universitys Computing Resources shall not be used for political campaigning or similar purposes.
4.0 Legal Use
All use of University Computing Resources shall be in compliance with all federal, provincial, and privacy laws, and all applicable University policies. Illegal use includes but is not limited to violations of copyright, dissemination or storage of material which is in violation of law such as pornography, hate literature, harassment, defamation and discrimination, threats, criminal activities, and the knowing use of viruses or malicious software.
5.0 Memorial Universitys Identity
No employee may use University Computing Resources or identities to commit the University to financial or legal obligations unless existing formal policies or procedures have been properly followed.
A disclaimer, as found in the Electronic Communications Disclaimer in this Policy, will be automatically appended to outgoing e-mail.
6.0 Protective Measures
The University has established technical standards for University Computing Resources which all users must follow. These standards include protective software (e.g. antivirus, encryption) and will prevent the use of non-standard equipment in conjunction with University Computing Resources.
6.1 Inspection, use and disclosure
The University may permit inspection, use and/or disclosure of data or information, including Electronic Communications, under the following conditions, subject to relevant provisions of any University Collective Agreement:
- The University is required by federal or provincial law, subpoena, or court order to divulge such data or information, or information pertaining to the account itself;
- The University reasonably believes that a law or institutional policy has been violated;
- Failure to permit inspection, use and/or disclosure would significantly impede the legitimate operations of the University, and it is either inappropriate or not feasible to obtain prior approval of the Account holder.
In such cases, approval of the Vice-President (Administration and Finance), the Vice-President (Grenfell Campus) or the Vice-President (Marine Institute) as appropriate, or delegate, in consultation with the University Privacy Officer must be obtained in advance, and the privacy of all personal information not pertinent to the issue giving rise to the access will be protected to such an extent as reasonably possible.
6.2 Enforcement, violations, and discipline
A violation of appropriate use of University Computing Resources refers to any matter in which University Computing Resources are used for purposes that violate this or any University policy, federal or provincial legislation, or relevant provisions of Collective Agreements. Any person who becomes aware of a possible violation of appropriate use may report it, in accordance with the Procedure for Reporting Suspected Violations of Appropriate Use of Computing Resources. If there is a possibility that Sensitive Electronic Data may have been disclosed, altered, or destroyed by an unauthorized individual, a security incident will be reported in accordance with the Procedure for Reporting Suspected Security Incidents.
Any breach of this policy may result in disciplinary action. Violators of this policy may be denied access to University Computing Resources and may also be subject to penalties under University policies, Collective Agreements, provincial and federal law. The University reserves the right to take the appropriate steps to temporarily suspend an Authorized Users account on the recommendation of the Vice-President (Administration and Finance), the Vice-President (Grenfell campus) or the Vice-President (Marine Institute) as appropriate, or delegate, and in consultation with the General Counsel, where appropriate.
Requests for exemption from this policy should be addressed to the Vice-President (Administration and Finance), the Vice-President (Grenfell Campus) or the Vice-President (Marine Institute) as appropriate, or delegate. Requests should detail the section of the policy for which the exemption is being sought, and propose compensating controls if any. Requests for exemption must be endorsed by the Unit Head.
Approved Operating Systems
Approved Anti-Virus Software
Approved Disk Encryption Software
Approved File Encryption Software
Connecting To Network