Acceptable Use of Computer and Network Resources   

 

 

Abstract: 
UAB computer and network devices may only be used for work related to the university or for other approved activities. If these resources are used for destructive, disruptive or illegal activities, the right to use these resources may be revoked.

Effective Date: 7/1/2020

 

Review/Revised Date: 6/30/2022

 

Category: Information Technology

 

Policy Owner: VP Information Technology/CIO

Policy Contact: Director - Security Risk Management and IT Compliance

 
   
 
 

INTRODUCTION 

The computing resources at the University of Alabama at Birmingham (UAB) support the academic and administrative activities of the University and the use of these resources is a privilege that is extended to members of the UAB community.  As a consumer of these services and facilities, users have access to valuable University computing resources, to restricted and sensitive data, and to internal and external networks.  Consequently, it is important for users to conduct themselves in a responsible, ethical, and legal manner. 

SCOPE 

This policy applies to all users of UAB's computing resources and is intended to prohibit certain unacceptable uses of computers, mobile devices, and network resources and facilities, while also educating users about their individual responsibilities. 

POLICY STATEMENT 

No one shall use any University computer or network resource without proper authorization.  No one shall assist in, encourage, or conceal from authorities any unauthorized use, or attempt at unauthorized use, of any of the University computing, network, and information technology resources. 

No one shall knowingly endanger the security of any University computing, network, and information technology resources, nor willfully interfere with others' authorized computer usage. 

No one shall use the University's communication facilities to attempt unauthorized use, nor to interfere with others' legitimate use, of any computing, network, and information technology resources anywhere. 

No one shall connect any computer to any of the University's networks unless it meets technical and security standards set by the University administration. 

All users shall share University computing resources in accordance with policies set by the University for the computers involved, giving priority to more important work and cooperating fully with the other users of the same equipment. 

No one without authorization shall use any University computing, network, and information technology resources for non-University business.  University information technology resources are provided for UAB purposes in support of UAB's mission.  While incidental personal use is anticipated and acceptable, this use should never limit or interfere with the UAB business use of resources. 

No one shall share any password for University computing, network, and information technology resources to any unauthorized person, nor obtain any other person's password by any unauthorized means.  Sharing of individually assigned BlazerIDs and passwords is not permitted.  Only system administrators are authorized to issue passwords for systems access. 

No one shall misrepresent his or her identity or relationship to the University when obtaining or using University computing, network, and information technology resources privileges. 

No user will leverage unauthorized access to read, alter, or delete any other person's computer files or electronic mail.  This rule applies regardless of whether the operating system of the computer or device permits these acts. 

No one shall copy, install, or use any software or data files in violation of applicable copyrights or license agreements, including, but not limited to, downloading and/or distribution of music, movies, or any other electronic media protected by said license agreements, copyrights, or other forms of legal protection. 

No one shall create, install, or knowingly distribute malware, spyware, or other surreptitiously destructive or malicious programs on any University computer or network facility, regardless of whether any demonstrable harm results. Examples of such malicious software include, but are not limited to, computer viruses, Trojans, worms, key loggers, programs that provide unauthorized remote access, and ransomware. 

Only authorized parties shall modify or reconfigure any University computing, network, and information technology resources. 

No one shall store Restricted/PHI or Sensitive information in computers, portable devices or transmit Restricted/PHI or Sensitive information over University networks without protecting the information appropriately via VPN. 

Users shall take full responsibility for data that they store in University computers, portable devices and transmit through network facilities. No one shall use University computers or network facilities to store or transmit data in ways that are prohibited by law or University policy, standards, and rules. Users shall not transmit any communications that are harassing or discriminatory as outlined in the Equal Opportunity and Discriminatory Harassment Policy Policy, the Title IX Sex Discrimination, Sexual Harassment, and Sexual Violence Policy, and the Freedom Of Expression and Use Of UAB Facilities Policy.

Users shall take full responsibility for data that they store in University computers, portable devices and transmit through network facilities.  No one shall use University computers or network facilities to store or transmit data in ways that are prohibited by law or University policy, standards, and rules.  Users shall not transmit any communications that are harassing or discriminatory as outlined in the Equal Opportunity and Discriminatory Harassment Policy

Those who publish web pages or similar information resources on behalf of the University shall take full responsibility for what they publish. Said parties shall respect the acceptable use conditions for the computer on which the material resides, and they shall obey all applicable laws and University policies, standards, and rules. They shall not publish commercial advertisements without prior authorization.  References and links to commercial sites are permitted, but advertisements, and especially paid advertisements, are not allowed.  Users shall not accept payments, discounts, free merchandise or services, or any other remuneration in return for placing anything on their web pages or similar information resources. 

Users of University computers shall comply with the regulations and policies of mailing lists, social media sites, and other public forums through which they disseminate messages. 

System administrators shall perform their duties fairly, in cooperation with the user community, University administration, University policies, and funding sources. System administrators shall respect the privacy of users as far as possible and shall refer all disciplinary matters and legal matters to appropriate authorities. 

UAB email and other electronic messaging technologies are intended for communication between individuals and clearly identified groups of interested individuals, not for mass broadcasting.  Such messages are defined as the same or substantially the same e-mail message sent to more than one person without prior evidence that they wish to receive it.  No one shall use University facilities to distribute mass broadcast messages to UAB community members that are unrelated to UAB business without prior authorization.  The University reserves the right to discard incoming mass mailings and spam without notifying the sender or intended recipient. 

For its own protection, the University reserves the right to block communications from sites or systems that are involved in extensive spamming or other disruptive practices, even though this may leave University computer users unable to communicate with those sites or systems. 

Any witnessed or suspected security violations must be reported immediately to the Information Security Office in the Office of the Vice President for Information Technology and to the dean or administrative unit head.  Specific procedures for reporting a security violation are located on the Information Security web site. 

EXCEPTION 

Exceptions may be granted in cases where security risks are mitigated by alternative methods, or in cases where security risks are at a low, acceptable level and compliance with minimum security requirements would interfere with legitimate academic or business needs. To request a security exception, complete the Information Security Exception Request Form. 

NON-COMPLIANCE 

Confirmed violations of this policy will result in consequences commensurate with the offense, up to and including termination of employment, appointment, student status, or other relationships with UAB. 

MAINTENANCE 

This policy will be reviewed by UAB's Information Security Office periodically, or as deemed appropriate. 

IMPLEMENTATION 

The Vice President for Information Technology is responsible for the oversight and implementation of this policy, including the overall procedures related to its implementation and management.

 

Related Policies, Procedures, and Resources

Data Access Policy
Data Protection and Security Policy
Data Classification Rule
Data Protection Rule Information Systems and Network Access
UABHS Interdisciplinary Policies Information Systems and Network Access

(Replaces policy dated February 19, 2009 and December 1, 2017)