ACD 125: Computer, Internet, and Electronic Communications Information Management Policy
To govern the use of ASU computing and communications resources and to manage and secure ASU data and other information assets
University Technology Office
Administrative, classified, and university staff
This policy defines the boundaries of acceptable use of ASU computing and communication resources, including computers, data storage systems, mobile devices, electronic data, networks, electronic mail services, electronic information sources, voice mail, telephone services, and other communication resources. In addition, this policy reflects the goal of ASU to foster academic freedom while respecting the principles of freedom of speech and the privacy rights of ASU students, faculty, employees, courtesy affiliates, and guests.
ASU’s computing and communication resources are the property of ASU. They are to be used for the advancement of ASU’s educational, research, service, community outreach, administrative, and business purposes. Computing and communication resources are provided for the use of faculty, staff, currently admitted or enrolled students, and other properly authorized users. When a user’s affiliation with ASU ends, ASU will terminate access to computing and communications resources and accounts. ASU may, at its discretion, permit the user to have the access to accounts and e-mail forwarded or redirected for a limited period of time.
The University Technology Office (UTO) is responsible for the maintenance and security of ASU’s central computing and communications resources. This includes recommendations for effective practices by its users, which include faculty, staff, students, and affiliates. This policy is designed to aid the university community in protecting the confidentiality, availability, and integrity of university information resources.
Users of ASU’s computing and communications resources are required to comply with this policy, other applicable ASU and Arizona Board of Regents’ (ABOR) policies, and state and federal laws. When necessary, enforcement will be consistent with other applicable ABOR policies and ASU administrative policies and procedures.
Requirements for the Use of ASU Computing and Communications Resources
Prohibited Uses of ASU Computing and Communications Resources
Restriction on Use of ASU Web Pages
ASU Web pages may be used only for ASU business and only authorized individuals may modify or post materials to these pages. No other pages may suggest that they are university Web pages. If confusion is possible, pages should contain a disclaimer and links to ASU sites.
Responsibilities of Individuals Posting Materials
By posting materials and using ASU computing facilities, the user represents that he or she has created the materials or that he or she has the right to post or use the materials. The storage, posting, or transmission of materials must not violate the rights of any third person in the materials, including copyright, trademark, patent, trade secrets, and any rights of publicity or privacy of any person. The materials posted must not be defamatory, libelous, slanderous, or obscene.
Prohibition against Commercial Use
The site may not be used for unauthorized commercial purposes.
University Control of ASU Web Pages
The use of the site is at the sole discretion of ASU. ASU does not guarantee that the user will have continued or uninterrupted access to the site. The site may be removed or discontinued at any time at the discretion of ASU in accordance with ASU policy, or as needed to maintain the continued operation or integrity of ASU facilities.
ASU makes reasonable efforts to protect the integrity of the network and related services, but ASU cannot guarantee backup, disaster recovery, or user access to information posted on personal computers or Web pages.
Access to services and file storage may be approved for emeriti, retired staff, alumni, and guests.
Conditions for Restriction of Access to Electronic Mail
Access to ASU e-mail is a privilege that may be wholly or partially restricted without prior notice and without consent of the user:
Access to the e-mail system may require approval of the appropriate ASU supervisory or management authority (e.g., department head, system administrator, etc.).
Conditions for Permitting Inspection, Monitoring, or Disclosure
ASU may permit the inspection, monitoring, or disclosure of e-mail, computer files, and network transmissions when:
All computer users agree to cooperate and comply with ASU requests for access to and copies of e-mail messages or data when access or disclosure is authorized by this policy or required or allowed by law or other applicable policies.
ASU Responsibility to Inform of Unauthorized Access or Disclosure
If ASU believes unauthorized access to or disclosure of information has occurred or will occur, ASU will make reasonable efforts to inform the affected computer account holder, except when notification is impractical or when notification would be detrimental to an investigation of a violation of law or policy.
Prohibition against Activities Placing Strain on Facilities
Activities that may strain the e-mail or network facilities more than can be reasonably expected are in violation of this policy. These activities include, but are not limited to: sending chain letters; “spam,” or the widespread dissemination of unsolicited e-mail; and “letter bombs” to resend the same e-mail repeatedly to one or more recipients.
Confidentiality of e-mail and other network transmissions cannot be assured. Therefore all users should exercise caution when sending personal, financial, confidential, or sensitive information by e-mail or over the network.
Electronic Information as Arizona Public Record
Most electronic information (e.g., e-mail) produced in the course of university business is considered an Arizona public record, and must be stored or deleted in accordance with Arizona public records law. Consult with the university archivist for guidance on procedures for external storage or deletion of public records.
Routine Logging and Monitoring
Certain central service and network activities from workstations connected to the network are routinely logged and monitored. These activities include but are not limited to:
Detailed Session Logging
In cases of suspected violations of ASU policies, especially unauthorized access to computing systems, the appropriate system administrator, after consultation with the University Technology Officer/designee or other university offices if appropriate, may authorize detailed session logging. This may involve a complete keystroke log of an entire session. In addition, the system administrator of the facility concerned may authorize limited searching of user files to gather evidence on a suspected violation.
Responsibility for Data Security
Software and physical limitations, computer viruses, and third-party intrusions can compromise security of data storage and communications. ASU takes reasonable precautions to minimize risk. Users must notify appropriate ASU officials including their immediate supervisor and the Information Security Office of information security concerns including, but not limited to, breaches of sensitive data or compromised accounts.
Computing resources are managed by individual users, departments, or the UTO, depending on a variety of business factors. The UTO is not obligated to maintain backups of any file for any particular length of time. Users must protect and back up critical data. Individual users and departments should develop policies and practices, coordinated with the UTO as needed, to ensure regular backups of data and to implement steps to ensure that all critical data is compatible with all current generations of computing equipment, storage media, and media readers.
Restriction of Access to Sensitive Data
All ASU departments should ensure that access to sensitive data is restricted to those employees who have a need to access the information. Passwords that provide access to sensitive information should be changed on a regular basis.
Right to Examine Computers and Equipment
University-owned computers and equipment may be examined to detect illegal content and to evaluate the security of the network. Networks, networked devices, and applications may be scanned for vulnerabilities as authorized by the UTO.
Any actual or suspected violation of the rules listed above should be brought to the system administrator of the equipment or facility most directly involved. In the case of a serious violation, a report must be made to the Information Security Office.
ASU Response to a Reported Violation
Upon receiving notice of a violation, ASU may temporarily suspend a user’s privileges or move or delete the allegedly offending material pending further proceedings.
A person accused of a violation will be notified of the charge and have an opportunity to respond before ASU imposes a permanent sanction. Appropriate cases will be referred to the ASU disciplinary authority appropriate to the violator’s status (e.g., Office of Student Life or employee’s supervisor) or to appropriate law enforcement authorities.
In addition to sanctions available under applicable law and ASU and ABOR policies, ASU may impose a temporary or permanent reduction or elimination of access privileges to computing and communication accounts, networks, ASU-administered computing rooms, and other services or facilities.
If ASU believes it necessary to preserve the integrity of facilities, user services, or data, it may temporarily suspend any account, whether or not the account user is suspected of any violation. ASU will provide appropriate notice to the account user. Servers and computers that threaten the security of university systems will be removed from the network and allowed to reconnect only with the approval of network administration.
Applicable Law and Policies
ASU students and employees are bound by all applicable laws and ABOR and university policies. For ease of reference, some frequently referenced policies in ASU manuals are listed in the cross-references at the end of this policy. Some frequently referenced policies not in ASU manuals are listed in the section below. This list is not intended to be exhaustive nor to limit the applicability of any other law or policy.
Frequently Referenced Policies not in ASU Manuals
For related information about the conditions of administrative service, see the Academic Affairs Policies and Procedures Manual—ACD 504, “Conditions of Administrative Service at ASU.”
For related information about student behavior, see the Student Services Manual— SSM 104–01, “Student Code of Conduct and Student Disciplinary Procedures.”
For related information about disability accommodations, see:
For related information about use of university property, see the Academic Affairs Policies and Procedures Manual—ACD 123, “Misuse of University Assets”
For related information about appropriate and inappropriate political activity, see:
For related information about preventing the loss of trademark rights, see the Purchasing and Business Services Policies and Procedures Manual—PUR 701, “Trademark Licensing.”
For related information about sexual harassment, see:
For related information about personnel records, including the use and release of personal records, see: