ASU Computing and Communication Resources are the property of ASU. They are to be used for the advancement of ASU’s educational, research, service, community outreach, administrative, and business purposes. ASU’s Computing and Communication Resources are provided for the use of faculty, staff, currently admitted or enrolled students, and other properly authorized Users. ASU may, at its discretion, permit Users to have the access to accounts and e-mail forwarded or redirected for a limited period of time.
B. Requirements for Use of ASU Computing and Communication Resources
- You must comply with all applicable local, state, and federal laws and regulations, and with ASU and Arizona Board of Regents (ABOR) policies.
- You must respect academic freedom and free speech rights.
- You must be truthful and accurate in personal and computer identification.
- You must respect the rights and privacy of others, including intellectual property and personal property rights.
- You must not compromise the integrity of electronic networks, must avoid restricted areas, and must refrain from activities that may damage ASU Computing and Communication Resources, and transmitted or stored data.
- You must maintain the security of accounts and must protect and regularly change their account passwords according to standards maintained by UTO.
- You, once aware of a security concern, must notify the ASU Information Security Office at email@example.com of information security concerns including, but not limited to, breaches of sensitive data or compromised accounts.
- You are responsible for the protection, security, and integrity of ASU data and resources under your control according to the standards maintained by UTO. See the ASU Information Security Standards for more information.
C. Prohibited Uses of ASU Computing and Communications Resources
- Unlawful communications, including threats of violence, obscenity, child pornography, and harassing communications, are prohibited.
- Use of ASU Computing and Communication Resources for private business or commercial activities, or for fund-raising or advertising on behalf of non-ASU organizations, is prohibited.
- The unauthorized reselling of ASU Computing and Communication Resources is prohibited.
- Unauthorized use of ASU’s trademarks or logos and other protected trademarks and logos is prohibited.
- ASU Web pages may link to commercial websites, but any link that generates, or has the potential to generate, revenue to ASU or to any individual or company, including click trade or banner advertising, must be approved by ASU’s Purchasing and Business Services.
- Any alteration of addresses, uniform resource locator (URL), or other action that masks the asu.edu domain as a host site is prohibited unless authorized by UTO.
- Unauthorized anonymous and/or pseudonymous communications are prohibited. All Users must cooperate with appropriate ASU personnel or other authorized personnel when investigating the source of anonymous messages.
- Misrepresenting or forging the identity of the sender or the source of an electronic communication is prohibited.
- Unauthorized attempts to acquire and use passwords of others are prohibited.
- Unauthorized use and attempts to use the computer accounts of others are prohibited.
- Altering the content of a message originating from another person or computer with intent to deceive is prohibited.
- Unauthorized modification or deletion of another person’s files, account, or news group postings is prohibited.
- Use of ASU Computing and Communication Resources or data without authorization or beyond one’s level of authorization is prohibited.
- Interception or attempted interception of communications by parties not authorized or intended to receive them is prohibited.
- Making ASU computing resources available to individuals not affiliated with ASU without approval of an authorized ASU official at or above the level of dean/university librarian or director is prohibited.
- Compromising the privacy or security of electronic information is prohibited.
- Infringing upon the copyright, trademark, patent, or other intellectual property rights of others in computer programs or electronic information (including plagiarism and unauthorized use or reproduction) is prohibited. The unauthorized storing, copying, or use of audio files, images, graphics, computer software, data sets, bibliographic records, and other protected property is prohibited except as permitted by law.
- Interference with or disruption of the computer or network accounts, services, or equipment of others is prohibited.
- The propagation of computer “worms” and “viruses,” the sending of electronic chain mail, denial of service attacks, and inappropriate “broadcasting” of messages to large numbers of individuals or hosts are prohibited.
- Revealing passwords or otherwise permitting the use by others (by intent or negligence) of personal accounts for computer and network access without authorization is prohibited.
- Altering or attempting to alter files or systems without authorization is prohibited.
- Scanning of networks, networked devices, or applications for security vulnerabilities without specific authorization by UTO is prohibited.
- Attempting to alter or connect any computing or networking components (including, but not limited to, bridges, routers, DHCP servers, wireless access points, and hubs) on ASU’s technology network without approval of UTO is prohibited.
- Installation or alteration of wiring, including attempts to create network connections, or any extension or retransmission of any computer or network services without the approval of UTO is prohibited.
- Conduct leading to disruption of electronic networks or information systems is prohibited.
- Conduct leading to the damage of ASU electronic information/data, or ASU Computing and Communication Resources is prohibited.
D. Prohibited Access
E. Information Posted to ASU Computers or Web Pages
- Restriction on Use of ASU Web Pages
ASU’s website and web pages may be used only for ASU business and only authorized individuals may modify or post materials to these pages. No other pages may suggest that they are ASU web pages. If confusion is possible, pages should contain a disclaimer and links to ASU sites.
- Responsibilities of Individuals Posting Materials
By posting materials and using ASU Computing and Communication Resources, each User represents that he or she has created the materials or that he or she has the right to post or use the materials. The storage, posting, or transmission of materials must not violate the rights of any third person in the materials, including copyright, trademark, patent, trade secrets, and any rights of publicity or privacy of any person. Materials posted must not be defamatory, libelous, slanderous, or obscene.
- Prohibition against Commercial Use
ASU Computing and Communication Resources may not be used for unauthorized commercial purposes.
- University Control of ASU Web Pages
The use of ASU Computing and Communications Resources, including ASU’s website is at the sole discretion of ASU. ASU does not guarantee that any User will have continued or uninterrupted access to ASU’s website. ASU’s website may be removed or discontinued at any time at the discretion of ASU in accordance with ASU policy, or as needed to maintain the continued operation or integrity of ASU Computing and Communication Resources.
ASU makes reasonable efforts to protect the integrity of its technology network and related services, but ASU cannot guarantee backup, disaster recovery, or User access to information posted on web pages or personal computers.
F. Electronic Mail and Electronic Communications
- Conditions for Restriction of Access to Electronic Mail
Access to ASU e-mail is a privilege that may be wholly or partially restricted without prior notice and without consent of the User:
a) If required by applicable law or policy;
b) If a reasonable suspicion exists that there has been or may be a violation of law, regulation, or policy; or
c) If required to protect the integrity or operation of ASU’s e-mail system or Computing and Communication Resources or when ASU Computing and Communication Resources are required for more critical tasks, as determined by appropriate management authority.
Access to ASU’s e-mail system may require approval of the appropriate ASU supervisory or management authority (e.g., department head, system administrator, etc.).
- Conditions for Permitting Inspection, Monitoring, or Disclosure
ASU may permit the inspection, monitoring, or disclosure of e-mail, computer files, and network transmissions when:
a) Required or permitted by law, (including public records laws), subpoenas, or court orders;
b) ASU or its designated agent reasonably believes that a violation of law or policy has occurred; or
c) Necessary to monitor and preserve the functioning and integrity of the e-mail system or ASU Computing and Communications Resources.
- ASU Responsibility to Inform of Unauthorized Access or Disclosure
If ASU believes unauthorized access to or disclosure of information has occurred or will occur, ASU will make reasonable efforts to inform the affected computer account holder, except when notification is impractical or when notification would be detrimental to an investigation of a violation of law or policy.
- Prohibition against Activities Placing Strain on ASU Computing and Communication Resources
Confidentiality of e-mail and other network transmissions cannot be assured. Therefore, you must exercise caution when sending personal, financial, confidential, or sensitive information by e-mail or via ASU Computing and Communications Resources.
- Electronic Information as Arizona Public Record
Most electronic information (e.g., e-mail) produced in the course of ASU business is considered an Arizona public record, and must be stored or deleted in accordance with Arizona public records law. Consult with ASU’s archivist for guidance on procedures for external storage or deletion of public records.
G. Privacy and Security
- Routine Logging and Monitoring
Certain central service and network activities from workstations connected to the network are routinely logged and monitored. These activities include but are not limited to:
a) Use of passwords and accounts accessed;
b) Time and duration of network activity;
c) Access to Web pages;
d) Access to network software;
e) Volume of data storage and transfers; and
f) Server space used for e-mail.
- Detailed Session Logging
In cases of suspected violations of ASU policies, especially unauthorized access to ASU Computing and Communication Resources, the appropriate system administrator, after consultation with UTO or other ASU offices if appropriate, may authorize detailed session logging. This may involve a complete keystroke log of an entire session. In addition, the system administrator of the facility concerned may authorize limited searching of User files to gather evidence on a suspected violation.
- Responsibility for Data Security
Software and physical limitations, computer viruses, and third-party intrusions can compromise security of data storage and communications. ASU takes reasonable precautions to minimize risk. Users must notify appropriate ASU officials including their immediate supervisor and UTO of information security concerns including, but not limited to, breaches of sensitive data or compromised accounts.
ASU Computing and Communication Resources are managed by Users, ASU departments, or UTO, depending on a variety of business factors. UTO is not obligated to maintain backups of any file for any particular length of time. Users must protect and back up critical data. Individual Users and departments should develop policies and practices, coordinated with UTO as needed, to ensure regular backups of data and to implement steps to ensure that all critical data is compatible with all current generations of computing equipment, storage media, and media readers.
- Restriction of Access to Sensitive Data
All ASU departments should ensure that access to sensitive data is restricted to those employees who have a need to access the information. Passwords that provide access to sensitive information should be changed on a regular basis.
- Right to Examine Computing and Communication Resources
ASU Computing and Communication Resources may be examined to detect illegal content, to evaluate the security of the network, and to detect violations of Arizona Board of Regents and ASU policies. Networks, networked devices, and applications may be scanned for vulnerabilities as authorized by UTO.
H. Violations and Enforcement
- Reporting Violations
- ASU Response to a Reported Violation
Upon receiving notice of a violation, ASU may temporarily suspend your privileges, move, or delete the allegedly offending material pending further proceedings.
A User accused of a violation will be notified of the charge and have an opportunity to respond before ASU imposes a permanent sanction. Appropriate cases will be referred to the ASU disciplinary authority appropriate to the violator’s status (e.g., Office of Student Life or employee’s supervisor) or to appropriate law enforcement authorities.
In addition to sanctions available under applicable law and ASU and ABOR policies, ASU may impose a temporary or permanent reduction or elimination of access privileges to ASU Computing and Communication Resources, and other services or facilities.
If ASU believes it necessary to preserve the integrity of Computing and Communication Resources or data, ASU may temporarily suspend any account, whether or not the account User is suspected of any violation. ASU will provide appropriate notice to the User. Servers and computers that threaten the security of ASU Computing and Communication Resources will be removed from the network and allowed to reconnect only with the approval of UTO.
- Indemnification by Users