IT Acceptable Use Policy FAQ

Information Technology (IT) resources are intended to support the university's instructional, research, and administrative operations. The objective of the Acceptable Use of Information Technology Resources Policy (AUP) is to create a framework to ensure that IT resources are used in an appropriate fashion and support the university's mission and institutional goals. In addition to legal requirements surrounding computing—such as compliance with those regulating copyright—IUP must create additional requirements upon its user community so its computer network and university-owned computer equipment function in an efficient, cost-effective manner in support of the university's mission as well as within requirements of the Pennsylvania State System of Higher Education. The Acceptable Use Policy is intended to address these additional requirements.

No. See the AUP's Responsibilities of Users of IT Resources section for details.

A variety of activities would violate the AUP. See the AUP's Prohibited Uses of IT Resources section for details.

Yes, to the extent that the usage complies with the AUP (all legal requirements observed and all AUP compliances met).

Specifics can be found in the AUP's Procedures section.

There are numerous websites with important information. The following links are just some of these:

• Fraud and Related Activity in Connection with Computers (Cornell University Law School)
• What is illegal under local, state, and federal laws? (Cornell University)

Strictly from the AUP perspective, this is permissible to the extent that the usage complies with the AUP (all legal requirements observed and all AUP compliances met). Employment restrictions could exist that are outside the scope of the AUP.

Email contents should always be considered "public" because the sender does not know who the receiver will forward the email to. Thus, while IUP does have an Email as an Official Means of Communication Policy, designed to reduce paper and delivery costs, this policy never requires that sensitive and/or confidential information be transmitted via email, and users should be extremely cautious in using this medium for that purpose.

IUP deploys a variety of restrictions in order to protect network integrity for all users. For example, IUP controls wireless bandwidth within the university setting so that non-university traffic does not interfere with IUP wireless users. IUP also prohibits the connecting of devices to the network which could compromise the monitoring of the entire network.

Anyone using an information technology-related resource that is owned and/or operated by the university is considered to be a user of the network. See the Definitions portion of the AUP for more details.

Strictly from the AUP perspective, this is permissible to the extent that the usage complies with the AUP (all legal requirements observed and all AUP compliances met). Restrictions could exist from other agreements or requirements outside the scope of the AUP.

Strictly from the AUP perspective, this is permissible to the extent that the usage complies with the AUP (all legal requirements observed and all AUP compliances met). Restrictions could exist from other agreements or requirements outside the scope of the AUP.

While the university recognizes the role of privacy in institutions of higher learning and will endeavor to honor that ideal, there is no expectation of privacy of information stored on or sent through State System and/or university-owned IT resources, except as required by law.

The user and their actions are at the core of security practices. See the Responsibilities of Users of IT Resources section in the AUP for details.

No explicit action is taken by the university. If, however, the virus subsequently results in activity that in some manner violates the AUP, it is possible IUP may take steps to disable connections to the network by that individual and/or machine until the situation is resolved.

The university is obligated to maintain the integrity of its IT resources, and therefore reserves the right to disable access when the integrity is jeopardized by an individual user's excessive bandwidth usage.

Only extreme situations would typically result in a user having their access disabled due to excessive use, though the university retains the right to adjust these measures as the situation warrants. In a shared user community such as IUP's, a number of factors would determine if the usage was considered excessive for the given situation—such as the demands of other users at the time.

Strictly from the AUP perspective, this is permissible to the extent that the usage complies with the AUP (all legal requirements observed and all AUP compliances met). Restrictions could exist from other agreements or requirements outside the scope of the AUP. However, members of the IUP community are strongly encouraged to utilize website-centric avenues such as IUP Now to communicate this type of information.

Yes. However, employees must reimburse the university if notified that the additional personal device usage resulted in the university paying for additional expenses.

Care should be taken when storing all forms of PII; however, Social Security numbers, credit card numbers, debit card numbers, bank account numbers, driver's license numbers, and passport numbers are particularly high-risk items. High-risk PII should only be stored when absolutely necessary, and proper care should be taken when storing and transferring this information.

Directory images are not considered high-risk information; however, proper care should be taken when storing all forms of PII. Consider encrypting, or the need for storing, any information that has value if stolen.

Storage of sensitive PII outside of our protected information systems (Banner and SAP) is appropriate when needed to fulfill a current university business need. In these cases, the sensitive PII should be stored encrypted such that only necessary personnel and/or processes have access. All long-term storage of sensitive PII should be in a protected information system.

Additional details related to the PII scanning procedure can be found at PII Scanning.