IT Appropriate Use Policy (PDF)
Appropriate Use Policy for Information Technology
Updated April 15, 2024
Table of Contents
Guidelines for Appropriate Pace IT Use
- Access by IT Staff on Behalf of the University
- Access by Administrators of Departmental IT Systems
- Electronic Communications
Ownership of Copyright for Materials Developed with Pace's Resources
Responsibility for Errors in Software, Hardware, and Consulting
Changes in the Pace IT Environment
Comments, Suggestions, Corrections, etc.
Introduction
Identity of Information Technology Resources at Ƶ
Information Technology (IT) at Ƶ encompasses the use of all campus computing, telecommunications, document services, educational media, and management information systems technologies. These IT resources support the instructional, research, and administrative activities of the University. Examples of these resources include, but are not limited to, the central administrative, academic, and library computing facilities, systems, and services (whether located on-premises or hosted in the cloud); the campus-wide data, video, and voice network; electronic mail; video conferencing systems; access to the Internet; voice mail; the University switchboard; fax machines; photocopiers; classroom audio-video; departmental and general use computing facilities and related services. Pace’s central information technology organization is “Information Technology Services” (ITS) and is led by the University’s Chief Information Officer (CIO) and Vice President of Information Technology.
Appropriate Use of IT Resources
Users of these services and facilities have access to valuable University resources, sensitive data, and external networks. Consequently, it is important for all users to behave in a responsible, ethical, and legal manner. In general, appropriate use means understanding the intended use for Pace IT (and making certain that your use complies), respecting the rights of other Ƶ information technology users, maintaining the integrity of the physical facilities, and obeying all pertinent license and contractual agreements.
Guidelines
This document establishes general guidelines that apply to all users of IT resources owned or managed by Ƶ, including but not limited to Pace students, faculty (including adjunct faculty), staff (including part-time and temporary), external individuals (such as Pace contractors) or organizations and individuals accessing external network services, such as the Internet, via Pace's Information Technology facilities.
The policies described in this document apply to all information technology owned or managed by Ƶ and represent the minimum appropriate use policies for IT. Individual departments may have additional (and more restrictive) policies regarding IT resources held in those departments. Departmental users should contact their local IT staff for more information about IT policies in a specific department. It is strongly recommended that each department appoint at least one staff member designated to provide first-level IT support, receive training with the ITS organization, and exchange pertinent IT information between ITS and the department.
Guidelines for Appropriate Pace IT Use
The following list, while not exhaustive, provides some specific guidelines for appropriate IT use:
- Use Pace's Information Technology facilities and services for Ƶ-related work, not for personal or other–than-Pace business work. Pay particular attention to the abuse of photocopiers, local and long-distance phone calls, fax machines, the Internet, and the local Pace networks.
- Ƶ encourages information technology literacy for its students, faculty, and staff. As such, Ƶ allows its electronic mail system and personal World Wide Web pages to be used by students, faculty, and staff for reasonable and limited personal use. For example, occasionally sending electronic mail to family and friends is allowed, as is hosting a personal web page on the . In all cases, this “personal use” must conform to the guidelines established herein, dealing with the prohibition of personal and financial gain.
- Use only the Information Technology facilities for which you have specific authorization. It is strictly forbidden to use another individual's ID or account or attempt to capture other users' passwords. Users are individually responsible for all use of resources assigned to them; therefore, sharing of IDs is prohibited.
- Observe established guidelines for any information technology facilities used both inside and outside the University. For example, individuals using Pace's Computer Resource Centers must adhere to the policies established for those centers; individuals accessing off-campus computers via external networks must abide by the policies established by the owners of those systems as well as policies governing use of those networks.
- Do not attempt to alter, delete, or destroy any software on any Pace IT system. This constitutes a violation of the appropriate use of IT facilities, no matter how weak the protection is on those products.
- Your use of Pace IT facilities and services is subject to and conditional upon your compliance with state and federal laws and University policies, including disciplinary policies. All material posted to websites must comply with commonly accepted accessibility standards, such as the most recent version of the
- Respect the privacy and personal rights of others. Do not access or copy another user's electronic mail, data, programs, or other files without permission. Pace endorses the following statement on software and intellectual rights distributed by EDUCAUSE, the non-profit consortium of colleges and universities committed to the use and management of information technology in higher education. The statement reads: Respect for intellectual labor and creativity is vital to academic discourse and enterprise. This principle applies to the work of all authors and publishers in all media. It encompasses respect for the right to acknowledgment, right to privacy, and right to determine the form, manner, and terms of publication and distribution. Because electronic information is volatile and easily reproduced, respect for the work and personal expression of others is especially critical in computer environments. Violations of authorial integrity, including plagiarism, invasion of privacy, unauthorized access and trade secret and copyright violations, may be grounds for sanctions against members of the academic community.
- The University policies on plagiarism or collusion apply to the use of IT resources in course assignments.
- The Higher Education Act requires institutions to develop plans for giving students legal ways to download music and movies and to explore technologies to stop illegal peer-to-peer file sharing. The official Ƶ position on peer-to-peer (P2P) file-sharing utilities is that the software itself is not illegal nor banned by Ƶ. It is illegal, however, to download or share copyrighted material for which you do not hold the copyright. All Pace users must respect copyrighted material that is accessible through the Pace network. Any incident of copyright infringement can lead to disciplinary proceedings and legal action. Rulings by the courts under the Digital Millennium Copyright Act have held that Internet Service Providers or ISPs (e.g., Ƶ is an ISP to its students, faculty, and staff) must provide the identity of users of specific Internet Protocol Addresses or “user IDs” of the programs listed above when a properly issued subpoena is provided. Individual students, faculty, and staff may be held personally liable for violations of copyright laws. Visit the Illegal File Sharing website for more information.
- You are expected to abide by all applicable copyright laws and licenses. Both University policies and the law expressly forbid the copying of software that has not been placed in the public domain and distributed as “Freeware" or "Shareware". Users are expected to abide by the requirements of shareware agreements. ITS will maintain University-wide site licenses.
- In order to avoid jeopardizing the University’s tax-exempt status, do not use Pace IT facilities and services for personal financial gain or in connection with political activities without prior written approval in each instance. Contact the CIO/Vice President of Information Technology (cio@pace.edu) for detailed information.
- Use appropriate standards of civility and common sense when using IT systems to communicate with other individuals. Do not post to public websites or use email to transmit confidential information relative to personnel matters, internal investigations, and ongoing or threatened litigation, or information containing Personally Identifiable Information such as Social Security Numbers, Bank Account Numbers, Credit Card Information, and Health Information. When sending personal messages to other users, participating in a Chat Room discussion, posting on electronic bulletin boards, or leaving a voice mail message, identify yourself as the sender. Using Pace's IT resources to harass, slur, embarrass, or demean other individuals is explicitly prohibited.
- Be sensitive to the needs of others and use only your fair share (what a reasonable person would consider fair) of computing, faxing, and telephone resources. For example, users of shared resources, such as the PCs in the Computer Resource Centers, should use these facilities for only the most essential tasks during periods of peak demand. Broadcasting non-critical messages to large numbers of individuals (spamming) and sending chain letters are examples of activities that cause network congestion and interfere with the work of others and are prohibited. Use the available online and telephone company directories to look up the numbers yourself to save the University additional telephone service charges.
- Treat IT resources and electronic information as a valuable University resource. Protect your data and the systems you use. For example, ensure that you back up your files regularly using university-approved backup solutions.
Set an appropriate password and change it regularly. Passwords should not contain any easily remembered word or phrase.
Passwords for all Pace systems must meet the following requirements:
- must not contain more than three (3) consecutive characters of your first name, last name, or username
- must be twelve (12) or more characters long
- must contain at least one character from three of these four categories:
- UPPERcase characters (A, B, C, ...)
- lowercase character (a, b, c, ...)
- numbers (1, 2, 3, ...)
- special characters (! * + - / : ? _ # $)
- (i.e., must have at least one uppercase letter, one lowercase letter, and one number)
- Passwords that are determined to be inherently weak or were part of a previous third-party breach may be denied, and the user will be asked to select a new secure password
- must not be one that you have recently used (you cannot use one of your last four passwords)
- cannot be changed more than once every 24 hours
You should change your password at least once a year. Staff and Faculty who regularly have access to sensitive information will be required to change their passwords every 180 days. More information about appropriate passwords can be found at the Password Security webpage.
- Make sure you understand the access privileges you have set for your files. Do not destroy or damage any IT equipment, networks or software. The willful introduction of computer code that compromises the integrity of a system, such as viruses and worms, into the Ƶ computing environment or into other computing environments via Pace's network violates University standards and regulations.
- Stay informed about the Pace IT environment, as it is continually evolving to keep pace with academia and the demands of our students. Pace disseminates information in a variety of ways, including the ITS website, , the Pace Home Page, , logon messages, the IMO listserv, email alerts/notices, and online documentation regarding policies and procedures, in published newsletters (e.g., Opportunitas, Pace Press, Paw Print, Pace Pulse), at meetings, and, in some cases, as announcements/memos mailed to departments/individuals. Users are responsible for staying informed about these changes and are expected to adapt to changes in the University IT environment.
- The following guidelines have been established regarding the use of Web 2.0 Tools by Faculty and Staff:
- Faculty and staff members may request a blog or wiki for use in conjunction with their work. The requestor will be the owner of the blog and assumes responsibilities as defined in this Appropriate Use Policy.
- Faculty and staff members may also request group blogs or wikis. Group blogs can be used in courses, research, department websites, and collaborative projects.
- Faculty and staff members may request additional Pace computer accounts for collaborators from other institutions for participation in Web 2.0 activities, and their use will be covered by this Appropriate Use Policy.
- Anonymous postings to blogs and wikis are not permitted. Owners of blogs and wikis may not reconfigure the system to allow anonymous postings.
- Comments are an integral part of Web 2.0. All comments will be run through a SPAM engine. An individual making a comment is required to provide a valid email address before entering comments. The blog owner is responsible for reviewing each comment before posting it to the blog for others to see. The blog owner reserves the right not to publish individual comments. The blog owner may opt to require Pace password authentication before comments can be submitted.
- Blogs created by Pace-provided software/system will be listed on a web page and be available for RSS syndication.
- Pace does not guarantee that it will provide ancillary software, such as databases and script languages, that authors may wish to use in their blogs or wikis.
- All suspected information Security Incidents must be reported as quickly as possible and within six hours of learning of the suspected or actual incident through appropriate channels. Notification should be made to the Information Security Office and, where appropriate, the local campus office of University Safety and Security, University Counsel, and/or the Risk Management Department. All parties have a duty to report information security violations and problems in a timely manner so that prompt remedial action may be taken. Please see the Incident Reporting Policy located in the for more information.
- Staff and Faculty who record online webinars, lectures, etc., that will be later posted on publicly available websites (i.e., without login required) must notify the participants prior to attending the event and again at the beginning of the event that the session will be recorded and later made available in a public manner. Contact Educational Media for the appropriate language and procedures to be followed. Participants in online webinars, lectures, etc, are not permitted to create recordings unless prior authorization is provided by the presenter(s) and/or sponsor(s).
- University business must be conducted using a University-issued non-student email account. Use of personally owned, third-party, or otherwise non-Pace-issued accounts for university business is expressly prohibited. Only university-operated and approved cloud-based applications linked to University-issued accounts shall be used to store and share documents containing University information. Do not store/share University information on personally owned cloud services (e.g., Google, DropBox, Box, etc.). Please contact ITS for more information on approved applications for safe and secure cloud-based document storage and sharing.
- When using AI tools (including but not limited to ChatGPT, Microsoft CoPilot, Google Gemini, etc.), do not post and/or provide any sensitive and/or confidential information. In general, student records subject to FERPA, health information, proprietary information, and any other information classified as Confidential or Controlled university data must not be used with AI tools. Users should stay up-to-date on University practices and guidance on the use of AI tools for academic and administrative purposes.
Access to IT Resources
Central IT Resources
Students, faculty, administrators, staff, recognized student organizations, and approved external users may obtain IDs for use with the central IT activities related to instruction, research, or University administration. Students who are employed by the University will receive a separate user account to be used in connection with University business.
In the event that any member of the University or approved external user leaves, resigns, or in any way concludes his or her relationship with Ƶ for whatever reason, access to all IT resources, including, but not limited to, voice mail, email services, and files stored on university computing resources (desktops, file shares, etc.) will be terminated immediately. Accounts are automatically provisioned and de-provisioned based on information stored in the university’s system of record (currently, Banner) and are aligned with applicable university and departmental policies and procedures.
Qualified retirees (as defined by Human Resources) can request a retiree email account, which will be separate and distinct from the account previously assigned as a faculty or staff member.
To allow students the ability to communicate with faculty, complete assignments, and provide required notifications, email accounts for students are typically terminated 12 months after the end date of the last class taken.
Other IT Resources
Most of Pace's IT facilities and services—such as the Computer Resource Centers, the Computer-Equipped Classrooms, Video Conferencing rooms, consulting services, voice mail, and training--are available to members of the University community. ITS plans and budgets for central IT services. However, these services are not free. Users/departments may be required to fund the additional expense of excesses (based on historical, normal utilization) or abuses of Pace IT resources (expenses beyond the baseline budget). For more detailed information about access to any facility or service, visit the ITS home page.
Departmental IT Resources
For information concerning access to departmental IT resources, contact your department’s IT staff or Department Chair.
Data Security and Integrity
ITS-Maintained Equipment
ITS provides reasonable security against intrusion and damage to files stored in the central IT facilities. ITS also provides some facilities for archiving and retrieving files specified by users and for recovering files after accidental loss of data. However, other users can hold neither the University nor any IT staff member accountable for unauthorized access, or can they guarantee protection against media failure, fire, floods, etc. Users should use all available methods to protect their files, including frequently changing their passwords and utilizing University-approved and provided backup tools to back up their data. In the event that data has been corrupted as a result of intrusion, ITS should be notified immediately. Every reasonable attempt will be made to restore files to their status prior to intrusion; however, ITS cannot guarantee restoration.
Upon request, the IT staff will assist in implementing procedures to maximize security. Although ITS backs up some departmental servers and makes reasonable attempts to protect those servers from intrusion, it does not provide the same level of protection or offer restoration of files stored on departmental servers. Therefore, it is especially important that users back up their files and use all available means to protect their data on departmental systems.
The central Ƶ information technology organization (Information Technology Services, ITS), led by the University’s Chief Information Officer/VP, Information Technology, reserves the right to manage the University’s voice, data, and video bandwidth. Criteria for bandwidth management involves the integrity and robustness of University-owned equipment, data, and services as well as the appropriateness of bandwidth use when compared to the University’s academic goals, administrative missions, and appropriate use policy for information technology.
Departmental Facilities
Data security and integrity in departmental IT facilities vary depending on the department. Users should contact their department’s IT staff for more information on their security and data integrity procedures.
Privacy
To ensure compliance with Ƶ internal policies, applicable laws and regulations, and to ensure employee safety, Ƶ reserves the right to monitor, inspect, or search all Ƶ information systems (including the contents of University provided email accounts) at any time.
Ƶ management retains the right to remove from its information systems any material it views as offensive, potentially illegal, or otherwise contrary to University policies.
Access by IT Staff on Behalf of the University
Although not legally required to do so, the University respects the privacy of all users. However, it should be understood that all data created or stored on University systems is the property of Ƶ. Members of the ITS organization are forbidden to log on to another user’s account or to access a user's files, software, or other contents unless the user gives explicit permission (for example, by setting file access privileges). Exceptions to this privacy policy are made, however, under specific conditions. Such conditions include investigation of programs suspected of causing disruption to the network or other shared services, investigation of suspected violations of state or federal law or University policies, and investigations to avoid liability or in connection with internal hearings or litigation.
Before logging onto a user’s account or accessing files, software, or other contents, reasonable efforts will be made to notify the user, except when such prior notice would violate legal requirements or directives or jeopardize an internal investigation. In those instances, before a user’s account, files, software, or other contents are examined, the Vice President of Information Technology or their designee, after consultation with University Counsel, must have concluded that there is a legal obligation or other sufficient cause to examine the information without prior notice to or permission of the user. Information obtained in this manner is admissible in legal proceedings or in a University internal investigation or hearing. Information regarding security incidents and investigations will be kept confidential by all parties involved. Only authorized personnel may disclose such information. When accepting a user account, the user agrees to this policy.
Access by Administrators of Departmental IT Systems
The administrators of departmental IT systems, such as departmental IT staff, should not access a user's files without the explicit permission of that user or monitor file traffic at a level that will permit intrusion into the file contents. However, some exceptions may be necessary, for example, when a file is suspected of causing disruption to a local network or other shared services and a user cannot be reached. Furthermore, information about system users and information stored by them should be treated as confidential. Individual departments may have guidelines consistent with University policy that deal with access issues of their IT resources.
Electronic Communications
Users should not expect privacy of any electronic communications. IT systems administrators may see the contents of electronic communications due to serious addressing errors or as a result of maintaining the communications system. In those cases where administrators do see the contents of private electronic communications, they are required to keep the contents confidential. Users should also be aware that the current design of the networks is such that the privacy of electronic communications that leave Pace cannot be guaranteed. Also, when a user's affiliation with Pace ends, email subsequently received at Pace that is addressed to the former user will either be returned to the sender or, if appropriate, forwarded for an agreed upon limited time to an address specified by the former user or their supervisor.
Ownership of Copyright for Materials Developed with Pace's Resources
Ƶ has established guidelines related to ownership of copyright property. The exact policies and procedures relating to copyrights may be obtained from the office of University Counsel.
Responsibility for Errors in Software, Hardware, and Consulting
ITS, in conjunction with department IT Staff, makes its best effort to maintain an error-free IT environment for users and to ensure that the IT staff is properly trained. Nevertheless, it is impossible to ensure that IT system errors will not occur or that IT staff will always give correct advice. Pace presents no warranty, either expressly stated or implied, for the services provided. Damages resulting directly and indirectly from the use of these resources are the responsibility of the user. However, at the request of the user, when errors are determined to have occurred on IT facilities, members of the IT staff will make a reasonable attempt to restore lost University information to its state prior to the failure. As part of maintaining the IT environment, the IT staff applies vendor-supplied or locally developed fixes as appropriate when problems are identified. Given that vendors may be involved and that staff resources are finite, no guarantee can be made as to how long it may take to fix an error once it has been identified.
When software errors are considered major problems or could produce inaccurate results, users will be notified as soon as possible using appropriate electronic and/or other media.
Changes in the Pace IT Environment
When significant changes in hardware, software, or procedures are planned, notifications will be delivered through electronic mail and other channels to ensure that all users have enough time to prepare for the changes and voice any concerns that they might have.
Non-Compliance
All users of Ƶ's IT resources are required to comply with this Appropriate Use Policy for Information Technology, all other IT policies, and the University’s Guiding Principles of Conduct relating to the use of the University’s IT resources. Non-compliance with any of these policies may result in revocation of system or network access, notice to one’s supervisor and\or disciplinary action, up to and including termination of employment or dismissal from the University. Where applicable, a violation may subject the violator to civil and/or criminal liability.
Comments, Suggestions, Corrections, etc.
Questions concerning this or any other Information Technology Policy can be directed to the ITS Customer Support Center via .
Disclaimer Statement
Ƶ reserves the right to amend or otherwise revise this document as may be necessary to reflect future changes made to the IT environment. You are responsible for reviewing this Policy periodically to ensure your continued compliance with all Ƶ IT guidelines.