System Management - Office
C.E.S.P. 4-19: Computer and Network Use
Date Revised: 4-20-2012
Summary: Establishes policy governing use of Cooperative Extension Service computer and network resources.
The purpose of this policy is to establish practices for the Cooperative Extension Service (CES) in order to maintain its network and computer systems in a manner that supports its missions in teaching, research, and outreach, while complying with legal, policy, and contractual obligations. All use must be consistent with CES educational and research objectives and established ethical standards.
This policy applies to all CES Information Technology (IT) resources, whether individually controlled, shared, stand-alone, or networked. It applies to all computers and communication facilities owned, leased, operated, or provided by the CES or otherwise connected to CES IT resources. These include, but are not limited to: networking devices, tablets, telephones, wireless devices, personal computers, workstations, and any associated peripherals and software, whether used for administration, research, teaching, or other purposes. CES discourages storing, processing, or transmitting university information using personally owned devices that are connected to CES resources.
Maintaining access to these resources is necessary for maintenance of computers, networks, data, and storage systems; to maintain the integrity of the computers, networks, and storage systems; or to protect the rights and property of the University and its users. Authorized personnel may use management tools to routinely monitor and log usage data, such as network session connection times, inventory, CPU and disk utilization for each user, security audit trails, and network loading. In all cases, the integrity of user data shall be protected to the greatest extent possible.
“Users" include but are not limited to staff, faculty, subcontractors, visitors, visiting scholars, potential students, research associates, grant and contract support personnel, media representatives, guest speakers, and non-CES entities granted access. All such "users" are required to be familiar with and comply with this policy.
CES uses computer and networking resources as tools to promote the organization's educational programming efforts. Personnel using CES computing resources are expected to abide by the following policies, which are intended to secure the proper use of information and preserve the right to maintain access to the University of Arkansas network.
CES has the responsibility to administer, protect, and monitor CES’s computers, software, and networks. The purposes of CES’s information technology management are to:
- Manage computing resources so that members of the CES community benefit equitably from their use;
- Protect CES computers, networks and information from destruction, tampering, and unauthorized inspection and use;
- Communicate CES policies and the responsibilities of individuals systematically and regularly in a variety of formats to all parts of the CES community;
- Establish and support security standards for electronic information that community members produce, use, or distribute;
- Monitor policies and propose changes in policy as events or technology warrant;
- Maintain and manage software licenses;
- Track hardware as needed.
Storage of non-work related data and information on CES equipment is discouraged. Programs should not be installed or run on any of CES's computers without prior approval by the CES IT department.
CES computers are required to use anti-virus software with current virus profiles. Virus scans should be run on a regular basis.
All computers shall have an automatic password protected screen saver set to a maximum of 20 minutes except for instances where the computer is located in a secure location or when the computer is used for research or monitoring in which such protection could hinder the operation. In these instances, alternative security controls may be necessary to ensure adequate protection.
Personnel connecting to networks outside the CES local area network must conform to the acceptable use policies governing those connecting networks.
Respect for privacy is required. Users shall not intentionally seek out information on, obtain copies of, or make modifications to data, applications or passwords belonging to other users.
Use of obscenity and harassment of other users is prohibited.
Copyright and license protection must be observed. Use and distribution of software and data should conform to the licensing agreement which govern them. Internally developed electronic publications may be copied freely with the approval and recognition of the author(s).
Development of applications for the purpose of harassment such as viruses, chain letters, and mass distribution of inflammatory remarks is prohibited.
CES resources may not be used for commercial gain or personal profit.
CES provides computer, e-mail, network, & Internet to faculty and staff for the purpose of furthering education, research, and conducting general business. While incidental and occasional personal use of such systems is permissible, personal communications and data transmitted or stored on CES information technology resources are treated as business communications.
Incidental and occasional personal use of computers and network resources is permitted by CES but may not interfere with normal operations. Company electronic resources exist for business purposes; therefore, all content contained therein belongs to the organization and is accessible at any time by the organization. In the event of termination, an employee’s access to his/her computer, network and system access, and e-mail accounts and any personal material within these accounts is immediately terminated.
All non-maintenance requests submitted to IT for access to data on a CES owned device must be submitted and approved, as appropriate, by CES Administration, the Human Resources Office Director, and/or Director of the Office of Affirmative Action and must include all of the following:
- Reason for the request, which must correspond to the disclosure rules provided by this policy
- Name of the requestor
- Recipient of the data
Violations will be addressed through appropriate disciplinary actions based upon the severity of the infraction and include, but are not limited to, suspension of network account, removal of computer equipment, probation and termination of employment.