Acceptable Use of Computing Systems
Information and Technology
- Policy Statement
- Background and Purpose
- Roles and Responsibilities
- Enforcement and Reporting
- Policy History
- Related Information
This policy is not designed to impose restrictions that prevent users from performing their duties. The purpose of this policy is to ensure that all users of MSU Denver computing systems utilize these resources in a manner that supports the mission of the University and in a manner that protects these resources and their associated data from inappropriate access, usage, or other harm. All faculty, staff, students, contractors, and other users of University owned and maintained computer equipment and network resources must follow acceptable use policies.
Acceptable Use Standards
Users of MSU Denver computing systems must apply standards of normal academic and professional ethics while utilizing computing systems resources. These standards are found in:
- Student Code of Conduct
- Faculty Handbook
- Staff Handbook
Identification and Authentication
Users of MSU Denver computing systems must utilize user IDs or other unique user identification when accessing computer and/or network resources. Individuals must not knowingly access systems using another person’s account, and users must not share or allow others to use their accounts. Users should take reasonable precautions to protect their identity, passwords, and access to University computing systems.
MSU Denver computer systems may be accessed for incidental personal use, provided that such use does not result in noticeable impacts to system performance, incremental costs, or negatively impact performance of employee duties. Any personal use must not violate University policies, and must not violate applicable laws and regulations. Unauthorized use of University computing systems for personal profit is prohibited.
Intellectual Property and Copyright
Users of MSU Denver computing systems may only use legally licensed and obtained software in compliance with University policies and applicable copyright and intellectual property laws. MSU Denver is a member of EDUCAUSE, and users are expected to adhere to the Code of Software and Intellectual Rights which states:
Respect for intellectual labor and creativity is vital to academic discourse and enterprise. This principle applies to works of all authors and publishers in all media. It encompasses respect for the right to acknowledgement, right to privacy, and right to determine the form, manner, and terms of publication and distribution. Because electronic information is easily reproduced, respect for the work and personal expression of others is especially critical in computer environments. Violations of authorial integrity, including plagiarism, invasion of privacy, unauthorized access, and trade secret and copyright violations, may be grounds for sanctions against members of the academic community.
(See: “Using Software: A Guide to the Legal and Ethical Use of Software for Members of the Academic Community,” Educom/ITAA)
Computer users must respect the privacy of others by refraining from inspecting, broadcasting, or modifying data without the consent of the individual or individuals involved, except as permitted as part of their employment, and then only to the extent necessary for employment. University employees and others may not seek out, examine, use, modify, or disclose, without authorization, personal or confidential information which they need not access as part of their job function.
Employees must take necessary precautions to protect the confidentiality of personal or confidential information encountered in the performance of their duties or otherwise.
University users of email or other electronic communications shall not employ a false identity, nor may e-mail be sent anonymously with the intent to deceive.
University computing services shall not be used for purposes that cause, or could reasonably be expected to cause, directly or indirectly, excessive strain on any computing facilities or unwarranted/unsolicited interference with others' use of Computing Systems and Services.
This provision explicitly prohibits the posting of unsolicited electronic mail to lists of individuals, and the inclusion on electronic mail lists of individuals who have not requested membership on the lists.
Students may be required to accept membership in an electronic mailing list for a class in which they are registered or for the purpose of official communications between authorized University personnel and an identified group of students.
Faculty and staff may be required to accept membership in an electronic mailing list for the purpose of official University communications.
The University may take action to protect computer users from interference. Information Technology Services (ITS) or someone designated by the Chief Information Officer (CIO) or the Chief Information Security Officer (CISO) may authorize the termination of connections with internal or external systems or services whose users interfere with the operation of University computing facilities.
Obscenity and Harassment
University Computing Systems and Services may not be used in a manner that would violate University policies on sexual harassment and equal opportunity. Links to the Student Code of Conduct, Faculty Handbook, Handbook for Professional Personnel, and the Classified Employee Handbook are provided below.
Computer activity may be monitored by authorized individuals for purposes of maintaining system performance and security. In instances when individuals are suspected of abuse of computer usage, the contents of user files may also be inspected upon the approval of the Office of General Counsel, in addition to one or more of the following offices: Human Resources, Equal Opportunity, or the Dean of Students. Any such monitoring or inspection must be formally requested and approved through IT Services HelpDesk tickets to ensure that the request and any related activities are appropriately documented.
Violations of University policies governing the use of University computing services may result in restriction or termination of access to University information technology resources. In addition, disciplinary action may be applicable under other University policies, guidelines, procedures, or collective bargaining agreements, up to and including dismissal.
At the discretion of the manager of the computer system or service in question, or designee, in collaboration with the appropriate authority, computer use privileges may be temporarily or permanently revoked pending the outcome of an investigation of misuse, or finding of violation of this policy. When practical and appropriate, 24-hour notice will be given in advance of revocation.
All data, programs, and files placed on or contained in the university computer systems are subject to the University's copyright, patent, and privacy policies. Additional rules may be in effect at specific computer facilities at the discretion of the directors of those facilities.
Background: MSU Denver's information security policies were created by the IT Strategic Oversight Committee (ITSOC) Information and Instructional Technology Policies Subcommittee and reviewed by the University’s Policy Advisory Committee. Review of these policies will be made on an annual basis, with any changes or additions being submitted through the University’s policy review and approval process.
Purpose: MSU Denver’s information security policies are focused on protecting critical data and information systems of Metropolitan State University of Denver from loss, damage, or inappropriate modification or disclosure. The policies contained in this document are designed to ensure that the University adheres to security standards commensurate with the data and systems referenced, while maintaining appropriate functional access for students, faculty, and staff.
Scope: These policies apply to all individuals, including students, faculty, and staff, provided access to University data and information technology systems. Contractors and otherwise affiliated individuals must agree to abide by the information security policies before accessing university systems and data. Role-based policies and procedures that apply to specific groups of users will be provided when applicable, in accordance with functional requirements and data classification.
Responsible Executive: Chief Information Officer
Responsible Administrator: Chief Information Security Officer
Responsible Office: Information Technology Services
Policy Contact: IT Services, msudenver.edu/technology, 303-352-7548
Adherence to Information Security Policies is mandatory and may be based on State or Federal statute, contract language, or information security standards. These policies are not intended to unreasonably interfere with system utilization. Individuals should contact the IT Services Help Desk to report security risks, violations of policy, or to make requests for exceptions or amendments to the policies. The Chief Information Security Officer (CISO) and other IT Services staff will respond to all reported security issues and will work with the policy subcommittee to allow for development of appropriate updates to policies. Violations of these policies may result in fitting administrative action up to and including revocation of system privileges, employee termination, or student expulsion.
Information on the Information and Instructional Technology Policy Subcommittee is available on the IT Governance website.
Effective: July 1, 2017
Approved by: President
- Equal Opportunity Office: Policies and Procedures
- Handbook for Professional Personnel: Handbooks/Manuals/Rules
- Classified Employee Handbook: colorado.gov/pacific/dhr/EmployeeHandbook
- See User Account Policy
- See Information and Instructional Technology Policy Subcommittee
- EDUCAUSE - Using Software: A Guide to the Legal and Ethical Use of Software for Members of the Academic Community," Educom/ITAA, https://www.educause.edu/ir/library/html/code.html