TSUS Policy Guideline: Appropriate Use of Information Technology Resources Policy Guideline ID: TSUS IT.01.03 Approval Authority: TSUS Board of Regents Initial ITTF Approval Date: October 19, 2007 Effective BOR Date: May 16, 2008 Last Revised: August 13, 2015
The Texas State University System (TSUS) considers information technology as a critical enabler in meeting its mission and has made significant investments in information technology assets and capabilities. Likewise, Texas Administrative Code, Chapter 202, Subchapter C, describes the information technology resources that support the operations of Texas public higher education institutions as “strategic and vital assets belonging to the people of Texas” and that these resources must be managed “commensurate with their value” in a fashion that assures their protection and availability for appropriate use by authorized individuals. Compliance with this policy contributes to the availability, protection, and appropriate use of the information technology resources of the Texas State University System and its component institutions.
It is the policy of the Texas State University System to afford broad access to information technology resources by each institution’s students, faculty and staff for activities that are related to, and in fulfillment of, institutional missions. To guide the policies related to appropriate use of Information Technology, the Texas State University System has set forth the following specific topics to be addressed in each institution’s specific policy statement on appropriate use of information technology resources. Each component institution is charged with establishing and disseminating an institutional appropriate use policy statement that complies with the guidelines articulated in this TSUS policy statement.
1. Institutional vs. Individual Purpose
Access to information technology resources carries with it the responsibility for ensuring that the use of these resources is primarily for institutional purposes and institution-related activities, and for maintaining the integrity and security of the institution’s computing facilities. In the interest of making the use of information technology resources a natural part of the day-to-day work of all members of the institutional community, incidental personal use is tolerated. However, one should not use any information technology resources in an extensive or regularly recurring manner for activities that are unrelated to institutional purposes. Individuals with authorized access to information technology resources must ensure that their access permissions are not accessible to or usable by any other individuals.
2. Personal vs. Official Representation
Information technology resources are a dynamic mechanism for the free exchange of knowledge. It is desirable for the institution to foster the robust dialogue that results from the use of the resources and to encourage students, faculty and staff to participate in that dialogue. Those exchanges that reflect the ideas, comments and opinions of individual members of the institutional community must, however, be distinguished from those that represent the official positions, programs and activities of the institution. Students, faculty and staff using information technology resources for purposes of exchanging, publishing or circulating official institutional documents must follow institutional requirements concerning appropriate content and style. The institution is not responsible for the content of documents, exchanges or messages, including links to other information locations on the internet or world wide web, that reflect only the personal ideas, comments and opinions of individual members of the institutional community, even where they are published or otherwise circulated to the public at large by means of institutional information technology resources.
3. Limitations on the Availability of Information Technology Resources
The institution’s information technology resources are finite by nature. All members of the institutional community must recognize that certain uses of institutional information technology resources may be limited or regulated as required to fulfill the institution’s primary teaching, research and public service missions. Examples of these limitations include those related to capacity management, performance optimization, or security of the institution’s information technology systems.
4. Privacy and Confidentiality of Electronic Documents
No information technology system can absolutely guarantee the privacy or confidentiality of electronic documents. More importantly, information technology resources provided by the TSUS and its component institutions are essentially owned by the State of Texas and subject to state oversight. Consequently, persons that use these state-owned resources, or any personally owned or third party device that may be connected to a state-owned resource, have no right to privacy in their use of these resources and devices. TSUS institutions should, however, take reasonable precautions to protect the privacy and confidentiality of electronic documents and to assure persons using institutional information technology resources that the institution will not seek access to their electronic messages or documents without their prior consent except where necessary to:
Satisfy the requirements of the Texas Public Information Act, or other statutes, laws or regulations;
Allow institutional officials to fulfill their responsibilities when acting in their assigned capacity;
Protect the integrity of the institution’s information technology resources, and the rights and other property of the institution;
Allow system administrators to perform routine maintenance and operations, security reviews and respond to emergency situations; or
Protect the rights of individuals working in collaborative situations where information and files are shared
TSUS institutions should establish more detailed procedures for appropriately preserving the privacy of electronic documents and for determining the methodology by which non-consensual access to electronic documents will be pursued by the institution.
5. TSUS Institutional Responsibilities
In order to assist members of the institutional community in fulfilling their responsibilities with respect to use of information technology resources, each component institution shall establish and disseminate an institutional appropriate use policy statement that complies with the guidelines articulated in this TSUS policy statement. Each institution shall also provide appropriate guidance with regard to other specific institutional policies affecting the use of information technology resources. These specific policies should at a minimum cover topics detailed in the Texas Administrative Code, Title 1, Part 10, Chapter 202, Subchapter C related to security standards for institutions of higher education.
6. Failure to Comply with Information Technology Resource Policies
Failure to adhere to the provisions of this TSUS policy statement or the appropriate use policy statement of any component institution may result in:
suspension or loss of access to institutional information technology resources
appropriate disciplinary action under existing procedures applicable to students, faculty and staff, and
civil or criminal prosecution
To preserve and protect the integrity of information technology resources, there may be circumstances where the institution must immediately suspend or deny access to the resources. Should an individual’s access be suspended under these circumstances, the institution shall strive to inform the individual in a timely manner and afford the individual an opportunity to respond. The institution shall then determine what disciplinary action is warranted and shall follow the procedures established for such cases.
Scope and Applicability
This policy statement applies to all persons and organizations that manage or utilize information technology resources belonging to the TSUS or any of its component institutions.
Information Technology Resources include any of the following that are owned, operated, or supplied by the TSUS or one of its component institutions: usernames or computer accounts, hardware, software, communication networks and devices connected thereto, electronic storage media, related documentation in all forms, and professional and technical support services. Also included are data files resident on hardware or media owned or supplied by the TSUS or a component, regardless of their size, source, author, or type of recording media, including e-mail messages, system logs, web pages and software.
Institution refers to any of the following seven components of the Texas State University System:
Sam Houston State University
Sul Ross State University
Texas State University
Lamar Institute of Technology
Lamar State College-Orange
Lamar State College-Port Arthur
Authority and Responsibility
Questions related to this policy statement or to the appropriate use policy statement at any component institution should be addressed to the Chief Information Officer at the component institution.
Additional background, Related Policies, and other References
In addition to the general principles set forth in this policy statement, the use of information technology resources may be affected by a number of other legal requirements and ethical principles. While it is not possible to list all potentially applicable laws and regulations, the most relevant to the use of institutional information technology resources are listed in TSUS Policy Guideline TSUS IT.02.01, Information Security Policy, and are included in this policy guideline by reference.
Students, faculty and staff are responsible for understanding and observing these and all other applicable policies, regulations and laws in connection with their use of the institution’s information technology resources.