Policy Number: 180

Acceptable Use of University Information Resources

Subject:

Information Resources

Scope:

All users of university information resources.

Date Reviewed: February 2015

Responsible Office: Information Technology

Responsible Executive: Vice President and Chief Information Officer

I.     POLICY AND GENERAL STATEMENT

The University of Texas Health Science Center at Houston (“university”) relies on University Information Resources and University Data to conduct university business and achieve the university’s mission. University Information Resources and University Data must be used appropriately to ensure their availability and preserve their integrity and confidentiality so that the university can meet its academic, research and clinical commitments and goals. Federal and state laws and regulations, The University of Texas System (UT System) policies and university policies also require appropriate use and adequate protection of University Information Resources and University Data.

All Users are responsible for using and protecting University Information Resources and University Data appropriately and in accordance with this policy.

Nothing in this policy supersedes or modifies HOOP 201, Intellectual Property, HOOP 92, Research Data Retention and Access, or any other applicable university or UT System policies or Regents Rules pertaining to the ownership of intellectual property.

II.     DEFINITIONS

University Information Resources:  All computer and telecommunications equipment, software, and media that is owned or controlled by the university or maintained on its behalf. 

University Data: All data or information held on behalf of the university or created as a result and/or in support of university business, including paper records. 

User:  Any individual granted access to University Information Resources and/or University Data.

Confidential Data:  All University Data that is required to be maintained as private or confidential by applicable law.  

Peer-to-Peer File Sharing Software: Computer software, other than computer and network operating systems, that has the capability to allow the computer on which it is used to designate files available for transmission to, transmit files directly to, and request transmission of files from another computer using the same software.  Examples include, but are not limited to,KaZaA, BitTorrent, Gnutella, eDonkey, eMule, Direct Connect, Vuze, Ares.

Virtual Machine: A software implementation of a machine (i.e., a computer) that executes programs as a physical machine would.

III.     PROCEDURE

     A. Ownership and Access to University Information Resources; No Right to Privacy

Except as otherwise provided by HOOP 201, HOOP 92 or any other applicable university or UT System policies or Regents Rules pertaining to ownership of intellectual property, all University Information Resources and University Data are the property of the university and subject to this policy and all other applicable university and UT System policies. All University Data created and/or retained by a User are subject to this policy, even if created, stored, processed and/or transmitted on a User’s or another person’s personal computer, smart phone, e-mail account, or other personal device or other non-university owned website. 

All University Information Resources and University Data are subject to access and/or monitoring by the university and/or UT System without notice for any purpose consistent with the duties or mission of the institution including, but not limited to, responding to public information requests, court orders, subpoenas or litigation holds and conducting University Information Resource related maintenance, inventories and investigations related to the duties and missions of the university. To the extent a User has created, stored, processed and/or transmitted University Data on the User’s or another person’s personal computer, smart phone, e-mail account or other personal device or other non-university owned website, the User must provide the university with access to that University Data upon request.  The university does not assert an ownership interest in the content of exclusively personal information or documents stored on University Information Resources as part of a User’s Incidental Use, as defined in this policy.  However, such information and documents may be subject to access and/or monitoring by the university as described above.     

     B. Guidelines for Use of University Information Resources and University Data

Users are required to formally acknowledge that they will abide by this policy. Users are also required to complete initial and recurring information security awareness training.  Failure to agree to and abide by these requirements will result in termination of User’s access to University Information Resources and University Data.

Users must report any identified weakness in university computer security and any incident of possible misuse or violation of this policy to one of the following:

Users who fail to comply with this policy are subject to disciplinary action up to and including termination of employment, professional or business relationship, or dismissal from school. In some instances of non-compliance, civil remedies or criminal penalties may apply.

A User’s access may be disabled (via account or connection) at the university’s sole discretion if required security software is not installed on the User’s computer or device, or if activity indicates that the computer or device may be infected with a virus or malware, be party to a cyber attack or may otherwise endanger the security of University Information Resources or University Data.  Access may be re-established once the computer or device is deemed secure by the Information Security Department.

  1. General Practices
  1. Incidental Use
  1. E-mail and Internet Use
  1. Access to University Information Resources and University Data
  1. Passwords and Access Codes
  1. Security and Protection of University Information Resources and/or University Data

This section applies to all computers and other devices or systems upon which University Information Resources or University Data are maintained regardless of whether the device or system is owned by the university.

  1. Confidential Information

IV.     CONTACTS

ContactTelephoneEmail/Web Address
IT Risk and Compliance Manager 713-486-3608 itcompliance@uth.tmc.edu