Responsible Official: VP for Information Technology & CIO
Administering Division/Department: Office of Information Technology
Effective Date: March 31, 2007
Last Revision: March 15, 2011
Computers, networks, and software applications are powerful tools that can facilitate Emory’s core missions in teaching, learning, research, and service. Access and utilization of these tools is a privilege to which all University faculty, staff, students, and authorized guests are entitled. This policy documents the responsibilities that accompany this privilege.
Campuses, schools, colleges, departments, and other administrative units have considerable latitude in developing complementary information technology conditions of use policies, as long as they are consistent with this enterprise policy and any other applicable policies of the University. Such policies may be more restrictive than the enterprise policy, but must not be more permissive.
This policy applies to Emory faculty, staff, students, and retirees who have been issued computer accounts such as an Emory NetID and to visitors and guests who have been issued sponsored computer accounts. This policy applies to all Emory information technology resources, whether they are accessed from campus or from a remote location. This policy also applies to anyone who has been granted access to or connects any device to the Emory network or Emory IT resources.
- Emory’s information technology (IT) resources are provided for uses consistent with the University’s missions of teaching, learning, research, and service or for related administrative support.
- The use of Emory’s IT resources must be consistent with other University policies, government regulations and laws.
- IT resources are not to be used for private financial gain, for supporting non-Emory related businesses, or for supporting political candidates or campaigns.
- Users of Emory IT resources are expected to read and abide by all relevant IT policies and standards and to complete any prescribed IT security training.
Information Security Requirements:
- Users of Emory’s IT resources may not:
- Share their passwords or other access credentials;
- Attempt to hack, bypass, or violate security controls or conduct unauthorized testing of IT resources for security vulnerabilities;
- Access, modify, or share sensitive data or information obtained from any of Emory’s systems without appropriate authorization;
- Use access credentials issued to other individuals or attempt to impersonate another individual in order to access IT resources.
- Users of Emory IT resources must:
- Implement reasonable and appropriate safeguards to protect sensitive or critical information that they create or maintain;
- Dispose of sensitive information in a secure manner (e.g. shredding, physical destruction, disk wiping)
- Report any IT security incidents or security policy violations;
- Cooperate with authorized IT security investigations;
- Cooperate with authorized requests to discontinue activities that threaten the confidentiality, integrity, or availability of IT resources.
- Return all institutional data and IT resources to Emory upon termination of employment and securely delete all institutional data from personally owned devices/media.
- Users of Emory’s IT resources may not use those resources for any unethical or illegal purpose, including but not limited to the following:
- Violating copyrights or license agreements for any type of intellectual property (e.g. software, music, audio/video recordings, photographs, illustrations, documents, media files, e-journals, e-books, databases) (see http://web.library.emory.edu/services/copyright-publishing for more information on University guidelines for copyright and fair use);
- Harassing other members of the Emory community;
- Destroying or stealing equipment, software, or data belonging to others;
- Intentionally damaging or destroying the confidentiality or integrity of IT resources or disrupting their availability;
- Monitoring or disrupting the communications of others.
- Limited and reasonable personal use of Emory’s IT resources is acceptable and allowed, as long as it does not:
- Interfere with the fulfillment of an employee's responsibilities;
- Adversely impact or conflict with any activities that support Emory’s mission or operations;
- Involve the viewing or distribution of pornography;
- Result in any measurable cost to Emory;
- Reflect poorly on the institution;
- Violate any other applicable University policies.
Network Protection and Monitoring:
- Authorized Emory staff may without notice:
- Monitor, inspect, or copy network communications, IT resources, and the data they contain. Use of the Emory network and/or IT resources constitutes consent to such monitoring;
- Assess IT resources connected to the Emory network for security vulnerabilities;
- Take emergency protective actions such as restricting user access rights or access to IT resources or the network;
- Block potentially malicious network communications.
- Failure to comply with Emory’s Information Technology Conditions of Use policy may result in:
- Removal of inappropriate material from the relevant IT resources;
- Suspension or termination of access;
- Disciplinary actions (up to and including termination of employment) in accordance with applicable university policy;
- Civil or criminal prosecution.
- Current Version of This Policy: http://policies.emory.edu/5.1
- Connecting to the Emory Data Network (http://policies.emory.edu/5.4)
- Emory Network IDs (NetIDs) and Passwords (http://policies.emory.edu/5.5)
- Peer-to-Peer File Sharing (http://policies.emory.edu/5.7)
- Disk Encryption Policy (http://policies.emory.edu/5.12)
- Automatic Forwarding of Email from the EmoryExchange Environment (http://policies.emory.edu/5.13)
- Copyright, Publishing and Fair Use (http://web.library.emory.edu/services/copyright-publishing)
Subject Contact Phone Clarification of policy Brad Sanford 404-727-2630 firstname.lastname@example.org