Acceptable Use Standard
Date of Current Revision or Creation:ÌýJuly 1, 2023
The purpose of an Information Technology Standard is to specify requirements for compliance with Old à£à£Ö±²¥Ðã University Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.
Purpose
The purpose of a compliance standard is to provide the University community with a clear understanding of the terms and conditions under which access to any Old à£à£Ö±²¥Ðã University information technology resource is granted.
Definitions
Account holders are users who have been granted computer account permissions to access and use Old à£à£Ö±²¥Ðã University information technology resources.
Information Technology Resources are defined as computers, telecommunication equipment, networks, automated data processing, databases, the Internet, printing, management information systems, and related information, equipment, goods, and services.
Standards Statement
Acceptable Usage Statement
The Acceptable Use Statement is included in the application that account holders complete prior to receiving rights to an account.
Account holders are granted access to computing, networks, telecommunications, and electronically stored information contingent upon their prudent and responsible use. Access is granted to the individual only. Individuals are not authorized to transfer or share access with another. This Acceptable Use Statement applies to all current and future accounts and access to University IT resources. The acceptance of the Acceptable Use Statement is logged.
Terms of Use
Account holders acknowledge understanding of the terms of use and consent to the following:
- In any investigation of misuse, the University may inspect, without prior notice, the contents of files, voice mail, logs, and any related computer-generated or stored material, such as document output.
- Computer files may be inspected occasionally by systems personnel when assuring system integrity or performing related resource management duties.
- Users will comply with the institution's policies and procedures regarding information technology and telecommunication resources.
ODU reserves the right (with or without cause) to monitor, access, and disclose all data created, sent, received, processed, or stored on ODU systems.
Account Holder Responsibilities
Account holders are responsible for the following in the use and security of all accounts.
- An account is to be used only by the designated user. The designated user is solely responsible for all work done in that account.
- Each account may be used only for the expressed purpose of supporting the University's mission.
- Users are responsible for protecting their passwords. Users must take precautions and practice secure password management.
- Any user feeling pressured to reveal a password or suspect that their account has been compromised should contact the IT Security Team. Non-reported cases of unauthorized access may be classified as intentional and subject to enforcement procedures.
- Users are responsible for locking or logging out of any device. The account holder may be responsible if someone uses that account to make an unauthorized act.
Unacceptable Behavior
The following actions are considered unacceptable behavior.
- Account holders may not use information or resources for any illegal or unauthorized purpose or act to violate Federal, State, or local laws or University policies.
- In accordance with Virginia Code § 2.2-2827: Restrictions on state employee access to information infrastructure, account holders may not utilize University-owned or University-leased computer equipment to access, download, print or store any information infrastructure files or services having sexually explicit content except to the extent required in conjunction with a bona fide, University-approved research project or other University-approved undertaking.
- In accordance with Virginia Code 2.2-5514.1. Prohibited applications and websites, account holders may not download or use any application, including TikTok or WeChat, or access any website developed by ByteDance Ltd. or Tencent Holdings Ltd. (i) on any University-issued device or University-owned or University-leased equipment or (ii) while connected to any wired or wireless Internet network owned, operated, or maintained by the University, except to the extent authorized (by the Superintendent of State Police or the chief law-enforcement officer of the appropriate locality or institution of higher education) for the purpose of allowing participation in law-enforcement-related matters.
- Account holders may not participate in any malicious behavior that harms or interfere with others' use of resources.
- Account holders may not use resources or information for commercial purposes without prior authorization.
- Account holders may not disrupt network services or tamper with software protections or restrictions.
- Account holders may not use copyrighted and licensed materials on ODU systems unless ODU owns the materials or ODU has otherwise complied with intellectual property laws governing the materials.
- Account holders may not transmit unencrypted sensitive data over the Internet.
Enforcement
Misuse of computing, networking, and information resources may result in severe consequences, including the loss of access to information technology resources.
Account Termination
IT management has the responsibility to maintain accurate access privileges to information technology resources.
Access privileges will be terminated for employees transferring departments or leaving University employment.
Student accounts are deactivated in accordance with student enrollment status.
Procedures, Guidelines & Other Related Information
- Federal and State Law
- Policy 3500 - Use of Computing Resources
- Policy 3501 - IT Access Control Policy
- IT Standard 4.2.0 - Account Management Standard
- IT Standard 10.1.0 - Disciplinary Action
- Security Awareness Training
History
Date |
Responsible Party |
Action |
October 2008 |
ITAC/CIO |
Created |
October 2009 |
ITAC/CIO |
Reaffirmed |
October 2010 |
ITAC/CIO |
Reaffirmed |
October 2011 |
ITAC/CIO |
Reaffirmed |
October 2012 |
ITAC/CIO |
Reaffirmed |
December 2012 |
IT Policy Office |
Minor rewording for clarity Numbering revision |
December 2018 | IT Policy Office | Definitions and links checked |
October 2021 | IT Policy Office | Definitions and links checked |
July 2023 | IT Policy Office | Revised to add specific legislative language |