Faculty and Contract Staff Handbook
(7) Administrative Policies
(7A) FISCAL, SAFETY, AND HEALTH POLICIES
(7B) COMPUTER POLICIES
(7C) USE OF TRINITY UNIVERSITY FACILITIES
(7D) CONFERENCES AND SPECIAL PROGRAMS
(7B) INFORMATION TECHNOLOGY POLICIES
(Articles I-XIV approved by the President July 2008)
For a summary of recent changes to this chapter, see Chapter 9A: Summary of Recent Revisions to this Handbook.
Contents of this page:
I. ACCEPTABLE USE POLICY
A. Purpose
The hardware and software that constitute Trinity’s computing network are vital to the operation of the university. Inappropriate use of the network can detrimentally affect our ability to accomplish the institution’s mission. Every user of the network has a responsibility to utilize these shared resources in an appropriate manner. The Acceptable Use Policy addresses that responsibility.
B. Scope
The Acceptable Use Policy applies to all users of the Trinity computing network.
C. Policy
Network users are expected to respect restrictions on authorized access to network information and resources. Violations of this policy include activities such as:
use of another user’s password (with or without their knowledge);
sharing of one’s own password with another user;
employing either directly or by implication a false identity when using an account or other network resources;
attempts to gain access to information or resources for which a user does not have explicit authorization;
giving another individual the means to access data or resources they are not authorized to access;
obtaining, possessing, using, or attempting to use passwords or other information about someone else's account;
inspecting, modifying, distributing, or copying data, mail, messages, or software without proper authorization, or attempting to do so;
tapping phone or data lines; accessing files by circumventing privacy or security restrictions.
violations of copyright as in recording or taping of entertainment media without payment of fees or permission of copywright holder.
Network users are expected to treat all network hardware with care and are expected to utilize all network resources in ways that respect the other network users. The following activities constitute violations of this policy:
damaging University hardware,
introducing viruses,
deliberately slowing a system,
attempting to crash a system.
Discriminatory, demeaning, or abusive behavior may be subject to the University’s Policy Statement on Harassment as described in the Faculty and Contract Handbook or the Student Conduct Polices on Respect for Self, Others, and the Community, Respect for Property, Personal Responsibility, or Harassment as described in the Student Handbook.
Network users are expected to use systems for authorized purposes only.Violations include activities such as:
advertising for a commercial organization,
running a business,
activities that violate state or federal law.
D. Definitions
The Trinity computing network is the group of stations (computers, telephones, or other devices) owned or operated by Trinity University connected by communications facilities owned or operated by Trinity University for exchanging information. Connection can be permanent, via cable, or temporary, through telephone or other communications links. The transmission medium can be physical (e.g., fiber optic cable) or wireless (e.g.. satellite, wi-fi).
II.
NETWORK PROTECTION POLICY
A. Purpose
The hardware and software that constitute Trinity’s computing network are vital to the operation of the university. Viruses, malware, computer vulnerabilities and inappropriate use of the network are a threat to these resources and can detrimentally affect the ability to accomplish the institution’s mission. Trinity University has a responsibility to maintain these resources and ensure they are used in an appropriate manner.
B. Scope
The Network Protection Policy applies to all users of the Trinity computing network.
C. Policy
Trinity University has the responsibility to protect valuable network resources and the confidentiality of sensitive personal information from any and all threats. In keeping with this responsibility, Trinity University scans computer hardware devices connected to the Trinity computing network for key security vulnerabilities. Where sufficient cause has been found to indicate a threat to the network, a threat to the university or a violation of federal or state law, Trinity may disable the network access of the offending hardware device. Any attempt by a user to circumvent the system or process of scanning for key security vulnerabilities is a violation of this policy.
Use of the Trinity computing network constitutes the user’s acceptance of this policy.
D. Definitions
The Trinity computing network is the group of stations (computers, telephones, or other devices) owned or operated by Trinity University connected by communications facilities owned or operated by Trinity University for exchanging information. Connection can be permanent, via cable, or temporary, through telephone or other communications links. The transmission medium can be physical (i.e. fiber optic cable) or wireless (i.e. satellite).
III. PASSWORD POLICY
A. Purpose
Passwords are an important aspect of computer security. A poorly chosen password may result in the compromise of Trinity University’s entire network. The purpose of having a password policy is to ensure a more consistent measure of security for Trinity’s network and the information it contains. The implementation of this policy will better safeguard the personal and confidential information of all individuals and organizations affiliated, associated, or employed by Trinity University. Additionally, this policy establishes a standard for creation of strong passwords, the protection of those passwords, and the frequency of change of passwords.
B. Scope
The Password Policy applies to all persons accessing the Trinity University network regardless of their capacity, role or function. Such persons include students, faculty, staff, third party contractors, visitors (guests), consultants and employees fulfilling temporary or part-time roles.
C. Policy
All Trinity owned electronic devices must, if possible, have password protection enabled.
All passwords (e.g., email, web, voice mail, computer, PDA, BlackBerry, etc.) must be changed at least every 12 months. Individuals with access to critical areas of information will be required to change their T.U. password at least every 90 days. Such users will be identified by the Director of Information Technology Services. For example, employees of Trinity University with “change level access” to the university administrative system(s) will be required to change their passwords every 90 days.
Passwords must not be inserted into email messages or other forms of electronic communication and should not be shared with anyone, including via email or phone conversations.
Passwords should not be written down or stored electronically without encryption.
All passwords must be at least 8 characters long, contain at least 2 numbers or special characters, not be a word in the dictionary, and not be part of your name or user name. If the device or application does not permit a password to meet these criteria, the password should satisfy as many of these criteria as possible.
Guidelines and suggestions for creating strong passwords can be found at: http://www.trinity.edu/its/faqs/faq.asp?ID=23
IV. Recurring Mass E-mail Opt-Out Policy
A. Purpose
To ensure that network system resources are not strained and important communications via email are not overlooked or discarded by users, the number of recurring, large mass email messages received by users from university departments and offices should be kept to a minimum.
B. Scope
The Recurring Mass Electronic Messaging Opt-Out Policy applies to all users, departments and offices that send recurring mass email messages to Trinity email accounts through the Trinity computing network.
C. Policy
Recurring mass e-mail messages, with a total size of 1MB or larger (including any attachments), sent to Trinity email accounts through the Trinity computing network, must provide the recipients with the option to opt-out from receiving further messages. Therefore, all recurring mass e-mail messages with a total size of 1MB or larger must be sent through the Lyris listserv ListManager. Initial set up of a recurring e-mail list in Lyris, must be requested through the ITS Helpdesk. Upon set up, lists may include all students, faculty, staff and alumni if requested. Thereafter, all messages sent to the Lyris list will automatically include an opt-out notice in the footer of the message. The opt-out notice will instruct users how to opt-out from receiving further messages.
D. Definitions
Trinity email accounts are individual email accounts provided by the university to students, faculty and staff with an address of @trinity.edu. Messages for Trinity email accounts are stored on Trinity University owned servers.
The Trinity computing network is the group of stations (computers, telephones, or other devices) owned or operated by Trinity University connected by communications facilities owned or operated by Trinity University for exchanging information. Connection can be permanent, via cable, or temporary, through telephone or other communications links. The transmission medium can be physical (i.e. fiber optic cable) or wireless (i.e. satellite).
Recurring mass email messages are mass e-mail based messages that are sent by users, departments or offices regularly or on a scheduled basis to many recipients of the Trinity University community. This includes, but is not limited to, newsletters.
(Pursuant to Gramm Leach Bliley Act Information Safeguards Rule)
A. Purpose
This document summarizes Trinity University’s comprehensive written information security policy (the “Policy”) mandated by the Federal Trade Commission’s Safeguards Rule and the Gramm – Leach – Bliley Act (“GLBA”). In particular, this document describes the Program elements pursuant to which the Institution intends to (i) ensure the security and confidentiality of covered records, (ii) protect against any anticipated threats or hazards to the security of such records, and (iii) protect against the unauthorized access or use of such records or information in ways that could result in substantial harm or inconvenience to clients. The policy incorporates by reference, the Institution’s existing policies and procedures and is in addition to any institutional policies and procedures that may be required pursuant to other federal and state laws and regulations, including, without limitation, Family Education Rights and Privacy Act (FERPA).
Designation of Representatives: The Institution’s Information Security Administrator is designated as the Program Officer who shall be responsible for coordinating and overseeing the Policy. The Program Officer may designate other representatives of the Institution to oversee and coordinate particular elements of the Policy. Any questions regarding the implementation of the Program or the interpretation of this document should be directed to the Program Officer or his or her designees.
B. Scope
The Information Technology Security Policy applies to any record containing nonpublic financial information about a student or other third party who has a relationship with the Institution, whether in paper, electronic or other form, that is handled or maintained by or on behalf of the Institution or its affiliates. For these purposes, the term nonpublic financial information shall mean any information (i) a student or other third party provides in order to obtain a financial service from the Institution, (ii) about a student or other third party resulting from any transaction with the Institution involving a financial service, or (iii) otherwise obtained about a student or other third party in connection with providing a financial service to that person.
C. Policy
1. Risk Identification and Assessment. The Institution intends, as part of the Policy, to undertake to identify and assess external and internal risks to the security, confidentiality, and integrity of nonpublic financial information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information. In implementing the Policy, the Program Officer will establish procedures for identifying and assessing such risks in each relevant area of the Institution’s operations, including:
Employee training and management. The Program Officer will coordinate with representatives in the Institution’s Human Resources and Financial Aid offices to evaluate the effectiveness of the Institution’s procedures and practices relating to access to and use of student records, including financial aid information. This evaluation will include assessing the effectiveness of the Institution’s current policies and procedures in this area.
Information Systems and Information Processing and Disposal. The Program Officer will assess the risks to nonpublic financial information associated with the Institution’s information systems, including network and software design, information processing, and the storage, transmission and disposal of nonpublic financial information. This evaluation will include assessing the Institution’s current polices and procedures relating to Acceptable Use Policy, Information Technology Security Policy, and Records Retention Policy. The Program Officer will also assess procedures for monitoring potential information security threats associated with software systems and for updating such systems by, among other things, implementing patches or other software fixes designed to deal with known security flaws.
Detecting, Preventing and Responding to Attacks. The Program Officer will evaluate procedures for and methods of detecting, preventing and responding to attacks or other system failures and existing network access and security policies and procedures, as well as procedures for coordinating responses to network attacks and developing incident response teams and policies. In this regard, the Program Officer may elect to delegate to a representative of the Department of Information Technology the responsibility for monitoring and participating in the dissemination of information related to the reporting of known security attacks and other threats to the integrity of networks utilized by the Institution.
2. Designing and Implementing Safeguards. The risk assessment and analysis described above shall apply to all methods of handling or disposing of nonpublic financial information, whether in electronic, paper or other form. The Program Officer will, on a regular basis, implement safeguards to control the risks identified through such assessments and to regularly test or otherwise monitor the effectiveness of such safeguards. Such testing and monitoring may be accomplished through existing network monitoring and problem escalation procedures.
3. Overseeing Service Providers. The Program Officer shall coordinate with those responsible for the third party service procurement activities among the Department of Information Technology and other affected departments to raise awareness of, and to institute methods for, selecting and retaining only those service providers that are capable of maintaining appropriate safeguards for nonpublic financial information of students and other third parties to which they will have access. These standards shall apply to all existing and future contracts entered into with such third party service providers, provided that amendments to contracts entered into prior to June 24, 2002 are not required to be effective until May 2004.
4. Adjustments to Program. The Program Officer is responsible for evaluating and adjusting the Program based on the risk identification and assessment activities undertaken pursuant to the Program, as well as any material changes to the Institution’s operations or other circumstances that may have a material impact on the Program.
VI. Information Security Incident Response Policy
A. Purpose
According to Texas Senate Bill 122 Section 48.102 the university “shall implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect and safeguard from unlawful use or disclosure of any sensitive personal information collected or maintained in the regular course of business.”
The purpose of this policy is to provide the basis of appropriate response to incidents that threaten the confidentiality, integrity, and availability of university digital assets, information systems, and the networks that deliver the information.
B. Scope
The Information Security Incident Response Policy applies to all users of the Trinity computing network.
C. Policy
Intrusion attempts, security breaches, theft or loss of hardware and other security related incidents perpetrated against the University must be reported to Information Technology Services.
Anyone with knowledge or a reasonable suspicion of an incident which violates the confidentiality, integrity, or availability of digital information will make an immediate report to the following e-mail address infosec@trinity.edu. Upon notification of an incident the Information Security Administrator will investigate and, as needed, escalate, remediate, or refer to others. The incident will be documented providing a general description of events, approximate timelines, parties involved, resolution of the incident, external notifications required and recommendations for prevention and remediation. All external notification must be approved by the V.P. for Information Resources and Administrative Affairs and carried out in accordance with Texas Senate Bill 122 known as the Identity Theft and Protection Act.
D. Definitions
The Trinity Computing Network is the group of stations (computers, telephones, or other electronic devices) owned or operated by Trinity University, connected by communications facilities owned or operated by Trinity University for exchanging information. Connection can be permanent, via cable, or temporary, through telephone or other communications links. The transmission medium can be physical (i.e. fiber optic cable) or wireless (i.e. satellite, radio or otherwise).
Sensitive Personal Information as defined by the Texas Senate Bill 122 means “an individual’s first name or first initial and last name combination with any one or more of the following data elements (when the name or data element is not encrypted):
Social security number
Driver’s license or government issued identification number
Account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account.
Does not include publicly available information that is lawfully made available to the general public from the Federal government or a state or a local government” (2-3).
Examples of Security Incidents:
The theft of physical loss of computer equipment known to store SSNs
Loss or theft of PDA, BlackBerry or other mobile device
A server known to have sensitive data is accessed or otherwise compromised by an unauthorized party
A firewall accessed by an unauthorized entity
A DDoS (Distributed Denial of Service) attack.
The act of violating an explicit or implied security policy
A virus or worm uses open file shares to infect from one to hundreds of desktop computers
An attacker runs an exploit tool to gain access to a University server’s password file
______________
Texas. Legislature of the State of Texas. Identity Theft Enforcement and Protection Act.
By Juan Hinojosa. 2005. 27 Mar. 2007 http://www.legis.state.tx.us/tlodocs/79R/billtext/pdf/SB00122F.pdf
VII. Cell Phone Purchasing Policy
A. Purpose
To provide guidance to departments and employees regarding cell phone purchases and services supplied by Trinity University.
B. Scope
The Cell Phone Purchasing Policy applies to anyone currently possessing or purchasing a cell phone or device through a Trinity University account or with Trinity University funds.
C. Policy
Cell phones purchased with a Trinity Account should be approved by ITS prior to purchase. Information Technology Services will be unable to support unapproved cell phones.
AT&T Wireless (formerly Cingular) will be the provider for cellular services for Trinity University. Cell phones that are currently operating under a different service provider should be migrated to AT&T once the current contract expires.
Cell phone rate and data plans should be coordinated with ITS.
Each purchasing unit will be responsible for the payment of each cell phone belonging to their department, including change of plans and porting fees.
For lost or stolen cell phones, the end user is responsible for notifying the department head and ITS. The end user is responsible for filing a lost or stolen property report with Trinity University campus safety.
Any cell phone (including Blackberry, iPhone) supported by AT&T will likely be supported by ITS.
How to switch from your current provider:
Please contact the Manager of Telecommunications in ITS (x7414). Please be ready to provide the following information:
Cell phone number.
Current provider.
Cell phone account number.
Expiration date of current contract.
Name on current account.
Current voice and data rate plan.
New cell phone model you have selected from www.cingular.com .
Department account number that new service plan and equipment will be charged to.
Proper disposal of cell phones no longer in use:
Cell phones and cell phone equipment purchased through Trinity University accounts or with Trinity University funds that have been replaced and or are no longer in use should be sent to Trinity Information Technology Services (ITS) for proper disposal.
Before cell phones are turned over to ITS for disposal, a reasonable attempt should be made to delete and erase all information from the phone. ITS will then wipe clean the memory of the phone again before properly disposing of it.
VIII. Administrator Access Policy
A. Purpose
This document defines Trinity University’s policy regarding local administrator rights to Trinity University owned workstations.
The University is committed to providing members of Trinity community with reliable technology in stable operating condition while appropriately addressing the University needs and maintaining University system integrity and data security.
B. Scope
The Administrator Access Policy applies to all users who are granted “Administrator” access on Trinity University owned computers or workstations.
C. Policy
By default all Trinity Faculty/Staff members are assigned General access level rights on their individual workstations. Exceptions may be granted to Faculty/Staff members who require Administrator level access to perform job related tasks.
Individuals may request administrator level access through the ITS Helpdesk (helpdesk@trinity.edu or x7409) and sign the Request for Administrator Access document (provided by ITS), acknowledging that they have read the Use of Trinity University Computing Network policy and Administrator Access policy. The use of these rights and the level of access to the workstation are to be in accordance with the “Use of Trinity University Computing Network” policy.
D. Guidelines
Trinity University workstations are university property and are intended for university business.
Individuals should only install software related to university business.
Individuals should not install software that may damage files and expose Trinity University’s network to virus attacks and malicious coding.
Individuals should refrain from installing software which may monopolize local processor power, resulting in noticeable system slowdown or degradation of performance.
Individuals should not install applications that may establish network share protocols which result in an increase in bandwidth utilization as this may cause network congestion and degradation of network performance across wide areas of the campus.
Individuals should not download or install applications (software) that are illegal or not licensed on university owned equipment.
Individuals who download or install applications (software), other than those included in the standard configuration for all university computers, are responsible for retaining documentation of appropriate licenses. Individuals are also responsible for re-installing this non-standard software if necessary.
E. Support
Non-standard software will be removed as part of a normal repair process if necessary to restore system functionality.
In the event of computer or network performance issues associated with a computer enabled with administrator level access, ITS will only restore the computer to the standard configuration for all university computers.
The occurrence of repeated instances of OS integrity problems may result in the removal of administrator level access in order to prevent continued challenges in supporting the computer.
F. Definitions
Administrator access level allows the user to have complete and unrestricted access to the computer. This includes the ability to install any hardware or software, edit the registry, manage the default access accounts and change file level permissions. Manipulating these may cause serious stability issues with your system.
General access level allows most administrative powers with some restrictions. Installation of software or hardware that makes changes to the underlying operating system will require the assistance of ITS. General Access Level will generally assure the highest level of stability for a computer.
IX. Student Computer Service Center Policy
A. Purpose
The purpose of the Student Computer Service Center Policy is to provide guidelines for students administering and receiving computer and network related services.
B. Scope
The Student Computer Service Center policy applies to Residential Computer Consultants (RCC) and students.
C. Policy
RCC Responsibilities
RCCs are required to:
Conduct themselves in a professional manner when servicing student machines.
Respect and protect the privacy of student data.
Present, discuss, and have student sign a TigerNet Service Invoice.
Contact student through Trinity email when service has been completed.
Avoid conflicts of interest with the University, e.g., by offering competing services to the students.
Student Responsibilities
Students receiving computer assistance will:
Pick up their computer within one class day of being notified that the service has been completed.
Stay with the RCC in the residence hall room until the tasks are completed – leaving the RCC alone to service a computer will terminate the service in progress, requiring the student to seek assistance at a later date.
Provide a smoke free working environment in the residence hall room without obstacles in and around the work area.
Pay the required fees listed in the Residential Network Fee Schedule.
Services and Associated Fees
When servicing student computers the Student Computing Services Fee Schedule will apply to the services rendered.
Please see the Student Computing Services Fee Schedule (http://www.trinity.edu/its) for the current fee associated with the following services:
Reinstalling operating system
Software installation
Virus/Spyware/Adware removal
Port deactivation /reactivation
Please note that hardware removal or installation is not supported.
Reinstalling Operating Systems
Reinstalling operating systems may be necessary if damage to the existing operating system occurs through virus infection, intrusion by a hacker, or spyware related programs, to name a few. A student may either have a Residential Computer Consultant (RCC) or ITS technician reinstall the operating system for the fee listed above, or may choose to reinstall the operating system him or herself.
Whether an RCC or ITS technician reinstalls the operating system or the student reinstalls the operating system, the student is responsible for backing up the data he or she wishes to keep. RCCs will not be responsible for backing up data.
If a student chooses to have his or her operating system reinstalled by an RCC or ITS technician, the software and license must be legitimately owned by the student or licensed through the university.
Trinity University provides all students with the software and instructions necessary to perform an installation of supported and university provided software. These materials can be found at the Circulation Desk located on the third floor, main entrance level, of the Elizabeth Huth Coates Library.
Before installing such software, the person conducting the installation should:
Verify that the computer meets the minimum hardware criteria. These criteria may be found at http://www.trinity.edu/its/faqs/faq.asp?ID=88.
Select “Check System Compatibility” from the Welcome to Windows installation window. Instructions for checking system compatibility are included in the “Installing Windows – New Installation and Upgrading to Windows” instruction packets that can be acquired from the Circulation Desk located on the third level of Elizabeth Huth Coates Library.
Assure that drivers for hardware devices are available for the Windows version being installed. In some cases, hardware drivers for specific devices will not be available for Windows or will be available only on the hardware manufacturer’s web site.
Similarly the above applies to university provided software for the Apple platform.
RCCs or ITS technicians who reinstall an operating system will ensure that drivers to any hardware that was determined to be compatible with the software are installed and functioning correctly. The RCC or ITS technician will also ensure that Symantec Anti-Virus software is installed and configured appropriately on the (Windows) machine before the project will be considered completed. Only with reinstallations of operating systems performed by an RCC or ITS technician will a student not be charged for the installation of Symantec Anti-Virus software.
Software Installation
Software installation refers to anti-virus, Microsoft, or MAC software that is legitimately licensed to the student or licensed through Trinity University for student use. Examples include Microsoft Office products, Symantec Anti-Virus Corporate Edition. Trinity University technicians or RCC’s will not install other types of software such as games, AIM, or BitTorrent clients.
Virus, Spyware, and Adware Removal
Malicious code and spyware can dramatically affect a computer’s performance. Such code includes viruses, worms, and spyware. To learn more about the differences among these types of malicious code, see Understanding the Difference between Trojan Horses, Viruses, Worms, and Spyware (http://www.trinity.edu/its/policies/understandingdifferences.asp).
While some malicious code can be removed without also installing software, the removal of spyware will require software to be installed on the computer in question and configured properly for effective cleaning.
Trinity cannot guarantee a student’s machine will function normally after the computer has been cleaned and cannot be held liable for the loss of intellectual data or integrity of the computer’s operating system. If the computer is experiencing residual effects after the malicious code has been removed, the computer’s operating system may have to be reinstalled. If the student’s operating system is functioning abnormally the student will be encouraged to reinstall it or have an RCC or ITS technician reinstall it.
Port Deactivation and Reactivation
Port deactivation can occur for, but is not limited to, a violation of the Acceptable Use policy. One of the main reasons that a port may be disabled would be if the Information Technology Services Department determines that a student’s PC is infected with malicious code. The port to that machine will be turned off until that machine has been cleaned. The computer can be cleaned by an RCC, a technician from the university’s ITS department, or by an outside source. If someone other than Trinity personnel cleaned the system, that computer must be inspected by a Trinity representative prior to accessing or connecting it to TigerNet.
Port deactivation may also occur for violations of copyright as in the illegal downloading of music, games, movies and other such media.
There is a charge for port reactivation. (See ResNet Fees Schedule)
Something to Consider
RCCs will attempt to resolve software related issues. However, depending on the degree of damage sustained to a computer’s operating system by malicious code or a file corruption, there may be residual effects that inhibit application features or reduce system performance. RCCs and Trinity University cannot be held liable either for virus infections or how the operating system responds to the removal.
Beware! If an issue has been resolved, such as spyware removal, it is possible and quite common for the same or similar problem to return quickly depending on the student’s Internet surfing and computing habits. If an RCC has to remove a virus or spyware problem again, the situation will be treated as a separate work order with the appropriate fees charged to the student.
D. Definitions
An RCC is a Resident Computer Consultant. RCC's are students hired by Information Technology Services to assist students with their network configuration and connection to TigerNet. A student with connectivity issues may contact the Helpdesk x7409 or helpdesk@trinity.edu to receive assistance from an RCC.
X. Computing Lab Policy
A. Purpose
Trinity University maintains computing labs for academic, instructional, research, administrative and public service purposes. This policy is in place to ensure that the computing labs are kept functioning at an optimal level of effectiveness for all users.
B. Scope
All persons using Trinity University Computer Labs and equipment must abide by this policy. Violation of these policies may result in loss of computer lab privileges and other disciplinary action as described in the various handbooks issued by the University to students, faculty, and staff.
C. Policy
Persons using laboratory equipment must have a Trinity University ID card valid for the current semester and must be able to produce the card upon request.
University computer labs must be used in a manner consistent with the policies of Trinity University including the “Acceptable Use Policy.”
All persons using the lab are responsible for backing up their own data and protecting their own information.
Printing from lab machines can be sent to a (Tiger Card’s) Pharos Print station. A Trinity University Tiger Card or guest print card will be needed to purchase printing.
Food, beverages, tobacco use, weapons, firearms or animals, except service animals, are prohibited in the labs.
Audio output or sound playing devices are permitted only with the use of headphones.
Use of two-way communication devices are prohibited in the labs. Ringers and alarms on these devices should be turned off or set to vibrate while in the labs.
Children are permitted in labs only if accompanied by a TU faculty or staff.
Whenever others are waiting, computer use is restricted to one-hour sessions.
Games that are part of class assignments are subjected to the time limits stated above.
ITS lab equipment may not be used for business purposes or in any for-profit venture.
Disabling computers by disconnecting cables, removing hardware, applying software locks or locking workstations will be considered vandalism and treated as such under University policy.
ITS employees, including ITS student workers, are responsible for maintaining order in the labs. Anyone violating these policies, or disturbing others in any way, will be asked to leave.
Persons with special needs requiring special access to computer laboratory equipment may contact Coordinator of Disability Services @999-7411.
XI. Patch Management Policy
A. Purpose
Security vulnerabilities are inherent in computing systems and applications. These flaws allow the development and propagation of malicious software which can disrupt normal business operations in addition to placing university data at risk. In order to effectively mitigate this risk, software “patches” are made available to remove a given security vulnerability.
Given the large number of computer workstations and servers that comprise the Trinity University network, it is necessary to utilize a comprehensive patch management solution that can effectively distribute security patches automatically when they are made available. The patch management solution has the ability to evaluate individual computer workstations and servers for vulnerabilities. Patches may then be automatically installed and, when necessary, the affected machine rebooted.
Effective security is a team effort involving the participation and support of every Trinity University employee and affiliate who is a user of the Trinity University computer network.
B. Scope
This policy applies to employees, contractors, consultants, temporaries, and other workers at Trinity University including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased by Trinity University such as all electronic devices, servers, application software, computers, peripherals, routers, and switches.
C. Policy
Many computer operating systems such as Microsoft Windows, Linux, Mac OS and others include software application programs which may contain security flaws.
Occasionally, one of those flaws permits a hacker to compromise a computer. A compromised computer threatens the integrity of the network and all computers connected to it. Almost all operating systems and many software applications have periodic security patches released by the vendor that need to be applied. Patches which are security related or critical in nature should be installed.
In the event that a critical or security patch can not be centrally deployed by ITS, it must be installed in a timely manner using the best resources available.
In the case of non Microsoft desktop operating systems where a centralized deployment is not available then installation should occur in a timely manner by a member of User Support Services or Network, Security, and System Services personnel or the end user.
Failure to properly configure new workstations is a violation of this policy. Disabling, circumventing or tampering with patch management protections and/or software constitutes a violation of policy.
D. Definitions
The Microsoft Windows Server Update Services (WSUS): enables information technology administrators to deploy the latest Microsoft product updates to computers running Microsoft windows Server 2003, Microsoft Windows® XP with Service Pack 1, and Windows 2000 with Service Pack 4 operating systems. By using WSUS, administrators can fully manage the distribution of updates that are released through Microsoft Update to computers in their network.
The WSUS server provides the features that administrators need to manage and distribute updates through the WSUS Administration Console, which can be installed and accessed on any Windows computer in the Trinity domain. It works by controlling the Automatic Updates applet already present on all Windows machines. Instead of many machines at Trinity all going to Microsoft’s website to download updates, the WSUS server downloads all updates to an ITS owned server and workstations on the Trinity domain look for updates.
Push Technology is used in client/server applications, to send data to a client without the client requesting it.
XII. Web Privacy Statement
Trinity University has adopted this Web Privacy Statement in order to inform users of University policies with respect to information collected on this website. Your use of this website constitutes your acceptance of this Privacy Statement and your consent to the practices it describes.
A. Your Privacy
Trinity University is committed to respecting your privacy and recognizing your need for appropriate protection and management of the personally identifiable information you share with us. The purpose of this Privacy Statement is to let you know what personally identifiable information we may collect from you when you visit our website, how we use such information.
B.
Information We Collect
There are three types of information that may be collected during your visit: Network traffic and Web server logs, cookies, and information voluntarily provided by you.
Network Traffic
and Web Server Logs
In the course of ensuring network security and consistent service for all users, the University may use software programs to do such things as:
Analyze network traffic
Identify unauthorized access
Detect computer viruses and other software that might damage University computers or the network
Monitor and maintain the performance of the University network
In the course of such monitoring, these programs may detect such information as e-mail headers, addresses from network packets and other information. Information from these activities is used solely for the purpose of maintaining the security and performance of the University's networks and computer systems. Personally identifiable information from these activities is not released to external parties unless required by law.
The University Web servers collect and store information from Web site visitors to monitor Web site performance and to improve service. This information includes the following:
Page visited
Date and time of the visit
Domain name or IP address of the referring site
Domain name and IP address from which the access occurred
Version of browser used and the capabilities of the browser
The University makes no attempt to identify individual visitors from this information: any personally identifiable information is not released to external parties unless required by law.
Cookies
Cookies are small bits of data stored on your hard drive on behalf of a Web site and returned to the Web site on request. This site may use cookies for two purposes: to carry data about your current session at the site from one Web page to the next, and to identify you to the site between visits. If you prefer not to receive cookies, you may turn them off in your browser, or may set your browser to ask you before accepting a new cookie. Some pages may not function properly if the cookies are turned off. Unless otherwise notified on this site, we will not store data, other than for these two purposes:
Information Voluntarily Provided by You
In the course of using this web site, you may choose to provide us with information to help us serve your needs. Such as:
Name, address, phone, fax, email address of purchasing party
Name, address, phone, fax, email address of order recipient
Credit card information (card type, number, expiration date and owner's name) of purchasing party
We will not sell, exchange or otherwise distribute your personally identifiable information without your consent, except to the extent required by law.
C. Our Commitment to Data Security
To prevent unauthorized access to your personal data, maintain data accuracy, and ensure the correct use of information, we have put in place physical, electronic, and managerial procedures to safeguard and secure the information we collect through this website.
D. External Links
Trinity University sites provide links to other World Wide Web sites or resources. We do not control these sites and resources, do not endorse them, and are not responsible for their availability, content, or delivery of services. In particular, external sites are not bound by the University's Web privacy policy; they may have their own policies or none at all.
E. Changes to This Privacy Statement
We will occasionally amend this Privacy Statement. We encourage you to periodically review this policy to be informed of how we are committed to protecting your information and providing you with improved content on our website.
F. Questions about Our Privacy Statement
If you have questions about this site, its collection of information, and its Web privacy statement, contact the Trinity Helpdesk at: helpdesk@trinity.edu.
XIII. Virtual Private Network (VPN) Policy
A. Purpose
The purpose of this policy is to provide guidelines for (Virtual Private Network) connections to access Trinity University’s internal network. Trinity University’s VPN server is designed to provide off campus access to network resources available on the Trinity campus. Using the VPN server to access Internet resources external to Trinity University is not recommended.
B. Scope
This policy applies to employees with demonstrated need to access resources internal to the campus network.
C. Policy
VPN access is available using university owned and approved laptops installed with a VPN client distributed by ITS. All requests for this service must be made by completing the VPN Access Request Form and approved by ITS. This form is available via the University Help Desk.
By using the VPN technology employees must understand that university laptops are a defacto extension of the Trinity University network, and as such are subjects to the same rules and regulations that apply to university computers on campus.
VPN gateway/concentrators will be set up and managed by ITS.
Users of this service are responsible for procurement and cost associated with acquiring basic Internet connectivity, and any associated service issue. VPN services work best over broadband connections (cable modem or DSL).
It is the responsibility of the employee with VPN privileges to ensure that unauthorized users are not allowed access to the Trinity University campus networks.
VPN access is controlled using an ID and password issued by the university for authentication.
All VPN services are to be used solely for the approved business and/or academic support purpose. All users are subject to auditing of VPN usage.
VPN users may be automatically disconnected from the Trinity network after fifteen minutes of inactivity.
Disk encryption software will be installed on the laptop to safeguard information stored on the laptop.
Current VPN software is available for Windows and Mac OS.
All computers connected to the Trinity Network via VPN must use the university approved virus software and are subject to scanning before establishing a connection.
D. Definitions:
Virtual Private Network (VPN) is a method for accessing a remote network uses encryption and tunneling to connect users securely over a public network, usually the Internet.
XIV. ELECTRONIC COMMUNICATION
A. E-Mail
The Trinity e-mail system is an official means of communication. The university views communication via e-mail to constitute being duly informed for faculty, staff and students. Reading e-mail and checking one’s e-mail is thus an obligation for all faculty, staff and students. Having one’s university e-mail forwarded to an off-campus account does not alter this obligation.
The Trinity University e-mail system is a delivery system for communication and does not constitute a long term storage system for documents delivered by e-mail. While the system is backed up each 24 hours, back-up tapes are only retained for 72 hours. Backup tapes do not constitute archival storage, and are not searchable. They are used to restore mailboxes in the event of system “crashes.” The University does provide archival storage of e-mail for two weeks. E-mail more than two weeks old will be deleted from the archives. Thus, the e-mail system ought not to be relied upon for the long-term retention of official records of the university. The university provides storage systems outside of the e-mail system for such longer term retention. Storing such records may alternatively be accomplished by saving them to a CD, DVD, flash drive or printing them.
B. Voice Mail
As with e-mail, voice mail records are retained for two weeks. The VoIP telephone system cannot serve as a long term storage system for important voice mail communications. The retention of voice mail for the longer term may be accomplished by utilizing the university network storage system or copying such files to CD, DVD or flash drive.
C. Documents
Documents created by any user for which one needs reliable storage should utilize the university network based storage system and not rely solely on a copy stored on a local hard drive. Alternatively, such documents may be printed and stored.
D. Privacy
Trinity operates the e-mail system with full respect for privacy and confidentiality in accordance with relevant laws, regulations and university policy. While Trinity permits limited personal use of the e-mail infrastructure, those availing themselves of such privilege are subject to the same rules, regulations laws and policies as university business e-mail.
The custodians of the e-mail system must not inappropriately access or disclose the content of mail on the university e-mail system unless required by law to disclose such contents or in certain circumstances only with the permission of the university President. For example: When the correspondent is unavailable and the information is necessary for the conduct of university business or in a health or safety emergency.
E. E-Mail Accounts
Graduates of Trinity will have their e-mail accounts disabled following one year post graduation. Individuals resigning from Trinity staff will not have access to their University provided e-mail account effective on the date of resignation. Trinity faculty designated “professor emeritus” will be provided a Trinity e-mail account for life unless that account is abused in violation of University policies or if dormant and unused for more than one year.
F. Log Retention
DHCP and IP logs are retained for one week.
G. Definitions
DHCP – Dynamic Host Configuration Protocol – Used by network devices to obtain the parameters required for operation in an Internet Protocol network
IP Address – Internet Protocol – The address of the client on the Internet. Essentially identifies the client making any given connection to a site. Every computer connected to the Internet has an IP address which enables the identification of that computer.
XV. WORLD-WIDE WEB POLICY
(Approved by the President May 7, 1996)
A. Introduction. The World-Wide Web is a powerful new medium of communication and a valuable resource to many members of the University community. This policy establishes guidelines for its use with two purposes in mind: to ensure free, fair access to and responsible use of the Web by the University community at large, and to establish an “official” University presence on the Web through a consistent, clearly identifiable set of Web pages administered by the Office of Public Relations.
B. General Web Use. Any individual or group with authorized access to a University-owned computer or computer network may use it to gather information from and disseminate information via the World-Wide Web freely, subject to the terms of this policy, other applicable University policies, and state and federal laws. Applicable University policies include, but are not limited to:
C. Official University Web Pages. The University’s official presence on the Web is through a set of Web pages administered by the Office of Public Relations. Only these official Web pages and the official University print publications listed in Chapter 9B: Other Handbooks, Bulletins, and Publications of the Faculty and Contract Staff Handbook are permitted to display facsimiles of the registered University seal or the University logo; exceptions require permission of the Office of Public Relations.
Upon request, direct links will be provided from the official University Web pages to Web pages maintained independently by individual departments and University offices listed in the University Administrative Structure Chart in the Faculty and Contract Staff Handbook, and sponsored student organizations as defined in the Student Handbook. Direct links to Web pages maintained independently by individual faculty members, recognized student organizations, or other individuals or groups may be provided at the discretion of the Office of Public Relations.
D. Violations of Policy. Any violation of the provisions of Section B of this policy is necessarily a violation of an existing University policy and will be addressed through the procedures provided therein. The Office of Information Resources and Administrative Affairs has the authority to restrict or prohibit Web use which it believes to be in violation of any provision of this policy on a temporary basis, until appropriate procedures resolve the matter. The Office of Public Relations has the authority to determine whether Web use is in violation of the provisions of Section C of this policy and to restrict or prohibit such use.
Table of Contents | Index | Trinity University Home
|
This page was last modified on 07/16/08. For further information, please call (210) 999-8201, or write to
|
 |