�����鱨վ

Purpose

The �����鱨վ provides University Information Systems to support the administrative, educational, and instructional activities at �����鱨վ. The use of these systems is a privilege that is extended to members of the �����鱨վ community for �����鱨վ-related purposes, provided the Users act responsibly, respectfully, and in a manner that does not infringe upon the rights of others or violate law or this Policy.

The purpose of this Policy is to set forth the standards for responsible and acceptable use of University Information Systems, including, but not limited to computer systems, computer labs, applications, networks, software, and files.

Applicability

This Policy applies to all Users of Information Systems owned, managed, or otherwise provided by �����鱨վ. Individuals covered by this Policy include, but are not limited to, all University students and Employees as well as third parties performing duties on behalf of the University, including but not limited to adjunct faculty, Contractors, consultants, and temporary employees who access �����鱨վ's network services via �����鱨վ's Information Systems and/or facilities. Information Systems include all �����鱨վ owned, licensed, or managed hardware and software, email domains, and related services and any use of �����鱨վ's network via a physical or wireless connection, regardless of the ownership of the computer or device connected to the network.

Definitions

Defined terms are capitalized throughout this Policy and can be found in the Information Governance Glossary.

Use Guidelines

Members of the �����鱨վ community outlined above who utilize �����鱨վ's Information Systems must adhere to the following use restrictions:

1. All Users must comply with all federal, Maryland, and other applicable laws; all applicable University rules and policies; and all applicable contracts and licenses. For example, Users are not permitted to download software, files, or any other publicly available content from the Internet without proper authorization.  Users are also not permitted to transmit unlawful, threatening, or harassing content utilizing University Information Systems. Users who engage in electronic communications with persons in other states or countries or on other systems or networks may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. Users are responsible for ascertaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses.
2. All Users must refrain from viewing pornography and other types of inappropriate websites or content on �����鱨վ Information Systems at any time with limited exceptions when pre-approval has been granted by the President or designee, for a legitimate business or academic purpose.
3. Employees and other third parties performing duties on behalf of �����鱨վ must refrain from unauthorized distribution or sharing of proprietary University Information outside of the University domain.
4. All Users must safeguard the Integrity of Information Systems provided by the University, including, but not limited to, Account access information such as logon credentials and other authentication factors.
5. The University retains the right to enforce Multi-Factor Authentication (MFA) for any User.
6. Where administratively and technologically practicable, the �����鱨վ network should be accessed via the currently authorized �����鱨վ VPN client.
7. All Users must respect the privacy of other Users and their Accounts, as well as the Personal Information therein, regardless of whether those Accounts are securely protected. Ability to access other Users’ Accounts or their Personal Information does not imply authorization to do so.  Users may only access the Account or Personal Information of another within the scope of their employment, for a legitimate academic purpose, or other lawful basis. 
8. Employees and other third parties performing services on behalf of �����鱨վ must refrain from using Information Systems for personal commercial purposes or financial or other gain. Limited personal use of University Information Systems for other purposes is permitted when it does not interfere with the performance of the User's job or other University responsibilities and is in compliance with the law and this Policy. Further limits may be imposed regarding personal use in accordance with normal supervisory procedures.
9. High Risk Data, including, but not limited to PII, information covered by Family Educational Rights and Privacy Act (“FERPA”), and information covered by Health Insurance Portability and Accountability Act (“HIPAA”) should not be shared with unauthorized persons.
10. All Users must refrain from stating or implying that they speak on behalf of the University and from using University trademarks and logos without appropriate authorization to do so. Please consult the University’s Social Media Guidelines for more information. Contact the Office of Legal Affairs at legal-affairs@umgc.edu with questions or concerns.

1. As part of its regular operations, �����鱨վ may monitor the patterns and frequency of use of �����鱨վ's Information Systems by Users. This monitoring may include, for example, the length and frequency of login sessions and communications.
2. Users should have no expectation of privacy when using �����鱨վ's Information Systems.
3. �����鱨վ may monitor or inspect the content of communications containing High Risk Data; it may also monitor �����鱨վ's Information Systems under the following circumstances:
   1. For quality assurance and performance management purposes for Employees who have contact with �����鱨վ's students, applicants, and prospective students.
   2. When �����鱨վ reasonably suspects a violation of law or of University policies or practices, or suspects use of �����鱨վ's Information Systems that may harm �����鱨վ or impede its operations, �����鱨վ may monitor and inspect the content of an individual's use of �����鱨վ's Information Systems as well as monitor the patterns of use. Any such individual monitoring must be appropriately authorized in advance by the President or designee.
4. �����鱨վ, in its discretion, may disclose the results of any such general or individual monitoring, including the contents and records of individual communications, to a third party for any lawful purpose. All Information created, received, or contained in �����鱨վ's Information Systems is generally available to the public unless an exception to the Maryland Public Information Act or other law or regulation applies.
5. �����鱨վ, in its discretion, may monitor personal devices when connected to the �����鱨վ network in order to ensure the protection of University Data being accessed by that individual.
6. While using �����鱨վ Information Technology Resources, �����鱨վ, in its discretion, may remove, take down, or prohibit access to �����鱨վ Information Systems or any content, applications, and/or websites that may harm �����鱨վ, impede its operations, or otherwise compromise the safety, security, or integrity of �����鱨վ Data or Information Systems.

1. Users who violate this Policy may be denied access to �����鱨վ's Information Systems and may be subject to other penalties and disciplinary action, both within and outside of �����鱨վ. Alleged violations by students will normally be handled in accordance with the procedures outlined in �����鱨վ’s Code of Student Conduct or Academic Integrity Policy, depending on the nature of the violation.
2. �����鱨վ Employees who violate this Policy may be subject to disciplinary action up to, and including, termination of employment. The Office of Human Resources will be notified of any alleged violations.
3. �����鱨վ may take down and remove content that violates this Policy, as well as confiscate, temporarily suspend, or terminate use of Information Systems when necessary.

1. Most recent versions:
   1. USM IT Security Standards
   2. NIST SP 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”
   3. Cybersecurity Maturity Model Certification (CMMC)

1. �����鱨վ Policy V-1.03 Code of Student Conduct
2. �����鱨վ Policy on Academic Integrity
3. �����鱨վ Policy X-1.26 �����鱨վ Policy on Electronic Mail
4. �����鱨վ Social Media Guidelines
5. �����鱨վ Asset Management Form