User Accounts and Acceptable Use

Official university administrative policy

Policy Information

User Accounts and Acceptable Use

Effective

July 23 2007

Number

ISO 007 v2 1

Applicability

This policy applies to all University workforce faculty and student members including but not limited to faculty staff students temps trainees volunteers and other persons as deemed appropriate while conducting performing work teaching research or study activity using University resources and includes all facilities property data and equipment owned leased and or maintained by the University or affiliates

Administrative Authority

Vice President for Risk Audit and Compliance

Responsible Unit

Information Security Compliance Office

502-852-6692

isopol@louisville.edu


History

This policy is subject to change or termination by the University at any time. This policy SUPERSEDES all prior policies, procedures or advisories pertaining to the same subject.

This policy will be reviewed annually to determine if the policy addresses University risk exposure and is in compliance with the applicable security regulations and University direction. In the event that significant regulatory changes occur, this policy will be reviewed and updated as needed per the Policy Management process.

Approved July 23, 2007 by the Compliance Oversight Council
Shirley C Willihnganz, Executive Vice President and University Provost, Chair of the Compliance Oversight Council

Revision Date(s):

1.0 / July 23, 2007 / Original Publication

1.1 / May 5, 2008 / Revised URL for account usage agreement link

1.2 / June 9, 2010 / Revised to include user account usage agreement and mass email language

1.3 / February 10, 2012 / Revised secure email language for sensitive information

1.4 / January 29, 2013 / Content Update

1.5 / January 28, 2014 / Revised employee accounts - retiree accounts limited and 'grandfathered'

1.6 / May 1, 2014 / Revised student accounts - email account addition, user account clarification

1.7 / September 26, 2014 / Revised policy regarding retiree account closures

2.0 / March 8, 2016 / Reviewed/updated content and update to template format

2.1 / April 5, 2022 / Removed reference to obsolete computer agreement and replaced with reference to information security policies and procedures. Updated retiree options to request email account

2.1 / June 23, 2022 / Minor edit

Reviewed Date(s): March 8, 2016; June 12, 2017; April 5, 2022; June 23, 2022


Categories

Statement

Persons using university resources (users) are responsible for lawful and appropriate use of computing facilities, accounts, and devices. All users must abide by the University's Information Security Policies and Standards. University business must be conducted utilizing university-authorized systems.

Computing resources are for all users. Users must respect the usage rights of others that use UofL resources.

Computing accounts and facilities must not be used in any manner which could be disruptive, degrade the performance of or cause damage to university computing infrastructure, resources, or data and/or other users. Personal use should be kept to a minimum and in no case should a university account be used for non-university business purposes.

Reasoning

University user accounts and computing facilities are provided for persons who legitimately need access to university computing resources. This includes university faculty, staff and students. Other persons may qualify for a user account and access to computing facilities on a case by case basis. Accounts and facilities must be utilized in accordance with law and University policy.

Definitions

Administrators

Individuals with administrative responsibility University wide or for University organizational units. The University Redbook (see http://louisville.edu/provost/redbook/chap2.html#SEC2.3.1) for more information.

Faculty member

  1. Individuals employed by the University as faculty or other employees who teach courses or are engaged in academic research activities for the University.
  2. Visiting faculty who are conducting academic research or teaching courses on a time-limited basis from another institution for the University.
  3. An individual, who is teaching courses or conducting academic research activities for the University without salary and is under the control/supervision of the University. See also the University Redbook at http://louisville.edu/provost/redbook/chap3.html.

Sensitive Information

Information of a confidential or proprietary nature and other information that would not be routinely published for unrestricted public access or where disclosure is prohibited by laws, regulations, contractual agreements or University policy. This includes (but is not limited to) full name or first initial and last name and employee ID (in combination), identifiable medical and health records, grades and other enrollment information, credit card, bank account and other personal financial information, social security numbers, grant reviews, dates of birth (when combined with name, address and/or phone numbers), user IDs when combined with a password, etc. (see Information Management and Classification Standard).

Staff

The staff of the University of Louisville shall consist of all employees of the University who do not hold faculty appointments, are not full-time students enrolled in the University, are not graduate assistants at the University, or are not administrators as defined in Section 2.3.1 of the University Redbook (see http://louisville.edu/provost/redbook/contents.html/chap5.html).

Student

  1. An individual taking a course at the University whether for credit or non-credit who is enrolled for course.
  2. An individual who was enrolled at the University for a specific term (e.g., fall, spring, summer semester), who has not graduated, and who is not yet enrolled for the immediately subsequent term, provided such enrollment is still permitted, and provided further, that where the individual was enrolled at the University for the spring term, the immediate subsequent term shall be the University succeeding fall term. (e.g., (1) a student enrolled in the spring term, who does not graduate at the end of the spring term, may not enroll for the summer term; but will still be a student unless the individual fails to enroll for the succeeding Fall semester, and (2) a student who has completed all other degree requirements but is completing a dissertation/thesis.).
  3. An individual who is admitted to the University or an academic program of the University but has not yet commenced the program of study. An admitted student will be included in the definition of student for a period of one-year following the date of admission to the University or an academic program of the University. See the University Redbook at http://louisville.edu/provost/redbook/chap6.html for more information.

User

Includes students, faculty, staff, administrators and other employees of the University of Louisville and its affiliated entities and any other individual having a computer account, email address or utilizing the computer, network or other information technology services of the University of Louisville.

Responsibilities

Policy Authority/Enforcement: The University's Information Security Officer (ISO) is responsible for the development, publication, modification and oversight of these policies and standards. The ISO works in conjunction with University Leadership, Information Technology Services, Audit Services and others for development, monitoring and enforcement of these policies and standards.

Policy Compliance: Failure to comply with these policies and standards and/or any related information security and/or information technology policy, standard or procedure may result in disciplinary action up to and including termination of employment, services or relationship with the University and/or action in accordance with local ordinances, state or federal laws.