Students walking up stairs in One Pace Plaza

IT Appropriate Use Policy

IT Appropriate Use Policy (PDF)

Appropriate Use Policy for Information Technology

Dated April 21, 2022

Pace University reserves the right to amend or otherwise revise this document as may be necessary to reflect future changes made to the I.T. environment. You are responsible for reviewing this Policy periodically to ensure your continued compliance with all Pace University I.T. guidelines.

01. Introduction

Identity of Information Technology Resources at Pace University
Information Technology (I.T.) at Pace University encompasses the use of all campus computing, telecommunications, document services, educational media, and management information systems technologies. These I.T. resources support the instructional, research, and administrative activities of the University. Examples of these resources include, but are not limited to, the central administrative, academic and library computing facilities; the campus-wide data, video and voice network; electronic mail; video conferencing systems; access to the Internet; voice mail; the University switchboard; fax machines; photocopiers; classroom audio-video; departmental and general use computing facilities and related services. Pace’s central information technology organization is “Information Technology Services” (ITS) and is led by the University’s Chief Information Officer (CIO) and Vice President, Information Technology.

Appropriate Use of I.T. Resources
Users of these services and facilities have access to valuable University resources, to sensitive data and to external networks. Consequently, it is important for all users to behave in a responsible, ethical, and legal manner. In general, appropriate use means understanding the intended use for Pace I.T. (and making certain that your use complies); respecting the rights of other Pace information technology users; maintaining the integrity of the physical facilities and obeying all pertinent license and contractual agreements.

Guidelines
This document establishes general guidelines that apply to all users of I.T. resources owned or managed by Pace University, including but not limited to Pace students, faculty (including adjunct faculty), staff (including part-time and temporary), external individuals (such as Pace contractors) or organizations and individuals accessing external network services, such as the Internet, via Pace's Information Technology facilities.

The policies described in this document apply to all information technology owned or managed by Pace University and represent the minimum appropriate use policies for I.T. Individual departments may have additional (and more restrictive) policies regarding I.T. resources held in those departments. Departmental users should contact their Information Management Officer (IMO) for more information about I.T. policies in a specific department. It is strongly recommended that each department appoint at least one IMO designated to provide first level I.T. support, receive training with the ITS organization; and exchange pertinent I.T. information between ITS and the department.

02. Guidelines for Appropriate Pace I.T. Use

The following list, while not exhaustive, provides some specific guidelines for appropriate I.T. use:

  1. Use Pace's Information Technology facilities and services for Pace University related-work, not for personal or other–than-Pace business work. Pay particular attention to abuse of photocopiers, local and long-distance phone calls, fax machines, the Internet and the local Pace networks.
  2. Pace University encourages information technology literacy for its students, faculty, and staff. As such, Pace University allows its electronic mail system and personal World Wide Web pages to be used by students, faculty, and staff for reasonable and limited personal use. For example, occasionally sending electronic mail to family and friends is allowed, as is the hosting of a personal web page on http://webpage.pace.edu. In all cases, this “personal use” must conform to the guidelines established herein, dealing with the prohibition of personal, financial gain.
  3. Use only the Information Technology facilities for which you have specific authorization. Do not use another individual's ID or account or attempt to capture other users' passwords. Users are individually responsible for all use of resources assigned to them; therefore, sharing of IDs is prohibited.
  4. Observe established guidelines for any information technology facilities used both inside and outside the University. For example, individuals using Pace's Computer Resource Centers must adhere to the policies established for those centers; individuals accessing off-campus computers via external networks must abide by the policies established by the owners of those systems as well as policies governing use of those networks.
  5. Do not attempt to alter, delete, or destroy any software on any Pace I.T. system. This constitutes a violation of appropriate use of I.T. facilities no matter how weak the protection is on those products.
  6. Your use of Pace I.T. facilities and services is subject to and conditional upon your compliance with state and federal laws and University policies, including disciplinary policies. All material posted to websites must comply with commonly accepted accessibility standards such as the Web Content Accessibility Guidelines (WCAG) 2.0.
  7. Respect the privacy and personal rights of others. Do not access or copy another user's electronic mail, data, programs, or other files without permission. Pace endorses the following statement on software and intellectual rights distributed by EDUCAUSE, the non-profit consortium of colleges and universities, committed to the use and management of information technology in higher education. The statement reads:

    Respect for intellectual labor and creativity is vital to academic discourse and enterprise. This principle applies to work of all authors and publishers in all media. It encompasses respect for the right to acknowledgment, right to privacy and right to determine the form, manner and terms of publication and distribution.

    Because electronic information is volatile and easily reproduced, respect for the work and personal expression of others is especially critical in computer environments. Violations of authorial integrity, including plagiarism, invasion of privacy, unauthorized access and trade secret and copyright violations, may be grounds for sanctions against members of the academic community.
  8. The University policies on plagiarism or collusion apply to uses of I.T. resources in course assignments.
  9. The Higher Education Act requires institutions to develop plans for giving students legal ways to download music and movies and to explore technologies to stop illegal peer-to-peer file sharing. The official Pace University position on peer-to-peer (P2P) file sharing utilities is that the software itself is not illegal, nor banned by Pace University. It is illegal, however, to download or share copyrighted material for which you do not hold the copyright. All Pace users must respect copyrighted material that is accessible through the Pace network. Any incident of copyright infringement can lead to disciplinary proceedings and legal action.

    Rulings by the courts under the Digital Millennium Copyright Act have held that Internet Service Providers or ISPs (e.g., Pace University is an ISP to its students, faculty and staff) must provide the identity of users of specific Internet Protocol Addresses or “user IDs” of the programs listed above when a properly issued subpoena is provided. Individual students, faculty and staff may be held personally liable for violations of copyright laws.

    Visit the Illegal File Sharing website for more information.
  10. You are expected to abide by all applicable copyright laws and licenses. Both University policies and the law expressly forbid the copying of software that has not been placed in the public domain and distributed as “Freeware" or "Shareware". Users are expected to abide by the requirements of shareware agreements. ITS will maintain University-wide site licenses.
  11. In order to avoid jeopardizing the University’s tax-exempt status, do not use Pace I.T. facilities and services for personal financial gain or in connection with political activities, without prior written approval in each instance. Contact the CIO/Vice President of Information Technology (cio@pace.edu) for detailed information.
  12. Use appropriate standards of civility and common sense when using I.T. systems to communicate with other individuals. Do not use email to transmit confidential information relative to personnel matters, internal investigations and litigation or information containing Personally Identifiable Information such as Social Security Numbers, Bank Account Numbers, Credit Card Information and Health Information. When sending personal messages to other users, participating in a Chat Room discussion, posting on electronic bulletin boards or leaving a voice mail message, identify yourself as the sender. Using Pace's I.T. resources to harass, slur, embarrass or demean other individuals are explicitly prohibited.
  13. Be sensitive to the needs of others and use only your fair share (what a reasonable person would consider fair) of computing, faxing, and telephone resources. For example, users of shared resources, such as the PCs in the Computer Resource Centers, should use these facilities for only the most essential tasks during periods of peak demand. Broadcasting non-critical messages to large numbers of individuals (spamming) and sending chain letters are examples of activities that cause network congestion and interfere with the work of others and are prohibited. Use the available online and telephone company directories to look up the numbers yourself to save the University additional telephone service charges.
  14. Treat I.T. resources and electronic information as a valuable University resource. Protect your data and the systems you use. For example, back up your files regularly.
  15. Set an appropriate password and change it regularly. Passwords should not be any easily remembered word or phrase.

    Passwords for all Pace systems must meet the following requirements:
    • must not contain more than three (3) consecutive characters of your first name, last name, or username
    • must be twelve (12) or more characters long
    • must contain at least one character from three of these four categories:
      • UPPERcase characters (A, B, C, ...)
      • lowercase character (a, b, c, ...)
      • numbers (1, 2, 3, ...)
      • special characters (! * + - / : ? _ # $)

        - (i.e., must have at least one uppercase letter, one lowercase letter, and one number)
    • must not be one that you have recently used (you cannot use one of your last 4 passwords)
    • cannot be changed more than once every 24 hours
    • You should change your password at least once a year. Staff and Faculty that regularly have access to sensitive information will be required to change their passwords every 180 days. More information about appropriate passwords can be found at the Password Security webpage.
  16. Make sure you understand the access privileges you have set for your files. Do not destroy or damage any I.T. equipment, networks or software. The willful introduction of computer code that compromises the integrity of a system, such as viruses and worms, into the Pace University computing environment or into other computing environments via Pace's network violates University standards and regulations.
  17. Stay informed about the Pace I.T. environment, as it is continually evolving to keep pace with academia and the demands of our students. Pace disseminates information in a variety of ways, including the ITS website, IT Status Page, the Pace Home Page, logon messages, the IMO listserv, and online documentation regarding software policy and procedures; in published newsletters (e.g., Opportunitas, Pace Press, Paw Print, Pace Pulse); at meetings; and, in some cases, as announcements/memos mailed to departments/individuals. Users are responsible for staying informed about these changes and are expected to adapt to changes in the University I.T. environment.
  18. The following guidelines have been established regarding use of Web 2.0 Tools by Faculty and Staff:

    Faculty and staff members may request a blog or wiki for use in conjunction with their work. The requestor will be the owner of the blog and assumes responsibilities as defined in this Appropriate Use Policy.

    Faculty and staff members may also request group blogs or wikis. Group blogs can be used in courses, research, department websites, and collaborative projects.

    Faculty and staff members may request additional Pace computer accounts for collaborators from other institutions for participation in Web 2.0 activities, and their use will be covered by this Appropriate Use Policy.

    Anonymous postings to blogs and wikis are not permitted. Owners of blogs and wikis may not reconfigure the system to allow anonymous postings.

    Comments are an integral part of Web 2.0. All comments will be run through a SPAM engine. An individual making a comment is required to provide a valid email address before entering comments. The blog owner is responsible to review each comment before posting it to the blog for others to see. The blog owner reserves the right not to publish individual comments. The blog owner may opt to require Pace password authentication before comments can be submitted.

    Blogs created by Pace-provided software/system will be listed on a web page and be available for RSS syndication.

    Pace does not guarantee that it will provide ancillary software, such as databases and script languages, that authors may wish to use in their blogs or wikis.
  19. All suspected information Security Incidents must be reported as quickly as possible, and within six hours of learning of the suspected or actual incident, through appropriate channels. Notification should be made to the Information Security Office and where appropriate, the local campus office of University Safety and Security, University Counsel, and/or the Risk Management Department. All parties have a duty to report information security violations and problems in a timely manner so that prompt remedial action may be taken. Please see the Incident Reporting Policy located in the University Policy Library for more information.
  20. Staff and Faculty who record online webinars, lectures, etc. that will be later posted in publicly available websites (i.e.: without login required) must notify the participants prior to attending the event and again at the beginning of the event that the session will be recorded and later made available in a public manner. Contact Educational Media for the appropriate language and procedures to be followed. Participants in online webinars, lectures, etc are not permitted to create recordings unless prior authorization is provided by the presenter(s) and/or sponsor(s).
  21. University business must be conducted using a University-issued non-student email account. Use of personally owned, third-party, or otherwise non-Pace-issued accounts for university business is expressly prohibited. Only University operated, and approved cloud-based applications linked to University-issued accounts shall be used to store and share documents containing University information. Do not store/share University information on personally owned cloud services (e.g.: GoogleDocs, DropBox, Box, etc.). Please contact ITS for more information on approved applications for safe and secure cloud-based document storage and sharing.

03. Access to I.T. Resources

Central I.T. Resources
Students, faculty, administrators, staff, recognized student organizations, and approved external users may obtain IDs for use with the central I.T. activities related to instruction, research, or University administration. Students who are employed by the University will receive a separate user account to be used in connection with University business.

In the event that any member of the University or approved external user leaves, resigns or in any way concludes his or her relationship with Pace University for whatever reason access to all I.T. resources, including, but not limited to, voice mail, email services, and files stored on university computing resources (desktops, file shares, etc.) will be terminated immediately. Accounts are automatically provisioned and de-provisioned based upon information stored in the university’s system of record (currently, Banner) and are aligned with applicable university and departmental policies and procedures.

Qualified retirees (as defined by Human Resources) can request a retiree email account, which will be separate and distinct from the account previously assigned as a faculty or staff member.

To allow students the ability to communicate with faculty, complete assignments, and provide required notifications, email accounts for students are typically terminated 12 months after the end date of the last class taken.

Other I.T. Resources
Most of Pace's I.T. facilities and services—such as the Computer Resource Centers, the Computer-Equipped Classrooms, Video Conferencing rooms, consulting services, voice mail, and training--are available to members of the University community. ITS plans and budgets for central I.T. services. However, these services are not free. Users/departments may be required to fund the additional expense of excesses (based on historical, normal utilization) or abuses of Pace I.T. resources (expenses beyond the baseline budget). For more detailed information about access to any facility or service, visit the ITS home page.

Departmental I.T. Resources
For information concerning access to departmental I.T. resources, contact your department’s IMO or Department Chair.

04. Data Security and Integrity

ITS-Maintained Equipment
ITS provides reasonable security against intrusion and damage to files stored on the central I.T. facilities. ITS also provides some facilities for archiving and retrieving files specified by users and for recovering files after accidental loss of data. However, other users can hold neither the University nor any I.T. staff member accountable for unauthorized access, or can they guarantee protection against media failure, fire, floods, etc. Users should use all available methods to protect their files, including the frequent changing of their passwords and storing back-up copies of information off site. In the event that data have been corrupted as a result of intrusion, ITS should be notified immediately. Every reasonable attempt will be made to restore files to their status prior to intrusion; however, ITS cannot guarantee restoration.

Upon request, the I.T. staff will assist in implementing procedures to maximize security. Although ITS backs up some departmental servers and makes reasonable attempts to protect those servers from intrusion, it does not provide the same level of protection or offer restoration of files stored on departmental servers. Therefore, it is especially important that users back up their files and use all available means to protect their data on departmental systems.

The central Pace information technology organization (Information Technology Services, ITS) led by the University’s Chief Information Officer/VP, Information Technology, reserves the right to manage the University’s voice, data, and video bandwidth. Criteria for bandwidth management involves the integrity and robustness of University-owned equipment, data, and services as well as the appropriateness of bandwidth use when compared to the University’s academic goals, administrative missions, and appropriate use policy for information technology.

Departmental Facilities
Data security and integrity in departmental I.T. facilities vary depending on the department. Users should contact their department’s IMO for more information on their security and data integrity procedures.

05. Privacy

To ensure compliance with Pace University internal policies, applicable laws and regulations, and to ensure employee safety, Pace University reserves the right to monitor, inspect, or search all Pace University information systems (including the contents of University provided email accounts) at any time.

Pace University management retains the right to remove from its information systems any material it views as offensive, potentially illegal, or otherwise contrary to University policies.

Access by I.T. Staff on Behalf of the University
Although not legally required to do so, the University respects the privacy of all users. However, it should be understood that all data created or stored on University systems is the property of Pace University. Members of the ITS organization are forbidden to log on to another user’s account or to access a user's files, software, or other contents unless the user gives explicit permission (for example, by setting file access privileges). Exceptions to this privacy policy are made, however, under specific conditions. Such conditions include investigation of programs suspected of causing disruption to the network or other shared services; investigation of suspected violations of state or federal law or University policies; and investigations to avoid liability or in connection with internal hearings or litigation.

Before logging onto a user’s account or accessing files, software, or other contents, reasonable efforts will be made to notify the user, except when such prior notice would violate legal requirements or directives or jeopardize an internal investigation. In those instances, before a user’s account and/or files software, or other contents are examined, the Vice President of Information Technology, after consultation with University Counsel, must have concluded that there is a legal obligation or other sufficient cause to examine the information without prior notice to or permission of the user. Information obtained in this manner is admissible in legal proceedings or in a University internal investigation or hearing. Information regarding security incidents and investigations will be kept confidential by all parties involved. Only authorized personnel may disclose such information. In accepting a user account, the user agrees to this policy.

Access by Administrators of Departmental I.T. Systems
The administrators of departmental I.T. systems, such as IMOs, should not access a user's files without the explicit permission of that user or monitor file traffic at a level that will permit intrusion into the file contents. However, some exceptions may be necessary, for example, when a file is suspected of causing disruption to a local network or other shared services and a user cannot be reached. Furthermore, information about system users and information stored by them should be treated as confidential. Individual departments may have guidelines consistent with University policy which deal with access issues of their I.T. resources.

Electronic Communications
Users should not expect privacy of any electronic communications. I.T. systems’ administrators may see the contents of electronic communications due to serious addressing errors or as a result of maintaining the communications system. In those cases where administrators do see the contents of private electronic communications, they are required to keep the contents confidential. Users should also be aware that the current design of the networks is such that the privacy of electronic communications that leaves Pace cannot be guaranteed. Also, when a user's affiliation with Pace ends, email subsequently received at Pace that is addressed to the former user will either be returned to the sender or, if appropriate, forwarded for an agreed upon limited time, to an address specified by the former user.

06. Ownership of Copyright for Materials Developed with Pace's Resources

Pace University has established guidelines related to ownership of copyright property. The exact policies and procedures relating to copyrights may be obtained from the office of University Counsel.

07. Responsibility for Errors in Software, Hardware, and Consulting

ITS, in conjunction with department IMOs, makes its best effort to maintain an error-free I.T. environment for users and to ensure that the I.T. staff is properly trained. Nevertheless, it is impossible to ensure that I.T. system errors will not occur or that I.T. staff will always give correct advice. Pace presents no warranty, either expressly stated or implied, for the services provided. Damages resulting directly and indirectly from the use of these resources are the responsibility of the user. However, at the request of the user, when errors are determined to have occurred on I.T. facilities, members of the I.T. staff will make a reasonable attempt to restore lost information to its state prior to the failure, at no cost to the user. As part of maintaining the I.T. environment, the I.T. staff applies vendor-supplied or locally developed fixes as appropriate when problems are identified. Given that vendors may be involved and that staff resources are finite, no guarantee can be made as to how long it may take to fix an error once it has been identified.

When software errors are considered major problems or could produce inaccurate results, users will be notified as soon as possible using appropriate electronic and/or other media.

08. Changes in the Pace I.T. Environment

When significant changes in hardware, software or procedures are planned, Information Management Officers (IMOs) will notify their departmental user community through electronic mail and other media to ensure that all users have enough time to prepare for the changes and to voice any concerns that they might have.

09. Non-Compliance

All users of Pace University's IT resources are required to comply with this Appropriate Use Policy for Information Technology all other IT policies and the University’s Guiding Principles of Conduct relating to use of the University’s IT resources. Non-compliance with any of these policies may result in revocation of system or network access, notice to one’s supervisor and\or disciplinary action, up to and including termination of employment or dismissal from the University. Where applicable, a violation may subject the violator to civil and/or criminal liability.

10. Comments, Suggestions, Corrections, etc.

Questions concerning this or any other Information Technology Policy can be directed to the ITS Customer Support Center.

11. Approvals

This Appropriate Use Policy for Information Technology document is developed and maintained by the Information Technology Services division.

12. Disclaimer Statement

Pace University reserves the right to amend or otherwise revise this document as may be necessary to reflect future changes made to the IT environment. You are responsible for reviewing this Policy periodically to ensure your continued compliance with all Pace University IT guidelines.