The purpose of this standard is to establish the acceptable use of West Virginia University technology and data resources, which are provided by WVU to faculty, staff, students, and third parties for the purpose of the advancement of WVU’s mission of academics, research, and community outreach.
This standard applies to all faculty, staff, students, and third parties who store, use, transfer, transport, produce, or dispose of technology and data resources owned or managed by West Virginia University.
November 9, 2010
1.1. Users of WVU data and technology resources must adhere to all applicable WVU policies, standards, procedures, contracts and licenses, as well as applicable federal, state, and local laws and regulations.
1.2. WVU data and technology resources shall only be used by authorized individuals for the purpose for which access was granted.
1.3. Incidental personal use of technology resources, not including data resources, is permitted; however, users of WVU technology resources are advised that they should have no expectation of privacy or confidentiality in connection with the personal use of these resources. Personal use is only permissible if the use does not
- Consume more than a trivial amount of resources that could be otherwise used for business purposes
- Interfere with worker productivity
- Preempt any business activity
- Promote or result in a hostile work or academic environment
1.4. The University reserves the right to monitor technology resources and the use of technology resources for operational needs and to ensure compliance with applicable laws and WVU policies and standards.
Rights and Responsibilities
1.5. All users of WVU data and technology resources are expected to use good judgment and exercise decency and common sense. This includes, but is not limited to:
- Using WVU data and technology resources in a lawful and appropriate manner
- Respecting the rights and privacy of others
- Maintaining WVU data and technology resources in an appropriate manner. Examples include maintaining antivirus software, patching operating systems and applications, and using authentication for all technology resources.
- Using the University’s marks (e.g., trademarks, logos) only as authorized and not representing personal comments as being those of the University.
The following constitutes unacceptable use of University data and technology resources:
1.6. Exposing University data and technology resources to unauthorized access through means that include, but are not limited to, the following:
- Leaving the means of authentication in a location where it can be readily obtained by another individual, for example, writing one’s password on a note affixed to one’s monitor or keyboard.
- Stepping away from one’s computer without securing it by, for example, locking it with a screen saver or logging out.
- Sharing a personal password or other means of authentication with another individual.
- Providing another person access to University technology and data resources under your authentication.
- Failing to keep media containing confidential or limited access data resources secure. Such media might include portable devices, CDs, DVDs, or paper.
- Failing to destroy media containing confidential or limited access data resources when it is no longer needed. For example, printouts of such data should be shredded and data on magnetic media should be thoroughly erased.
1.7. Unauthorized access to or use of data or technology resources through means that include, but are not limited to, the following:
- Using another person’s credentials to gain access to University technology or data resources.
- Using University technology and data resources to gain unauthorized access to resources of other institutions, organizations, or individuals. This includes the unauthorized downloading of copyrighted materials.
- Accessing confidential or limited access data resources for reasons unrelated to one’s job.
- Using false or misleading information to acquire access to University technology or data resources.
- Bypassing, subverting, or otherwise rendering ineffective the security or access control measures for any University technology or data resource.
1.8. Unauthorized destruction, damage, or impairment of University technology or data resources through means that include, but are not limited to, the following:
- Intentionally, recklessly, or negligently damaging any technology or data resource by any means, for example, introducing malicious software into a computer system.
- Altering, moving, or removing software, system logs, configuration files, or other files needed for the proper operation of a computer system without prior authorization.
- Using any technology or data resource in a manner that adversely affects the work of others.
1.9. Unauthorized commercial activities, including, but not limited to, the following:
- Using University technology or data resources for one’s own commercial gain, or for other commercial purposes not expressly approved by the University.
- Using University technology or data resources to operate or support a personal or other non-University-related business.
- Use of University resources in a manner inconsistent with the University’s contractual obligations to suppliers of those resources or with any published University policy.
Violation or non-compliance of this standard will be addressed in accordance with established university disciplinary policies and procedures, as issued and enforced by the appropriate authorities. Failure to comply with this or other related standards may result in disciplinary action up to and including termination of one’s employment or studies.
Back to top
Exceptions to IT Standards will be considered using the IT Standard Exception Procedure
Back to top
|Name||Subject (if needed)|
|Alex Jalso||Information Security||alex.Jalso@mail.wvu.edu|
Add information here…
Back to top
Nov. 9, 2010 – Standard approved by the IT Oversight Committee
Jan. 5, 2012 – updated contact information