|
As owner of the computers and networks that comprise the University's technical
infrastructure, Bryant University owns all official administrative data that resides
on its systems and networks, and it is responsible for taking necessary measures to
ensure the security of its systems, data, and users' accounts. The University does
not seek out personal misuse. However, when it becomes aware of violations, either
through routine system administration activities or from a complaint, it is the
University's responsibility to investigate as needed or directed, and to take necessary
actions to protect its resources and/or to provide information relevant to an investigation.
Individual units within the University may define additional conditions of use for
resources or facilities under their control. Such additional conditions must be consistent
with this overall policy but may provide additional details, guidelines, and/or restrictions.
Roles and responsibilities for specific University entities and individuals are defined in greater detail below.
Vice President for Information Services
- Designates individuals who have the responsibility and authority for Information Services resources.
- Establishes and disseminates enforceable rules regarding access to and acceptable
use of Information Services resources.
- Establishes reasonable security policies and measures to protect data and systems.
- Monitors and manages system resource usage.
- Investigates problems and alleged violations of University Information Services policies.
- Refers violations to appropriate University offices such as the Office of Academic
Affairs and the Department of Public Safety for resolution or disciplinary action.
Divisions or Departments
- Create, disseminate, and enforce conditions of use that are consistent with University-wide
policies for the campus facilities and/or resources under their control.
- Monitor the use of campus resources under their control.
- Investigate problems and alleged violations of University Information Services policies.
- Refer violations to appropriate University offices such as the Office of Academic
Affairs and the Department of Public Safety for resolution or disciplinary action. Possible
policy violations should be reported to the appropriate entity.
Information Services Department
- Grants authorized users appropriate access to the data and applications for which
they are stewards, working with University data security and network personnel to limit
access to authorized users with a legitimate role-based need.
- Review access rights of authorized users on a regular basis.
- Respond to questions from users relating to appropriate use of system/network resources.
- Implement and oversee processes to retain or purge information according to campus records' retention schedules.
- Determine the criticality and sensitivity of the data and/or applications for which
they are stewards; determine which University data is public and private based on campus
definitions, in consultation with the University's Office of Records and Applications Development.
- Ensure that appropriate security measures and standards are implemented and enforced for
the data under their control in a method consistent with University policies and sound business
practices. The security measures implemented should be based on the criticality, sensitivity,
and public or private nature of the data, and may include methodologies, change management,
and operational recovery plans.
- Investigate problems and alleged violations of University Information Services policies.
- Refer violations to appropriate University offices such as the Office of Academic
Affairs and the Department of Public Safety for resolution or disciplinary action.
System/Network Administrator
- Takes reasonable action to ensure the authorized use and security of data, networks,
and the communications transiting the system or network.
- Participates and advises as requested in developing conditions of use or authorized use procedures.
- Responds to questions from users relating to appropriate use of system/network resources.
- Cooperates with appropriate University departments and law enforcement officials in
investigating alleged violations of policy or law.
Office of Applications Development
- Assist data custodians in classifying information as public or private.
Campus Public Safety Department
- Responds to alleged violations of criminal law.
- Coordinates all activities between the University and outside law enforcement agencies.
General Counsel
- Provide legal advice on official rulings on public, private, and confidential information.
|
