OM 9.1.4 - Acceptable Use

Effective Date: January 2023
Last Updated: April 24, 2023
Responsible University Office: Office of Information Technology
Responsible University Administrator: Chief Information Officer

Policy Contact:

Office of Information Technology
helpdesk@clarkson.edu

1 Purpose

Clarkson University's technology infrastructure exists to support the academic and administrative activities needed to fulﬁll the University's mission. All information technology resources of the University shall only be used in a lawful manner and in support of instructional, research and service missions sanctioned by the University. Access to these resources is granted to each individual for a speciﬁc purpose. Proper use of the resources must be consistent with that purpose.

The purpose of this Acceptable Use Policy is to clearly establish each member of the University's role in protecting its information assets and communicate minimum expectations for meeting these requirements. Fulﬁlling these objectives will enable Clarkson University to implement a comprehensive system-wide Information Security Program.

2 Scope

This policy applies to all users of computing resources owned, managed or otherwise provided by the University. Individuals covered by this policy include, but are not limited to all workforce members, service providers and research associates with access to the University's computing resources and/or facilities. Also covered are all individuals receiving services from the University including full and

part-time students, conference attendees and other campus guests. Computing resources include all Clarkson University owned, licensed or managed hardware and software, email domains and related services and any use of the University's network via a physical or wireless connection, regardless of the ownership of the computer or device connected to the network.

3 Policy

Following the same standards of common sense, courtesy and civility that govern the use of other shared facilities, acceptable use of information technology resources generally respects all individuals' privacy and the right of individuals to be free from intimidation, harassment, and unwarranted annoyance. All users of Clarkson University's computing resources must adhere to the requirements enumerated below.

3.1 Fraudulent and Illegal Use

Clarkson University explicitly prohibits the use of any information system for fraudulent, illegal or unethical purposes. While using any of the University's information systems, a user must not engage in any activity that is contrary to University policy or illegal under local, state, federal, and/or international law. As a part of this policy, users must not:

Violate the rights of any individual or company involving information protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of pirated or other software products or media types that are not appropriately licensed for use by Clarkson University or the individual
Use copyrighted material including, but not limited to, photographs, books, or other copyrighted sources, copyrighted music, and any copyrighted software for which the organization does not have a legal license in any way which violates copyright law
Export software, technical information, encryption software, or technology in violation of international or regional export control laws
Issue statements about warranty, expressed or implied, unless it is a part of normal job duties, or make fraudulent oﬀers of products, items, and/or services

Any user that suspects or is aware of the occurrence of any activity described in this section, or any other activity they believe may be unethical, fraudulent or illegal, must notify his/her manager or Dean of Students Oﬃce immediately.

If any user creates any liability on behalf of Clarkson University due to inappropriate use of the University's resources, the user agrees to indemnify and hold the organization harmless, should it be necessary for Clarkson University to defend itself against the activities or actions of the user.

3.2 Conﬁdential Information

Clarkson University has both an ethical and legal responsibility for protecting conﬁdential information in accordance with its Data Classiﬁcation Policy. To that end, there are some general positions that the organization has taken:

Transmission of data classiﬁed as Clarkson Private or Clarkson Conﬁdential by personally-owned messaging technologies (for example, e-mail, instant messaging, SMS, chat, ) is prohibited.
Clarkson Conﬁdential information must only be stored or transmitted in an appropriately encrypted form regardless of its location or
The storage of Clarkson Private information on personally owned devices (including but not limited to phones, tablets, computers) and personally owned media (including but not limited to USB drives, ﬂoppy, CD, DVD, Blu-ray, ) is prohibited. Clarkson University issued (encrypted) USB ﬂash drives are authorized. Mobile devices that access Restricted information will utilize appropriate device encryption techniques, be physically secured when not in use and located to minimize the risk of unauthorized access.

3.3 Incident Reporting

Clarkson University is committed to responding to security incidents involving personnel, University-owned information or University-owned information assets. As part of this policy:

The loss, theft or inappropriate use of University access credentials (e.g. passwords, key cards or security tokens), assets (e.g. laptop, cell phones), or other information will be reported to the IT HelpDesk.
Any University community member will not prevent another member from reporting a security incident.

3.4 Malicious Activity

Clarkson University strictly prohibits the use of information systems for malicious activity against other individuals, the University's information systems themselves, or the information assets of other parties.

3.4.1 Denial of Service

Individuals must not:

Perpetrate, cause, or in any way enable disruption of Clarkson University's information systems or network communications by denial-of-service methods;
Knowingly introduce malicious programs, such as viruses, worms, and Trojan horses, to any information system; or
Intentionally develop or use programs to inﬁltrate a computer, computing system, or network and/or damage or alter the software components of a computer, computing system or

3.4.2 Conﬁdentiality

Individuals must not:

Perpetrate, cause, or in any way enable security breaches, including, but not limited to, accessing data of which the individual is not an intended recipient or logging into a server or account that the individual is not expressly authorized to access;
Facilitate use or access by non-authorized users, including sharing their password or other login credentials with anyone, including other campus community members, family members, or friends;
Use the same password for Clarkson University accounts as for other non-Clarkson University access (for example, personal ISP account, social media, beneﬁts, email, );
Attempt to gain access to ﬁles and resources to which they have not been explicitly granted permission, whether or not such access is technically possible, including attempting to obtain, obtaining, and/or using another individual's password; or
Make copies of another person's ﬁles without that person's knowledge and
Base passwords on something that can be easily guessed or obtained using personal information (e.g. names, favorite sports teams, ).

All encryption keys employed by individuals must be provided to the Oﬃce of Information Technology if requested, in order to perform functions required by this policy.

3.4.3 Impersonation

Individuals must not:

Circumvent the user authentication or security of any information system;
Add, remove, or modify any identifying network header information (“spooﬁng”) or attempt to impersonate any person by using forged headers or other identifying information;
Create and/or use a proxy server of any kind, other than those provided by Clarkson University, or otherwise redirect network traﬃc outside of normal routing with authorization; or
Use any type of technology designed to mask, hide, or modify their identity or activities electronically.

3.4.4 Network Discovery

Users must not:

Use a port scanning tool targeting either Clarkson University's network or any other external network, unless this activity is a part of the user's normal job functions, such as a member of the Oﬃce of Information Technology conducting a vulnerability scan, or IT staﬀ utilizing tools in a controlled environment. Use of such tools may also be permitted during the course of an oﬃcially-sanctioned academic pursuit.

Use a network monitoring tool or perform any kind of network monitoring that will intercept data not intended for the user, unless this activity is a part of the user's normal job functions, such as a member of the Oﬃce of Information Technology conducting a vulnerability scan, or IT staﬀ utilizing tools in a controlled environment. Use of such tools may also be permitted during the course of an oﬃcially-sanctioned academic

3.5 Objectionable Content

Except in the pursuit of a sanctioned academic pursuit, Clarkson University strictly prohibits the use of University information systems for accessing or distributing legal content that other users may reasonably ﬁnd objectionable. Exception may also be granted in the context of an on-campus residence where all occupants arrive at a consensus regarding the content. Otherwise, users must not post, upload, download, or display messages, photos, images, sound ﬁles, text ﬁles, video ﬁles, newsletters, or related materials considered to be:

Political
Racist
Sexually-explicit
Violent or promoting violence

3.6 Hardware and Software

Whenever data classiﬁed as Clarkson Private or Clarkson Conﬁdential may be accessed, transmitted, stored or processed, Clarkson University strictly prohibits the use of any hardware or software that is not purchased, installed, conﬁgured, tracked, and managed by the University. In this case, users must not:

Install, attach, connect or remove or disconnect, hardware of any kind, including wireless access points, storage devices, and peripherals, to any University information system without the knowledge and permission of the Oﬃce of Information Technology;
Download, install, disable, remove or uninstall software of any kind, including patches of existing software, to any organizational information system without the knowledge and permission of the organization;
Take Clarkson University equipment oﬀ-site without prior

3.7 Messaging

The University provides a robust communication platform for users to fulﬁll its mission. Users must not:

Automatically forward electronic messages of any kind, by using client message handling rules or any other mechanism;
Send unsolicited electronic messages, including “junk mail” or other advertising material to individuals who did not speciﬁcally request such material (spam);
Solicit electronic messages for any other digital identiﬁer (e.g. e-mail address, social handle, ), other than that of the poster's account, with the intent to harass or to collect replies; or
Create or forward chain letters or messages, including those that promote “pyramid” schemes of any type.

3.8 Personal Use

Personal use is deﬁned as use of information technology resources in a manner that does not directly support the instructional, research and service missions sanctioned by the University. When engaging in Personal Use, the individual assumes all responsibility and liability associated with Personal Use. The University makes no warranty express or implied as to the suitability or availability of any information technology resource when engaged in Personal Use. Limited personal use of information technology resources is permitted when all of the following conditions are met:

There is a negligible or zero cost to the University
Any use is brief
Any use occurs infrequently
The use does not interfere with the performance of any other University employees' oﬃcial duties
The use does not compromise the conﬁdentiality, integrity or availability of any University information system, software or data
The use is not in support of for-proﬁt or commercial enterprise
The use is not for the gain of an University employee, individual or organization external to the University

4 Roles and responsibilities

Clarkson University reserves the right to protect, repair, and maintain the University's computing equipment and network integrity. In accomplishing this goal, Clarkson University IT personnel or their agents are responsible for maintaining user privacy, including the content of personal ﬁles and Internet activities. Any information obtained by IT personnel about a user through routine maintenance of the University's computing equipment or network should remain conﬁdential, unless the information pertains to activities that are not compliant with acceptable use of Clarkson University's computing resources.

All users of University information systems are expected to follow the same standards of common sense, courtesy and restraint that govern the use of other University facilities and resources. Speciﬁcally, all users are responsible to:

Conduct themselves in an ethical manner and be respectful of the rights and diversity of all members of the University community and their guests
Support the principles of academic freedom and free inquiry and expression
Recognize and honor the intellectual property rights of others
Maintain a climate which does not interfere with the studies, work or living environment of any member of the University community

Department supervisors / managers are responsible for ensuring their staﬀ are aware of, understand, and comply with all organization policies.

5 Enforcement

Enforcement is the responsibility of the oﬃces of Human Resources and Information Technology and where applicable, Dean of Students. Users who violate this policy may be denied access to the organizational resources and may be subject to penalties and disciplinary action both within and outside of Clarkson University. The University may temporarily suspend or block access to an account, prior to the initiation or completion of disciplinary procedures, when it reasonably appears necessary

to do so in order to protect the integrity, security, or functionality of the University or other computing resources or to protect Clarkson University from liability.

Users are subject to disciplinary rules described in the Operations Manual or Student Regulations as applicable.

6 Exceptions

Exceptions to the policy may be granted by the CIO, or by their designee. All exceptions must be reviewed annually.

7 References

US 45 CFR Subchapter C (HIPAA)
New York State Information Security Breach and Notiﬁcation Act
New York State SHIELD Act
NIST 800-53
FIPS-199
PCI DSS 1
New York Civil Practice Law and Rules § 4509

Information Security Policy
Data Classiﬁcation Policy
Data Classiﬁcation and Handling Procedure

9 Responsible Department

Oﬃce of Information Technology

10 Policy Authority

This policy is issued by the Chief Information Oﬃcer and approved by the University President for Clarkson University.

11 Revision History

Version	Date	Author	Revisions
1	Jan-23	B. Huntley	Initial Draft - Policy: Acceptable Use
2	4/24/2023	L. Perry	Presidential Approval

OM 1.0.0 - History and Mission

OM 1.1.0 History

OM 1.2.0 Mission and Objectives

OM 2.00.0

OM 2.1.0 - Board of Trustees

OM 2.3.0 - Duties and Responsibilities of Provost, Vice Presidents, Deans and Other Officers of the University

OM 2.4.0 Duties and Responsibilities of Academic Department Chairs

OM 2.4.1 Appointment and Tenure of Department Chairs and Academic Program Directors Policy Statement

OM 2.5.0 Periods of Duty - Administrative Offices

OM 2.6.0 Clarkson University Policies Governing Organized Activity Units

OM 2.6.1 Duties and Responsibilities of Directors of Institutes and Centers

OM 2.6.2 Appointment and Tenure of Directors

OM 2.6.3 Director of Organized Activity Unit - Additional Operational/Management Guidance

OM 2.7.0 Operational Procedures for the Administrative Council

OM 2.8.0 Faculty Senate Constitution

OM 2.9.0 Paperflow for Senate and Administrative Council Actions

OM 2.10.0 Committees of the University

OM 2.10.1 Committees of the Faculty Senate

OM 2.10.2 Standing Administrative Committees

OM 2.10.3 University Committee Procedures

OM 2.11.0 Support Staff Policies and Procedures

OM 2.12.0 Professional and Supervisory Staff Policies and Procedures

OM 3.0.0 - Human Resources Policies

OM 3.1.0 Human Resources Policies - General

OM 3.1.1 Definition of Employee Groups

OM 3.1.2 Exempt and Non-Exempt Employee Categories

OM 3.1.3 - Affirmative Action and Equal Employment Opportunity Statement

OM 3.1.4 - Employment of Family Members at Clarkson

OM 3.1.5 - Harassment and Sexual Misconduct Policy

OM 3.1.6 - Employment of Minors

OM 3.1.7 Drug Abuse in the Workplace

OM 3.1.8 Orientation

OM 3.1.9 Change in Status

OM 3.1.10 Smoking Policy

OM 3.1.11 Nondiscrimination Policy

OM 3.1.12 Cultural Diversity Policy

OM 3.1.13 General Grievance Procedures

OM 3.1.14 Discrimination Grievance Procedure (Including Cases of Sexual Misconduct)

OM 3.1.15 Anti-Bullying Policy

OM 3.1.16 Clarkson University Exit Policy

OM 3.1.17 Recruitment and Selection Process

OM 3.1.18 Termination/Resignation Policy

OM 3.1.19 Flexible Work Schedule (flextime) and Working Remotely

OM 3.1.20 Background Check Policy

OM 3.1.21 No Contact Order Policy

OM 3.2.0 Human Resources Policies - Faculty

OM 3.2.1 Retirement Benefits

OM 3.3.0 Human Resources Policies - Administrative, Supervisory, and General Staff

OM 3.3.1 Job Posting

OM 3.3.2 Position Classification Procedures

OM 3.3.3 Disciplinary Procedure

OM 3.3.4 Termination of Employment

OM 3.3.5 Retirement Benefits

OM 3.4.0 Human Resources Policies - Employment and Working Conditions - General Staff

OM 3.4.1 The Four Types of Appointments

OM 3.4.2 Employment - Appointment of General Staff Personnel

OM 3.4.3 Probationary Period - General Staff (Non-Bargaining)

OM 3.4.4 Working Hours - General Staff

OM 3.4.5 Rest Periods - General Staff

OM 3.4.6 Promotions and Transfers - General Staff

OM 4.0.0 - Compensation Policies

OM 4.1.0 Compensation Policies - General

OM 4.1.1 Supplemental Compensation Procedures - Faculty

OM 4.2.0 Compensation Policies - Faculty

OM 4.2.1 Salary Plan

OM 4.2.2 Salary Continuance - Faculty

OM 4.3.0 Compensation Policies - Administrative, Supervisory, and General Staff

OM 4.3.1 Wage and Salary Administration

OM 4.3.2 Salary Plan - Administrative and Supervisory Staff

OM 4.3.3 Pay Periods and Payroll Deductions - General Staff

OM 4.3.4 Overtime Policy for Non-Exempt Employees

OM 4.3.5 Supplemental Compensation Procedures - Exempt Non-Faculty

OM 4.3.6 Policy on Compensation for Travel Time - Non-Exempt Employees

OM 5.0.0 - Faculty Definitions and Policies

OM 5.1.0 Titles, Status and Definitions

OM 5.2.0 Duties of a Faculty Member

OM 5.3.0 Standards for Faculty Evaluations

OM 5.4.0 Procedures and Documentation for the Appointment, Reappointment and Continuing Evaluation of Faculty

OM 5.5.0 Evaluation Procedures for Tenure - The Tenure Policy

OM 5.6.0 Evaluation Procedures for Promotion