Fordham IT Acceptable Use Policy
The Information Technology ("IT") resources and services of Fordham University are provided for the advancement of the University's educational, research, and service objectives. They are offered primarily to facilitate the University's academic and business purposes. Any access or use of IT resources and services that interferes, interrupts, or conflicts with these purposes is not acceptable. This Policy Statement provides notice of the University's expectations and guidelines to all who use and manage IT resources and services (including but not limited to computing, networking, communications and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, and physical facilities).
IT Policy Statement
This Policy Statement provides notice of Fordham University (hereinafter the “University”)’s expectations and guidelines to all who use and manage information technology (hereinafter “IT”) resources and services (including but not limited to computing, networking, communications and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, and any related materials and services) (hereinafter the “IT Resources”).
The University provides the IT Resources for the advancement of the University’s educational, research, service, and business objectives. Any access or use of IT Resources that interferes, interrupts, or conflicts with these purposes is not acceptable and will be considered a violation of this Policy Statement (hereinafter the “IT Policy”).
This IT Policy, and any other policy referenced herein, shall apply to any and every member of the University community including, but not limited to, faculty, students, administrative officials, staff, and independent contractors (hereinafter the “User(s)” or “you”) who uses, accesses, or otherwise employs, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.
B. Related Policies
The term IT Policy shall also include any additional University policies related to information technologies, all of which are incorporated herein by reference. Such topically oriented policies include, but are not limited to, the Anti-Spam Policy, the Email Policy, the Peer-to-Peer Policy, the Web Hosting Policy, the Wireless Policy, and the Internet Usage Policy, all of which are set forth below.
Further, all such Users accessing and using IT Resources are subject to this IT Policy in addition to applicable provisions of the University Statutes, the University Code of Conduct, the Handbook for Administrators, Local 153 and Local 805 Collective Bargaining Agreements, Student Handbooks, and all other policies and procedures established by the schools and administrative offices of the University.
The University may at times contract with various software vendors or providers of other IT services. Such third party providers may post their own policies that apply to Users. You are required to comply with such policies when using third party software or other IT services through the University’s IT Resources.
User Responsibilities and Statement of Prohibited Uses
A. Spirit of Use
Only authorized members of the University community are extended the privilege to access and use the IT Resources. Access and use is limited to the purposes that are consistent with the instructional, research, and administrative goals of the University and the User’s relationship to those goals.
Moreover, as members of the University community, Users are expected to uphold the standards and principles of the University while using the IT Resources. Accordingly, Users are required to respect the rights of others at all times. Users are prohibited from using any portion of the IT Resources to post or transmit any information, data, text, file, link, software, chat, communication or other content (hereinafter, collectively, “Content”) that is harmful, abusive, discriminatory, hostile, combative, threatening, insulting, embarrassing, harassing, intimidating, defamatory, pornographic, obscene, or which negatively affects the University, another User, or any third party. Users who do not respect the Spirit of Use of the IT Resources may be held in violation of this IT Policy.
B. User Names
The University recognizes that common practice in computing, online or otherwise, involves use of a “user name”, “login”, “AccessIT ID”, or “screen name” (collectively, “user name”) that may be different from the User’s legal name. Using someone else’s name or assuming someone else’s identity without appropriate authorization, however, is a violation of the University’s principles and this IT Policy.
Accordingly, Users may not use the IT Resources under false name, identification, e-mail address, signature, or other medium of any person or entity without proper authorization. Thus, the University prohibits such use of a User name for the purposes of misrepresentation or an attempt to avoid legal or other obligations. Any such unethical use may constitute a violation of this IT Policy.
When choosing a password for access to the IT Resources, or portions thereof, Users are expected to follow the University’s “best practices” so as to prevent unauthorized access through any User’s password. Accordingly,Users should avoid using:
As of November, 2008, when using Fordham’s AccessIT ID, your password must meet the following criteria:
- Birth dates;
- Unaltered words that could be found in a dictionary, including non-English words and words spelled backwards;
- Telephone numbers;
- Social security numbers;
- Famous or other proper names; and
- Alphabet or keyboard sequences (e.g. “QWERTY”).
Other best practices that Users should follow include:
- Your password must be between 8 and 32 characters;
- Your password must contain 1 numeric;
- Your password must contain at least 1 uppercase and 1 lowercase character;
- Your password must not be the same as your last 5 passwords; and
- Your password must not contain any of the following special characters:
Users should always bear in mind that, even when employing best practices, breaches can occur in any number of points in both the IT Resources or the User’s own system(s). Accordingly, in addition to the provisions regarding privacy set forth below, Users should not have an expectation of privacy in any Content either located in the University’s IT Resources or the User’s own system, whether that Content is protected by a user name and password or otherwise.
- Using a different password for each account;
- Changing passwords regularly (at least every six months or as required by policy); and
- Not writing down your password(s) on a piece of paper or recording them in a file on any computer.
D. Additional Responsibilities
In consideration of the privilege of accessing and using the IT Resources, all Users must fully comply with the standards and responsibilities of acceptable use as outlined in:
Moreover, Users must adhere to the following responsibilities:
- All applicable provisions of the University Code of Conduct, employee handbooks and agreements, student handbooks and other policies and procedures established by the undergraduate, graduate, and professional schools of the University;
- This IT Policy in its entirety including the related policies: Anti-Spam Policy, Email Policy, Peer-to-Peer Policy, Hosting Policy, Wireless Policy, and Internet Usage Policy;
- All local, state, federal, and international laws;
- All software license agreements acquired by the University and its authorized units;
- All applicable University policies and procedures including, but not limited to, sexual harassment, academic dishonesty, scientific misconduct, and non-discrimination; and
- The legal and educational standards of software use as published in the EDUCOM Code.
- Self-policing of passwords and access codes per the best practices set forth above;
- Respecting authorial integrity and the intellectual property rights of others;
- Respecting and protecting the integrity, availability, and security of all University IT Resources;
- Ensuring that all data and files that the User accesses or downloads are free from any computer code, file, or program which could damage, disrupt, expose to unauthorized access, or place excessive load on any computer system, network, or other IT Resource;
- Reporting any security risk or code, file, or program—including, but not limited to, computer viruses, Trojan Horses, worms, or any other “mal-ware”—that infects any IT Resource including any owned or operated by the User; and
- Properly backing up appropriate User systems, software, and data.
E. Additional Prohibited Uses
In addition to other prohibitions found in this IT Policy and any other applicable University code, statute, handbook, policy, or procedure, Users are prohibited from accessing or using the IT Resources in the following manners or for the following purposes:
- Initiating or participating in unauthorized mass mailings to news groups, mailing lists, or individuals—including, but not limited to, chain letters, unsolicited commercial email (commonly known as “spam”), floods, and bombs;
- Giving others, by password or other means, unauthorized access to any User account or the IT Resources, in whole or part;
- Seeking to, without authorization, wrongly access, improperly use, interfere with, dismantle, disrupt, destroy, or prevent access to, any portion of the IT Resources including User or network accounts;
- Violating or otherwise compromising the privacy, or any other personal or property right, of other Users or third parties through use of the IT Resources;
- Disguising or attempting to disguise the identity of the account or other IT Resource being used including, but not limited to, “spoofing” resource addresses, impersonating any other person or entity, or misrepresenting affiliation with any other person or entity;
- Using the IT Resources to gain or attempt to gain unauthorized access to remote networks, including remote computer systems;
- Engaging in conduct constituting wasteful use of IT Resources or which unfairly monopolizes them to the exclusion of others;
- Engaging in conduct that results in interference or degradation of controls and security of the IT Resources;
- Unless expressly authorized by the University in writing, exploiting or otherwise using the IT Resources for any commercial purpose;
- Engaging in computer crimes or other prohibited acts;
- Intentionally or unintentionally violating any applicable local, state, federal, or international law;
- Knowingly or negligently running, installing, uploading, posting, emailing, or otherwise transmitting any computer code, file, or program—including, but not limited to, computer viruses, Trojan horses, worms, or any other “mal-ware”—which damages, exposes to unauthorized access, disrupts, or places excessive load on any computer system, network, or other IT Resource; and
- Using any IT Resource, including e-mail or other communication system to intimidate, insult, embarrass, or harass others; to interfere unreasonably with an individual’s work, research, or educational performance; or to create a hostile or offensive working or learning environment.
Periodically, the University will conduct information sessions to present, or provide through official communications, specific examples of inappropriate uses of the IT Resources. In the interest of creating a well informed User community, the University also encourages questions about proper use. Please direct inquiries to Fordham IT at (718) 817-3999, or the Office of Legal Counsel at (718) 817-3111.
The University takes the issue of intellectual property and similar rights seriously. Many members of the University community hold patents. Virtually all members of the faculty and student body have copyrights merely by authoring a paper whether for publication or even through a course assignment. Accordingly, as each User should have an expectation that others will not abuse his or her intellectual property rights, every User must also respect the intellectual property rights of others including those of other Users, all members of the University community, and all third parties.
Potential violation of intellectual property laws and rights is not merely limited to unauthorized downloading of copyrighted music through file-sharing software. Rather, the concept of intellectual property broadly covers all copyrighted works, trademarks, patents, trade dress, trade secrets, and other proprietary and confidential information. Thus, intellectual property issues likely apply to any and all Content that a particular User did not generate him or herself and to which a User has not been given rights.
Accordingly, the University requires every User to adhere to a strict policy of respecting intellectual property rights. Infringement of recorded music, in various forms including but not limited to MP3 files, is a matter of concern to the University. Other potentially infringing uses may involve:
These are just a few examples of potential infringement that Users may intentionally or unintentionally commit.
- Unauthorized copying of written works, including but not limited to textbooks and course materials;
- Unauthorized copying and use of digital videos or images, as well as logos and other marks;
- Unauthorized copying or installation of games or other software, including “shareware”; and
- Unauthorized copying or use of copyrighted, or otherwise proprietary, data or collections of data.
It is the responsibility of every User to avoid infringing any intellectual property right and to report the infringement of another User if and when it is discovered. Failure to respect such rights, or report infringements, is a violation of this IT Policy and subject to the sanctions set forth below.
All Users retain the right of privacy in their personal files and data, electronic mail, and voice-mail as long as they are using the IT Resources in a manner consistent with the purposes, objectives, and mission of the University and this IT Policy. Likewise, Users are obligated to respect the right of privacy that other Users have in their own systems, data, and accounts.
Users should be aware that the University cannot guarantee security and privacy during use of the IT Resources. To the contrary, various uses of the IT Resources, or access in general, may not always be private. For example, issuance of a password or other means of access is to assure appropriate confidentiality of University-related information and files. However, it does not guarantee privacy in all cases, especially for personal or unlawful use of IT Resources.
Moreover, Users should note that the University, in emergency situations, may also require back-up and caching of various portions of the IT Resources; logging of activity; monitoring of general usage; and other activities that are not directed against any individual User or User account, for the purposes of emergency maintenance or restoring normal operations of the IT Resources.
In the event the University has reasonable suspicion that a User has violated any civil or criminal law, the University Code of Conduct, the IT Policy, or any other University policy, procedure, or regulation, the University reserves the right to access, inspect, monitor, remove, take possession of, or surrender to civil or criminal authorities the offending Content, with or without notice or consent of the User. The University may also do so for the purpose of satisfying any law, regulation, or government request.
Further, the University may monitor the IT Resources to ensure that they are secure and being used in conformity with this IT Policy and other University guidelines. Thus, to the extent allowed by applicable law, the University reserves the right to examine, use, and disclose any data or Content found on the University’s IT Resources for the purposes of furthering the health, safety, discipline, security, or intellectual or other property of any User or other person or entity. Information that the University gathers from such permissible monitoring or examinations may also be used in disciplinary actions.
This limited exception to the general right of privacy in the context of acceptable use of IT Resources can be authorized for reasonable cause only by a duly elected officer of the University—namely, the President and Vice Presidents and, in the case of faculty, with notice to the President of the Faculty Senate. Any action taken by the University based on the Content or information obtained will be subject to the procedural safeguards accorded under the University Statutes, Handbook for Administrators, Local 153 and Local 805 Collective Bargaining Agreements, the Student Handbooks, and all other student policies and procedures promulgated by the Student Affairs Division and the graduate and professional schools of the University.
Monitoring, Reporting, Violations, and Sanctions
As noted above, the University may, but is not required to, monitor, block, or otherwise prevent inappropriate use of the IT Resources. Nonetheless, in the event of a violation or failure to comply with this IT Policy, the University may monitor any User’s access and use of the IT Resources in order to determine whether violations are taking place. If violations are found, the University may initiate charges and impose appropriate sanctions by following the various processes and procedural safeguards that are applicable to the User’s employment or enrollment status.
Users have an obligation to report violations of the IT Policy as well as any potential security or other breach of any portion of the IT Resources. Reporting of any such violations or other issues involving the inappropriate use of the IT Resources should be referred to:
- The Dean of Students (or delegate) if the alleged offender is an undergraduate student or a student in the Graduate School of Education, or Graduate School of Religion and Religious Education;
- The Academic Dean (or delegate) in the School of Law, Graduate School of Business, Graduate School of Arts and Sciences, and Graduate School of Social Service, if the alleged offender is a student therein;
- The Area Vice President, if the alleged offender is an administrator;
- The appropriate Academic Dean or Vice President for Academic Affairs, if the alleged offender is a faculty member;
- The Executive Director of Human Resources, if the alleged offender is any other employee who does not fall into any of the above categories; or
- The Vice President for Information Technology/CIO, for all other alleged offenders.
A violation of the IT Policy is considered a violation of the University’s principles, objectives, and standards. Depending on the severity of violation, it may also violate the University’s other policies or even local, state, federal, or international law. Accordingly, in response to any given violation, the University may impose penalties ranging from the termination of the User’s access to the IT Resources to disciplinary review and further action including, but not limited to, non-reappointment, discharge, or dismissal. In cases involving egregious violations, the University may institute legal action or cooperate with an action brought by applicable authorities or third parties.
In addition to liability and penalties that may be imposed on a User under international, federal, state, or local laws, Users who fail to fulfill their responsibilities and engage in prohibited conduct are subject to sanctions imposed by the University. Sanctions against students are listed in the Student and Residential Life Handbooks. Faculty are subject to disciplinary action including reprimand, suspension, and dismissal as stipulated in Article IV of the University Statutes. Administrators and staff are subject to disciplinary action under their respective handbook and collective bargaining agreements. Depending on the nature and severity of the violation, sanctions can range from various levels of warnings to immediate termination of employment or enrollment.
The University will exercise good faith and proper discernment in its enforcement of the IT Policy. It will respect the academic freedom to which Users are entitled insofar as the legal rights and responsibilities of the individual User and the University require. Failure to take action in any particular instance does not constitute an alteration of the IT Policy or a waiver of any right or remedy available to the University. Under no circumstance shall the University be liable to any User or third party for any violation including, but not limited to, illegal or improper acts, that any User commits through use of the IT Resources.
Amendments and Revisions
A. User Obligation to Review
Just as technology is constantly evolving, so are the policies that address it. Accordingly, the University will periodically update this IT Policy. By accessing and using the IT Resources, each User represents and acknowledges that he or she has checked and read this IT Policy on a regular basis so as to be informed of any changes hereto. If any User does not agree to check the IT Policy for revisions on a regular basis, said User may not use the IT Resources.
B. Current Revision
The current version of this IT Policy was first posted on September 28, 2010. This policy supersedes the policy of November 11, 2008. The most recent revision includes:
- Modifications to the Peer to Peer Policy to meet the requirements of the Higher Education Opportunity Act of 2008.
Download this policy as a PDF (81 kb)