itpolicies

��

IT POLICIES

The ��ý College of Engineering and Computer Science,Technology Services Group adheres to ��ý's IT Policies in all of our undertakings.

The ��ý Office of Information Technology establishes policies and guidelines that enable the ��ý community to safeguard their computing systems and the confidentiality of their data. It is strongly recommended that individuals peruse these documents to ensure they comply with the University's policies. Please do not hesitate to contact us if you require any further information or clarification on any of the University's policies.

For more details on ��ý's Policies, visit: /policies/

For information about ��ý's OIT's Policies, visit: /oit/security/policies/

Summaries of some of the IT related policies that have been updated recently are noted below.��

1.University Administrative Data Systems:�� The University aims to integrate new technologies with existing administrative data systems across its campuses and departments. Any university-wide software must be reviewed and approved by the Information Resource Management (IRM) to ensure smooth operations.

2.Acceptable Use of Technology Resources: All users must adhere to federal, state, and local laws, including University policies such as FERPA and DMCA. Users are responsible for respecting copyrights, avoiding unauthorized access or interference, and securing their devices. ��ý-provided accounts must not be shared, and personal financial use of university resources is restricted.

3. Responsible Use of Data Access:All users must ensure that their access to University data is limited to what is necessary for their roles. Accessing or sharing data without proper authorization is prohibited, and users must follow security protocols to protect sensitive information.

4.Digital Millennium Copyright Act: The DMCA is a federal law that protects copyrighted material in the digital environment. At ��ý, users must respect copyright laws and refrain from unauthorized distribution, downloading, or use of copyrighted works.��

5.Privacy of Electronic Communications: ��ý respects the privacy of electronic communications; however, users should be aware that the University reserves the right to access, monitor, and disclose electronic communications when necessary to comply with legal requirements or institutional policies.��

6.Security Awareness Training: ��ý requires all users to participate in Security Awareness Training to promote a secure computing environment.��This training educates users on best practices for safeguarding sensitive information, recognizing phishing attempts, avoiding malware, and complying with University policies.

7.System and Data Classifications: ��This existing policy was updated to add a definition of Level 1 Biometric Information and to add broad categories of Highly Sensitive Information, Sensitive information, Security-related Information, and Non-sensitive Information that can be referenced in other policies.

8.Payment Card Security: ��ý is committed to ensuring the security of payment card transactions. All users handling payment card data must comply with the Payment Card Industry Data Security Standard, which includes safeguarding cardholder information and preventing unauthorized access.��

9.Cloud Service Providers: When utilizing cloud service providers, ��ý ensures that all data stored and processed in the cloud complies with University policies and applicable legal regulations. Providers must adhere to strict security standards to protect sensitive information.��

10.Information Security Policies: ��This existing policy was updated to clarify that the Chief Information Officer (CIO) is the final approver of IT security policies and internal operational policies under the guidance of the IT Compliance Committee and the Chief Information Security Officer (CISO) and to differentiate between University IT policies that involve shared authority.

11.Information Security Roles and Responsibilities: This existing policy was updated to formalize requirements from updated BOG and federal regulations regarding the roles of the CIO and the CISO and to add an end user responsibility to report security incidents.

12.Clean Desk and Clear Screen: ��ý promotes a Clean Desk and Clear Screen policy to protect sensitive information. All employees must ensure that confidential documents and electronic devices are secured when unattended.

13.Email Communications: ��ý's Email Communications policy requires that all university-related email communications use official ��ý email accounts. Emails must adhere to university guidelines, ensuring professionalism and compliance with privacy laws like FERPA.

14.Exceptions to Technology Policies: ��This is a new policy that formally defines the types of exceptions to information technology policies that may be approved. ��Exceptions may be limited, short-term or emergency exceptions (up to 30 days), or ongoing exceptions (up to one year).

15.Storage of Electronic Records: ��This is a new policy that outlines the parameters for the storage of electronic records, including student data, University records, and employee data.

16.Artificial Intelligence (AI): ��This is a new policy to provide guidance on the use of AI for university operations and instructional and academic use.

When you need technical support, simply submit your request via email to our tracking system at help@eng.fau.edu or through our form found here.

����ý

IT POLICIES

��ý