Acceptable Use Policy and Guidelines

January 13/2005

For University of Guelph Computing and Networking Facilities

The purpose of the Acceptable Use Policy (AUP) is to identify situations where unacceptable use of systems or networks affects the teaching, learning, research, services or administrative missions of University of Guelph or compromises the security of the systems or data. It also outlines the process used to resolve any allegations of inappropriate activity.

This policy applies to the use of any University of Guelph computing and networking facility hereinafter referred to as the “System” by all users, account holders, System administrators, and service providers hereinafter referred to as “Users”. By using the System, all Users agree to comply with this policy. All Users will be fully responsible for any and all uses of their access and accounts.

The use of the System is in support of research, teaching, learning, administrative and other intellectual pursuits consistent with the University of Guelph 's aims and objectives. In addition, the University permits use of the System for limited personal use so long as such personal use is in keeping with this policy. While the University strives to maintain the privacy of such information that may be personal in nature, the University does not guarantee its confidentiality

Work being performed by System administrators during maintenance or diagnostics may involve the need to access User files or data. This work includes activities such as examining system logs for errors, network monitoring, resolving undeliverable mail, virus and spam filtering, fixing resource constraints, etc. System administrators will endeavor to respect the privacy of Users and handle the information in an appropriate manner.

If an individual is using departmental facilities to access the System, the individual is expected to follow any departmental policies (local AUPs) that are applicable. Copies of these policies are to be made available by the department (see Appendix A for the essential components of a departmental AUP).

Where the User’s access has been revoked or the User has died, access to their data will be conducted according to relevant University of Guelph policies and practices.

Advertising or mass emailing require special authorization by the Office of Communications and Public Affairs or as described in the Mass Electronic Mail Policy.

Users should consider University and community standards when trying to determine if an activity is appropriate. The following is a representative list of some examples of unacceptable use

  • allowing others to access assigned personal accounts
  • accessing another User's account
  • seeking information on passwords or data belonging to others
  • making unauthorized copies or using unlicensed proprietary software, or providing unauthorized copies of proprietary software to others
  • copying someone else's files, or programs, or examining such information unless authorized by the owner
  • unauthorized attempts to collect and/or disclose personal information
  • unauthorized attempts to circumvent computer security methods, operating systems or probing for exposures in other systems or networks
  • using the System for commercial purposes such as promoting by broadcast non-educational profit-driven products or services.
  • intercepting or examination of messages or files without right or authorization
  • interfering or disrupting the work of other Users of the System (e.g. chain letters, ‘denial of service’ attacks) or engaging in any uses that result in the loss of User or System files
  • attempting to circumvent security or resource restrictions by actions such as obscuring or falsifying your identity
  • failure to maintain reasonable security precautions for your accounts or accesses
  • any activity that violates any other University of Guelph policy or code
  • any activity that violates federal, provincial or municipal laws or regulations

Complaint and Violation Resolution Process

  1. The Chief Information Officer (CIO) or designate may become aware of alleged violations of the Acceptable Use Policy, either through a complaint or through the course of normal operations. The CIO will initiate a preliminary investigation to determine if sufficient grounds exist for further action. If, in the opinion of the CIO, the integrity or security of the System (including User services and data) is at risk or if there is a suspected violation of a federal or provincial law, the CIO may take interim action as necessary. Such action may include, but is not limited to, the locking of an account or access point prior to a formal investigation. The CIO may suspend the interim action before the disciplinary process is complete if the risk to the System has been satisfactorily addressed.
  2. The preliminary investigation will be completed in a timely manner. If the preliminary investigation requires the examination of the files, programs, or passwords of individual Users, the Chief Information Officer (CIO) will review the situation with the appropriate Vice-President and receive authorization before proceeding with the investigation, and in such cases the CIO will report the results of the preliminary investigation to the Vice-President. The CIO will also work with any department, when needed, in the investigation of violations of their local AUP and the referral to the appropriate disciplinary designate as indicated below.
  3. As a result of the preliminary investigation the CIO will take one or more of the following actions:
    1. If the CIO finds no evidence of a violation of the AUP, then no action will be taken other than to inform the complainant(s), if any, of this decision.
    2. If the CIO determines that there has been a violation of the AUP but the offence is not serious, then the User will be informed of this decision and directed to discontinue the activities that have been deemed to violate the AUP.
    3. If the CIO determines that the User has possibly violated federal or provincial law or a municipal by-law the CIO will, in addition to any other actions, refer the matter to the University of Guelph Security Services .
    4. If the CIO determines that the User has violated the AUP and that the offence is serious, such as in 3c above, or if there is a pattern of repeated misuse or if the User refuses to comply as directed in 3.b, the CIO will refer the matter to the appropriate disciplinary process as described in paragraph 4. The CIO may also ask the appropriate Vice-President for authorization to initiate or maintain any actions as needed to protect the System while the matter is under review by the appropriate disciplinary process.
  4. Potential violations that fall under paragraph 3.d will be forwarded by the CIO to the appropriate disciplinary process. The CIO may authorize one of the following designates to take responsibility for taking the complaint forward.
User Designate
Student Security Services / College Dean
Staff The appropriate manager/supervisor
Faculty Departmental Chair
Chair College Dean
Alumni Chief Information Officer
Institutes and other Affiliated organizations Chief Information Officer
All other Users Chief Information Officer

Definitions

Chain letter is an email directing recipients to send out multiple copies of it so its circulation increases exponentially

Commercial purposes are any use of the facilities that would financially benefit any unauthorized individual or group

Denial of ServiceAttack is any process, software system or component interference that causes disruption of system services to other Users.

Mass Mailings are unsolicited, unauthorized, and/or frivolous mailings of 20 or more identical or nearly identical pieces of email sent to other email recipients. Such mailings, consisting of substantially identical letters, attachments, or other material, are distinct from mailings made in direct response to communications from persons, members of a listserv or groups who reasonably should expect to be contacted by email as part of their affiliation with the University (bargaining units, departments, administrative staff, etc.)

Probe is an attempt to gain access to a computer and its files through a known or probable weak point in the computer system.

Proprietary software is any program, data or process protected by license copyright or whose use or ownership has restrictions

Spam is unauthorized bulk electronic commercial email that is sent unsolicited to multiple Users

System Administrators means any University of Guelph employee responsible for the supervision and support of any shared computing resource

Sites for Relevant University of Guelph Policies

Appendix A

Essential Components of Departmental AUP’S

  1. The Department AUP must be consistent with the University of Guelph AUP
  2. A copy of the Department AUP should be available on the Department’s web site.
  3. Define/describe the computers/network that the Department AUP applies to.
  4. The Department AUP should make reference to the University’s AUP.
  5. List the web locations that the current University and Department AUP’s can be found.
  6. Listing of User’s responsibilities and expectations specific to the Department unit.
    • Examples should be provided so it is clear to the Users what actions/activities are unacceptable.
  7. Indication as to what types of examinations/actions will be routine within the Department computer/network facility. System administrators will endeavor to respect the privacy of Users and handle the information in an appropriate manner
  8. How accounts/access to the department computers/network are terminated.
  9. Describe the circumstances under which the department head may authorize access to an individual’s data that is deemed essential to the department.
  10. How suspected violations of the Department AUP are handled.
    • Dept chair for violations specific to the Department AUP
    • Chief Information Officer for issues related to the University AUP
  11. An appeal process should be outlined
  12. The Chief Information Officer will review any departmental AUP prior to implementation to ensure compliance with this document.
University of Guelph
50 Stone Road East
Guelph, Ontario, N1G 2W1
Canada
519-824-4120