Office of Information Technologies Resource Use Policy DRAFT for FSUCECC evaluation November 16, 1995 1.0 Preface This document describes the guidelines that OIT uses in providing services to its Clients. The Associate Vice Chancellor of the Office of Information Technologies has great leeway within these guidelines to assure that services operate smoothly. Many people and organizations, local and distant, use OIT Services. Within this document we refer to this collective group as Clients. This document is intended to tell Clients what they can expect from OIT and what OIT expects from them. 2.0 OIT Responsibilities OIT operates a variety of services for its Clients, and assures its Clients that it will use its best efforts to maintain the integrity of these services. By maintaining the integrity we mean that the services will operate according to schedule, efficiently, correctly, and securely. OIT will take any action necessary, including but not limited to unannounced inspection of a Client's information, denial of access privileges, and instigation of formal University disciplinary procedures, in order to protect the integrity of the services and the security of information. In addition to the policies and responsibilities discussed in this document, OIT will also rely on other relevant University documents, such as "Undergraduate Rights and Responsibilities," when appropriate. Any restrictive actions taken by OIT will be short-term measures designed to address immediate concerns about the integrity of our services. Long-term actions will be taken only by campus administrative bodies following procedures defined in campus regulatory documents. 2.1 Distributed Access OIT maintains connections to various computing and network services, and considers these connections to be among the most vital of its functions. OIT has a responsibility to help maintain the integrity of these services. OIT will treat any attempt to compromise the integrity of these services through OIT resources as if the attempt were directed at OIT services. 2.2 Moderate Security OIT uses its best effort to ensure that the information in its systems is secure. By secure we mean that the information in OIT's resources will be safe from unauthorized access, and that OIT won't lose the information. It is important to realize that OIT cannot make these guarantees absolute. 2.3 Privacy Certain information stored on or accessible through OIT resources is public information. Public information includes information that is accessible through the World Wide Web, CWIS, newsgroups, and certain commands such as "whois." Clients can also make their own information public through the use of certain commands. All other information is non-public information. OIT will inspect the contents of non-public information to protect the integrity of its services. OIT may also inspect non-public information as directed by the UMass Administration pursuant to other policies. OIT makes no attempt to censor any information held on its systems. 2.4 Backup OIT runs backup procedures on its computers every evening. Theoretically, in the event of a computer failure, it is possible to recover all information stored in a computer at the time of the last backup. There are occasional problems with these restorations which can result in other lost information. 3.0 Client Responsibilities OIT Clients must bear certain responsibilities in order to continue using OIT services. Responsible Clients are necessary if OIT is to provide reliable services. OIT resources are not immune to tampering. OIT relies on its Clients to refrain from deliberate abuse of the resources. Several other specific responsibilities are described below. 3.1 Proper Use OIT resources are funded by a variety of Federal, State, University, student, and commercial sources. Clients may use OIT services only when it is appropriate that the use be supported by public funds. 3.2 Shared Resource OIT resources are limited, and shared by many Clients. To avoid performance problems and/or unnecessary expenses, Clients must refrain from initiating activities that disrupt normal operations. 3.3 Unauthorized Access Clients must only access information that belongs to them, is permitted to them, or is public. Clients must not attempt to decode, crack, or discover information that belongs to others. OIT reminds Clients that there are a variety of ways, beyond the control of OIT, through which their private information may be inspected by others. 3.4 Harassment OIT Clients must not use OIT services to harass others. This is considered a serious offense which OIT will pursue according to University regulations. If a Client wishes to make "objectionable" material available through OIT resources (such as bulletin boards), the Client must clearly label such material. OIT considers sending unrequested objectionable (as defined by the recipient) material to others to be harassment. Clients may not use OIT resources to support inappropriate activities, even if the activities don't interfere directly with OIT resources. OIT will pursue allegations of inappropriate use of its resources with the utmost diligence. 3.5 Back-up files Clients are responsible for maintaining their own multiple, current back-up copies of valuable or critical information to insure against inadvertent loss by OIT. 3.6 Pay attention to OIT Information OIT frequently uses its resources to provide its Clients with important information. We ask that Clients pay attention to OIT announcements in order to protect themselves from unnecessary difficulties. -- Duncan Chesley chesley@oit.umass.edu Director, OIT Computing Administration