Table of Contents
Security and Privacy
Network Usernames (userids) and Email Accounts
Wireless Routers/Access Points
Related Policies & Forms
The purpose of the Internet and Network Resources Acceptable Use Policy (AUP) is to provide Users of the network resources guidance on their responsibilities, the general regulations regarding the network resources, information about security and privacy, the policies regarding network usernames (userids) and email accounts, webpage guidelines, personal wireless routers and access points, copyright, policy enforcement and how to report violations.
The University Information Technology Services (ITS) department manages the University Network (the Network). The University encourages Faculty, Staff, Students, Visitors, Contractors & Vendors to exchange information using the Network while reserving the right to monitor, manage and control its use. This policy is based on common legal, ethical and professional standards. Adherence to this policy protects all Users and helps keep the Network a safe and rewarding place to navigate.
Users must not violate this “Acceptable Use Policy (AUP)” or local, state and federal laws while using the Network.
These responsibilities have been established to protect Users from fraud and to ensure a safe and harassment-free computing environment.
- Users are responsible for their use of the University Network and computer equipment, and for protecting their Username (userid) and password.
- Each User is issued a single Username (userid) and password that gives them access to the Network, Office 365, etc.
- Users are responsible to report unauthorized use of their Network Username (userid) to the Director or Executive Director of ITS. Using the Network without permission or failing to report unauthorized use can be a violation of federal and state law.
- Users are responsible for safeguarding their own and others' personal information. They should not enter or send personal information such as Usernames (userids), passwords, date of birth or social security number, driver’s license, credit card numbers or medical/health data in email, electronic meeting notices/appointments, attachments, chat rooms or instant messages (IM), or to unsecure websites. They should not save or store such personal information on any electronic media or format including local hard drives or images without consulting with IT Services regarding security.
- Users are responsible for knowing the University's Harassment Policy. Employees see: SVSU Operations Manual. Students see: Anti-Discrimination/Harassment Policy.
- Users are responsible for respecting copyright. For additional information refer to the Copyright section below and the SVSU Copyright Policy in the SVSU Operations Manual.
User's will respect the privacy and security of the University Network, other users, other entities, and the intended use of the Network. Individual units or departments may set up additional guidelines that go beyond, but do not take the place of, these regulations.
- Users must not:
• Use or attempt to use someone else’s Username (userid) and password,
• Give their own Username (userid) and password to anyone,
• Give another User’s Username (userid) and password to anyone else,
• Use their own Username (userid) and password to log someone else onto the University Network.
- Users must not download and/or install copyright protected software, videos, images, data, music or any other material from any source, including peer to peer and shareware networks, unless the User has (a) written permission from the author to use the material, (b) purchased the material from the product owner or a business with authorization to sell the copyrighted material, or (c) complied with the educators fair use guidelines of the Copyright Act of 1976 (see SVSU Copyright Policy or Copyright below).
- Users must not send unsolicited bulk mail messages (“junk” mail, “chain” messages or spam), forge emails, send mail that will intimidate or harass other Users, or use network server space in a way that interferes with the efficiency of the Network. Users must not send numerous repeated messages, transactions or emails to another user or site (“mail bombing” or “denial of service attack”).
- Users must not intentionally damage, alter or bypass software, hardware or Network components.
- Users must not use the University Network for partisan political activities, revenue-generating advertising, promoting business not related to the University, or personal business.
- Users must not harass, threaten or intimidate other University or non-University Users. Users must comply with all University rules regarding harassment and discrimination.
- Users must not misrepresent their identity or relationship to the University when obtaining a University Username (userid) or other University Network services.
- Users must not search for information on, get copies of, or change files of passwords or security settings belonging to the University or other Users or entities.
- Users must not search for, use or distribute information on the Network architecture, hardware or software components, databases, computer equipment, security components, or security by-pass techniques of the University, or any other entity.
- Users must not use any University or personal computer equipment or device connected to the Network to initiate, plan, produce, install or run programs that attempt to or successfully:
• Bypass or disable any University Network security, registration, management system or device.
• Bypass the encryption, licensing or delivery control of any licensed product in any form or media.
• Damage or use excessive resources on the University Network or anywhere on the Internet.
• Upload computer viruses, Trojan Horses, worms or a distributed “denial of service attack.”
- Users must not tie up the University Network with game playing or personal uses, or use hardware or software that results in overloading the University Network or outside Internet resources or services, by sending numerous Internet transactions, establishing numerous Internet connections or by any other method. This includes, without limitation, any peer-to-peer system such as bit-torrent or similar programs.
- Users may connect personal computers, cell phones and tablets to the University Network. Users are responsible for ensuring that they have the appropriate anti-virus and malware protection on their devices. If the device causes issues to the Network, the user is responsible for removal of such device immediately upon notification from ITS. Gaming Systems, Personal Entertainment Systems (e.g. Roku, Chromecast, etc.) and Wireless Printers are allowed to be connected in Student Housing. Wireless printers must be connected to the SVSU Wireless Network and will be configured not to broadcast their own SSID. Wireless printers broadcasting their own SSID must be disconnected from the SVSU network immediately upon notification from ITS. No other non-SVSU supplied devices (e.g. Network attached Storage, Wireless Routers, etc.) are allowed to be connected to the Network unless approved by ITS in advance.
- Users must not publish course content or course work in whole or in part, no matter what the medium, prepared by other Users to web sites without the express written consent of the author. This includes, but is not limited to, comments, lecture notes, papers, audio, video and research.
- Users must not promote illegal activity or material that negatively affects the University, or distribute copyrighted, pornographic or licensed software or material.
- Users must use the Network in a manner consistent with the University's instructional, public service, research and administrative mission. The Network may not be used for personal business or personal gain except as permitted by other University policies or explicitly stated in University contracts. However, Users may create individual web pages that provide information related to their position at the University. These pages may contain information related to academic and professional interests only if they are consistent with University web policies (see Web Pages below).
- Users are responsible for safeguarding personal information that they must handle in the performance of employment.
• Users must not enter or send personal information such as passwords, date of birth or social security number, driver's license, credit card numbers or medical/health data into email, electronic meeting notices/appointments, attachments, chat rooms or instant messages (IM), or unsecure websites.
• Users will not transmit documents or files with personal information across the Network or internet without using encryption, secure vlans, etc.
• Users that store documents and files with personal information must store them on network shared drives, not on local "hard drives" or portable data storage media, or cloud destinations such as, but not limited to, Dropbox, Google Drive or Apple iDrive.
Security and Privacy
The University uses safety measures to protect the security of the Network, computer systems and User accounts. However, Users should be aware that the University cannot guarantee security and confidentiality. Therefore, Users should exercise safe-computing practices by guarding their Network Username (userid), password and personal information.
- Users should be aware that their University messages, sent or received, in connection with University business may be considered public records and may be disclosed to members of the public upon request.
- Users should be aware that their University address may be listed in University directories.
- Users should be aware that their use of the Network and computer system is not private. The University does not regularly monitor individual use, but the normal operation, maintenance and fine-tuning of the Network require:
• The back-up and caching of all forms of data and Internet communications
• The logging of activity
• Use patterns to be checked
• Other actions necessary for the delivery of service
- Users should be aware that their University Network and computer activity, including the content of individual communications, may be monitored without notice when:
• Users have voluntarily made them available to the public by posting to a Usenet or a web page
• It is necessary to protect the reliability, security or operation of the University, the Network and computer systems, or to protect the University from liability
• There is concern that the User has violated or is violating this policy
• Users appear to be engaged in unusual or uncommonly excessive activity
• It is required by law.
- Users should be aware that the University may disclose the results of any general or individual monitoring, including the contents and records of individual communications, to the proper University staff or police agency, or use them in University disciplinary proceedings (see Enforcement below).
Network Usernames (userids) and Email Accounts
University-approved policies for issuing, limiting or disabling Network Usernames (userids), email accounts, and Internet or computer system use are explained through the SVSU Information Technology Services Policies.
- University students, faculty, staff and administrators are automatically issued a University Network Username (userid) and email account. Alumni and retirees (those requesting an email account after retirement) may keep an email account per the following guidelines:
- Upon graduation or retirement, an individual’s SVSU O365 account will transition to an email-only account. An email will continue indefinitely as long as the alumnus/retiree continues to make the required annual password change indicating the account is actively being used. Notifications are sent prior to password expiration. If the password is not changed, an additional 30-day notice is sent. At the end of that time, if no response has been made, the account will be terminated and the mailbox and all messages will be removed from the system and not recoverable. Multi-Factor Authentication (MFA) will be enforced on all active alumni and retiree email accounts.
- Each User is permitted only one account and prohibited from using another User’s account unless the second User grants proxy access through each system (primarily email).
- The University reserves the right to limit the length of time emails can be saved in the email database. ITS can discard old email and email messages unopened 90 days after receipt once notice is given to Users.
- The University reserves the right to stop incoming mass mailings (spam) without informing the sender or intended recipient.
- The University reserves the right to regularly send out general information to Users through University email. In the future, email will be the main method used to communicate very important University information to Users, including financial aid awards and academic standing. Refer to the Student Email Communication Policy.
- Employees shall not create email rules or processes in their SVSU email account that automatically forwards emails outside of the SVSU email system.
- The University reserves the right to maintain lists of University email addresses. The lists are only used to distribute information to Users and are not available or sold to any outside company.
It is the policy of the University to ensure its web site(s) correctly represents Saginaw Valley State University and its mission; are accurate, well-written, timely and visually appealing; and is of the same high standards as other official communications.
- All official SVSU webpages must:
• Comply with all laws governing copyrights, intellectual property, libel and privacy,
• Not violate any policy, rule or regulation of the University,
• Not be used for non-SVSU commercial activities,
• Comply with Americans with Disabilities Act standards or provide text-only alternate versions.
- The University owns and has exclusive rights to all official webpages and the digital assets published under the svsu.edu domain; and any such webpages stored on servers or devices owned or leased by, or contracted for, the University.
- Faculty, staff and students may create personal web pages for use in their various academic and administrative duties and activities, and may publish on SVSU's web servers. Personal webpages are not recognized as part of “svsu.edu”, however, the contents of an individuals' webpage published on SVSU’s servers must comply with the University’s Acceptable Use Policy, and adhere to University standards when using University logos and/or graphics.
- Registered student organizations (RSO’s) may create web pages using tools approved by The Office of Student Life. The Office of Student Life must verify that the student organization is active and officially recognized by the University before a link can be created from an official page to the student organization's home page. The contents of student organization websites must comply with all University policies.
- Except for approved University-related items, sale of goods and services is prohibited on any SVSU site. Non-SVSU advertising, merchandising and commercial activities are prohibited in the svsu.edu domain.
- University web pages must not contain links to commercial web sites unless those companies are corporate sponsors or partners of the University. Links to non-commercial sites are permitted only if the content of those sites comply with the University’s Acceptable Use Policy.
- ITS reserves the right to disable a website that belongs to a club, organization, employee or student if security vulnerability is found or for other reasons as deemed appropriate by the University. The site may, at the University’s sole discretion, be restored if the owner corrects the vulnerability.
Wireless Routers/Access Points
The University does not allow personally-owned routers or wireless access points to be installed anywhere on campus or in student housing. For more detailed information, please contact the I.T. Support Center.
Refer to SVSU Copyright Policy for additional information on copyright.
Using the University Network to copy, store, display or distribute copyrighted material (licensed software programs, data, images, music or any other materials) without the permission of the copyright owner, except as otherwise allowed under the U.S. Copyright Law, is prohibited. See these sites for additional information including fair use of copyrighted material:
Under the Digital Millennium Copyright Act, the University is obligated to take appropriate enforcement action if it receives a complaint that unauthorized copyrighted material is being published or downloaded on the University Network.
To report online copyright infringement or violations, notify the University’s agent in accordance with the U.S. Online Copyright Infringement Liability Limitation Act (OCILLA). (This contact information is for communications under the Act only. Please do not send any other information to this address.)
Various methods are used to enforce this policy ranging from warnings, loss of privileges for visitors/guests, expulsions for students and termination of employees.
Violations of the law will be reported to the appropriate authorities.
Report violations of the University’s “Acceptable Use Policy” to the department managing the computer equipment involved. The responsible department managers should immediately inform their Executive Director or the Executive Director of ITS of the violation. Depending upon the nature and severity of the violation, the Executive Director, ITS Director or a designee, shall refer the matter for appropriate action.
Users – Any faculty, staff, student, visitor, contractor, or vendor provided access to SVSU’s network resources.
Related Policies & Forms:
SVSU Information Technology Services Policies
Copyright Policy 1.0-6
Student Email Communication Policy 4.6-2
Anti-Harassment/Discrimination Policy 2.5-2
Digital Millennium Copyright Act
Online Copyright Infringement Liability Limitation Act (OCILLA)