Management, Access and Use of IT Resources

Scope

This policy applies to all University employees and non-University entities when such entities are provided access to University information technology (IT) and/or telecommunications resources.

Reason for Policy

The University’s information technology (IT) and telecommunications networks, facilities and services (hereafter referred to as resources) must be appropriately implemented, managed, accessed and safeguarded in order to support the mission of the University.

This policy assigns responsibility for the management of the University’s information technology (IT) and telecommunications resources and establishes requirements for access to, and required use of, such resources.

Policy Statement

Management of IT Resources
The Vice President for Information Technology (VP for IT) has overall responsibility for the implementation and administration (management) of University IT and telecommunications resources. The VP for IT will work cooperatively with campus Chief Information Officers (CIOs) and other key administrators from each business unit to establish common goals, identify joint and mutually beneficial initiatives and technology solutions and to avoid and reduce duplication of services.

The CIOs are responsible for implementing and administering the IT and telecom resources for their respective campus/business unit, for providing system-wide services when appropriate and for enforcing the access and use requirements of this policy.

Access to IT Resources
The University’s IT and telecom resources are available to the Board of Curators, students, faculty, administrators, staff and other non-University entities referred to in this policy as "users."　Timely and predictable access to these resources must be provided for the effective discharge of academic, research, and business activities consistent with the University’s mission. Access to these resources will be granted according to procedures established by the UM system or the applicable University business unit.

The University has the right to inspect computer networks, equipment and connected resources (systems), and information contained within or transmitted via these resources in certain circumstances as documented in the University’s Acceptable Use Policy (CRR 110.005). Access to electronic information by someone other than the assigned account holder must be sent to the Information Security Officer (ISO) at each business unit and handled according to the guidelines in the Access to IT Accounts & Electronic Information procedures as part of the University’s Information Security Program.

Required Use of IT Resources
University departments and employees are required to use IT and telecom resources provided, endorsed or approved by the central IT division at the applicable business unit when conducting University business. Exceptions to this requirement must be approved by the CIO of the applicable business unit.

Use of IT Resources by Non-University Entities

1. Non-University entities may be permitted use of IT and telecom resources provided such use is consistent with the goals and mission of the University, and:
   • The services to be provided are uniquely available from the University, or;

   • The relationship between the University and the non-University entity is such that mutual concerns over access, security and cost-effectiveness are best addressed by sharing these facilities and services (i.e., co-located in the same University-controlled space, formal partnership agreement in place, etc.).

   • All requests for access to IT and/or telecom resources by a non-University entity must be sponsored by the University.
2. Any use authorized under this section must be documented in a written and signed agreement that specifies the rights and responsibilities of the University and the non-University entity.　 The agreement must be approved by the business unit’s CIO and the VP for IT and must be executed by the appropriate delegated authority.

3. The non-University entity may be charged for such services.

Sanctions
Failure to abide by this policy may result in denial of access to University IT and telecom resources and may also result in disciplinary action up to and including termination.

Definitions

Centrally Provided - Centrally provide IT services include those provided across the UM System for all business units as well as those provided by the central IT division/department at each business unit.

Employees - includes University faculty, staff and student employees, and volunteers conducting work for, or on behalf of, the University.

IT and Telecommunications facilities and services - for the purpose of this policy, IT and telecom facilities and services are resources provided, authorized or endorsed by the central IT department.  Examples of these resources include, but are not limited to, enterprise applications such as email and PeopleSoft, high performance computing systems, content management systems, learning management systems, data and video networks, telephone services, voice over IP services and voicemail.

System-wide services - IT and telecom resources provide by the University of Missouri System or provided by an individual campus or other business unit for use by all business units.

Accountabilities

Vice President for Information Technology:

• Work with CIOs in a manner that leads to the implementation, adoption or endorsement of centrally provided IT and telecommunications services as appropriate
• Publishing a list of services and how to obtain such services in an appropriate location

Campus/business unit CIOs:

• Promote and enforce use of centrally provided IT and telecom services when appropriate
• Publish a list of services and how to obtain such services
• Establish and publish procedures for request/sponsorship of non-University entity accounts and provisioning of IT and telecom resources as requested

University administrators and managers:

• Enforce the required use of official University IT and Telecom resources by their employees when conducting University business
• Sponsor accounts and provisioning of IT resources for non-University entities when appropriate

University employees:

• Use centrally provided or endorsed/approved resources when conducting University business

Additional Details

Forms

Access to Electronic Resources: /media/fa/is/infosec/access-request-form.pdf

Related Information

Users of University IT and Telecom resources must adhere to all applicable University policies and procedures.  This includes, but is not limited to:

• CRR 110.005 – Acceptable Use Policy
• Policy 26101 on Procurement Authority
• Policy 26402 on Special Purchases
• Policy 23001 on Records General Policy
• Policy 12003 on Information Security
• Policy 12004 on Information Technology and Telecommunications Purchases
• Policy 12005 on Telephones and Communication Devices

History

This policy combines the following former policies:

• Business Policy Manual 1201 – Management, Access and Use of IT Resources (revised 10/17/2012)
• Business Policy Manual 403 – Non-University Use of Computing Facilities

Procedure

The following websites provide links to the centrally provided resources and account management processes available at each campus/business unit:

Missouri University of Science &Technology, http://it.mst.edu/
University of Missouri, Columbia, https://doit.missouri.edu/   (MU and UM System)
University of Missouri, Kansas City, http://www.umkc.edu/IS/
University of Missouri, St. Louis, http://www.umsl.edu/technology/