Marquette University, a Catholic, Jesuit, urban university, is dedicated to pursuing truth, discovering and transmitting knowledge, promoting a life of faith, and developing leadership expressed in service to others. Its educational mission reflects a commitment to intellectual rigor, social justice and an active engagement of contemporary issues. The university provides electronic resources to faculty, students and employees to effectively perform their job duties.
The purpose of this policy is to explain the rights and responsibilities that users share in sustaining the electronic resources (E-resources as detailed below in Resources covered) made available to them by the university. This policy will provide a reference for university students, faculty, staff and authorized guests and will communicate the roles and responsibilities of those charged with maintenance, operation and oversight of university E-resources.
Within the university community, each person will have differing purposes for accessing E-resources; however, each person also has a shared responsibility to utilize those E-resources in a manner consistent with the university's policies, procedures and codes of conduct, including, as applicable, those found in the "At Marquette" student handbook, University Policies and Procedures, and the Employee Handbook. In addition, users are bound by the requirements of local, state, federal and international laws and contractual commitments including, without limitation, the acceptable use policy of the university's internet service provider(s).
By striving for compliance within our community, the university can assure its ability to provide, maintain and protect the confidentiality, integrity and availability of the university's data, systems, services and facilities.
This policy applies to all persons accessing or using university E-resources. This includes university students, faculty and staff, authorized university guests, and all persons authorized for access or use privileges by the university, hereafter referred to as users.
E-resources covered by this policy include, without limitation:
Individual areas (e.g., departments, colleges and divisions) within the university may define supplemental policies or conditions of acceptable use for E-resources under their control. These additional policies or conditions must be consistent with this policy but may provide additional detail, guidelines and/or restrictions. This policy will supersede any inconsistent provision of any unit policy or condition.
CONFIDENTIALITY
All users with access to confidential data are to utilize all appropriate precautions to maintain the accuracy, integrity, and confidentiality of the data and ensure that no unauthorized disclosures occur.
EXPECTATION OF PRIVACY
User's rights
The university provides electronic resources to users to effectively perform their job duties. The university will not routinely monitor an individual user's electronic data, software or communication files.
University processes
Users should be aware that electronic data, software and communications files are copied to backup tapes and stored. Items that were deleted may be preserved on backup tapes and retrieved if necessary. All activity on systems and networks may be monitored, logged and reviewed by system administrators or discovered in legal proceedings. In addition, all documents created, stored, transmitted or received on university computers and networks may be subject to monitoring by systems administrators.
University rights
The university reserves the right to access, monitor and disclose the contents and activity of an individual user's account(s) and to access any university-owned E-resources and any non-university-owned E-resources, on university property, connected to university networks. This action may be taken to maintain the network's integrity and the rights of others authorized to access the network. Additionally, this action may be taken if the security of a computer or network system is threatened, other misuse of university resources is suspected or the university has a legitimate business need to review such files (e.g., due to sudden death or incapacity of the employee). This action will be taken only after obtaining approval from the area vice president/dean appropriate to the circumstances, the president/provost/general counsel, when compelled by court order, or when there is deemed to be an urgent and compelling need to do so.
E-RESOURCE USE
All users have the following:
Rights
Responsibilities
Each user shall:
Restrictions
Users may not do the following:
COPYRIGHTS AND LICENSES
Software may not be copied, installed or used on university E-resources except as permitted by the owner of the software and by law. Software, subject to licensing, must be properly licensed and all license provisions (including installation, use, copying, number of simultaneous users, terms of the license, etc.) must be strictly adhered to.
All copyrighted information, such as text and images, retrieved from E-resources or stored, transmitted or maintained with E-resources, must be used in conformance with applicable copyright and other laws. Copied material, used legally, must be properly attributed in conformance with applicable legal and professional standards.
Federal law provides severe civil and criminal penalties for the unauthorized reproduction, distribution or exhibition of copyrighted materials. Criminal copyright infringement is investigated by the FBI. The civil penalties for copyright infringement not registered with the Library of Congress include actual losses sustained by the copyright owner as the result of the infringement. When it comes to a registered copyright filed with the Library of Congress, the copyright owner can also obtain triple damages above and beyond actual damages, together with attorney fees in a copyright infringement case. The possible criminal penalty for copyright infringement is up to five years in prison and up to a $250,000 monetary fine.
NON-ORGANIZATIONAL USE
Users may not use E-resources for:
University E-resources may not be used for commercial purposes, except as specifically permitted under other written policies of the university or with the written approval of Vice President for Finance. Any such commercial use must be properly related to university activities and provide for appropriate reimbursement to the university for taxes and other costs the university may incur by reason of the commercial use.
MISUSE OF E-RESOURCES
The university recognizes and allows for the fact that employees and others covered by this policy may, on rare occasions, use the university computer network for non-work or non-university-related purposes. Such use is a privilege and not a right. An example of such use would be the accessing of an information website on the internet or sending or responding to an email for necessary personal needs. Such use is to be kept to an absolute minimum and should be limited to breaks or lunch periods. In no way may such use interfere with an employee's work, customer service, responsibilities of the workplace or the necessary, reputable business of the university. University E-resources may not be used in any way for non-organizational uses as specified in the Non-organizational Use section of this policy. In any and all cases, where acceptable use comes into question, management of the university reserves the right to determine what is appropriate and acceptable and what is not. Violations of university policies will result in one or more of the following actions:
All users are encouraged to report to IT Services TechSquad any suspected violations of university computer policies, such as unauthorized access attempts. Users are expected to cooperate with system administrators during investigations of system abuse. Failure to cooperate may be grounds for disciplinary action.
If a system administrator has persuasive evidence of the misuse of E-resources and that evidence points to a particular individual, the administrator must notify the chief information officer. The chief information officer shall review the evidence and pass the matter on to the appropriate area of the university for possible disciplinary action, if appropriate. During the investigation, the user's E-resource privileges may be restricted or suspended.
The university retains final authority to define what constitutes proper use and may prohibit or discipline use the university deems inconsistent with this or other university policies, contracts and standards.
CONTROLLING ACCESS TO E-RESOURCES
User IDs and passwords are the primary method used to authenticate users of Marquette University's E-resources. They assist in preventing unauthorized individuals from accessing E-resource systems or particular data stored on systems.
When there is a high threat of password compromise or when an application has particularly sensitive authentication needs, forms of access control other than user IDs and passwords, such as tokens, digital certificates or one-time passwords, can be utilized.
Users must submit any and all required forms, signatures and authorizations when requesting user IDs. This includes showing their acceptance of this policy through written or electronic means before user IDs will be issued.
Physical Access Control
Direct physical access to certain E-resources such as servers, data networking devices and telecommunications switches is restricted.
Rooms containing critical E-resources must be secured strongly. All entrances to such rooms must be closed and locked at all times. Alarms, sensors and other types of physical security systems must be utilized to further secure these facilities and to detect and report emergency conditions that might occur. Signs outside the rooms must not indicate the sensitivity of the equipment inside. Appropriate fire suppression systems must be in place. Equipment should not be left logged on while unattended. Visitors must be escorted at all times.
Authorized personnel may be granted access to server or network equipment rooms through the issuance of ID cards or keys or through the use of passwords or other access codes. These access controls may not be shared with any other personnel. If an authorized person is leaving their current role and should no longer have access to systems, his or her access must be revoked immediately upon the termination of duties. In the case of employees or independent contractors, departments must promptly notify Human Resources of such changes.
All access to server and network equipment rooms made by authorized personnel, escorted visitors and vendors must be logged when entering the room. Server access logs must be available for review. Vendors must supply the names of all authorized personnel that will be performing on-site work and must keep the list up-to-date at all times.
If university personnel believe that an unauthorized person gained or attempted to gain access to a server or network equipment room, they must contact the Marquette University Police Department immediately.
E-RESOURCES OPERATION, MAINTENANCE AND ADMINISTRATION
All system administrators (those individuals charged with the daily administration of E-resources within a unit of the university) have the following:
Rights
Responsibilities
Restrictions
UNIVERSITY ADMINISTRATORS AND AUTHORIZED ITS STAFF HAVE THE FOLLOWING:
Rights
Responsibilities
Restrictions
The university reserves the right to change the policies, information, requirements and procedures, announced in this policy, at any time. Changes required by university contractual commitments shall be effective and binding to users upon execution of any such contract by the university. A user shall be deemed to have accepted and be bound by any change in university policies, information, requirements or procedures if such user uses E-resources at any time following announcement or publication of such change.