Draft for Comment – January 2014
Associate Vice-Principal IT / Chief Information Officer
The following are definitions for key terms used in this policy:
An electronic set of information or data, such as a database, file or document, that is classified as personal, confidential, or operationally-sensitive, as defined under the Queen's University Data Classification Standard. Whether it is stored on or off campus does not matter.
The Department Head or Director of a Queen's department, or the Principal Investigator or Lead Researcher for a research unit or project.
For other definitions, please see Electronic Information Security Definitions.
Purpose/Reason for This Policy:
The purpose of this Policy is to establish the responsibilities of members of the Queen's community with respect to their use of Information Technology (IT) resources, and those actions necessary or that should be avoided in order to fulfill these responsibilities.
Scope of this Policy:
This Policy applies to all Queen's faculty, staff and students, as well as to contractors or agents engaged by a department or employee, or any individual using Queen's IT Resources, whether on-campus or remotely.
The use of Queen's Information Technology (IT) resources must be consistent with the academic mission of the University. These IT resources are provided to support the teaching, learning, research and administrative activities of the Queen's community. As a member or guest of the Queen's community, you may have access to valuable internal and external networks and resources, and Sensitive Information, and you are expected to use these resources in a responsible, ethical, and legal manner. Your actions should not adversely affect the ability of others to use these resources, or compromise the security and privacy of sensitive information.
You will use Queen's IT resources for the academic and administrative purposes for which they are intended. You will:
a) use only those IT Resources that you have been authorized to use, unless those resources are intended to be generally available to the Queen's community; and
b) not use IT Resources for commercial activities unless such activities have been authorized in writing by the University, and do not adversely impact other users, or introduce risk to the security of personal or confidential information or the Queen's IT infrastructure.
You will not adversely affect the ability of others to use IT resources within or external to Queen's, or compromise the integrity or reliability of those IT resources. You will:
a) ensure that your personal computer or workstation is maintained in accordance with Electronic Information Security Guidelines; and
b) not use Queen's IT resources in a manner that interferes with the normal operation of IT resources within or external to Queen's, or hinders or encroaches on the ability of others to use those resources.
You will not compromise the security and privacy of sensitive information. You will:
a) keep your user authentication credentials, such as user accounts and passwords or similar authentication credentials, secure, such that they cannot be used by others;
b) choose secure passwords for your user accounts;
c) preserve the confidentiality of any University information to which you have access in the course of your employment or academic activities at Queen's;
d) preserve the privacy of any personal or confidential information about or belonging to other individuals, to which you have access in the course of your employment or academic activities; and
e) take the necessary precautions to prevent theft or unauthorized use of computers, storage devices, and information.
You will use IT resources in a manner which is consistent with all University policies and does not cause damage to the University. You will:
a) maintain familiarity with Queen's Information Security Policies, Standards and Guidelines, and seek clarification from ITServices about any elements that are unclear; and
b) adhere to the terms of any contractual agreements or arrangements between Queen's University and external service providers or organizations, and use such resources for the intended academic and/or administrative purposes only.
You will not violate the rights of others or contravene the laws of Canada and/or the Province of Ontario in your use of IT resources. You will:
a) respect the copyright and intellectual property rights of others, whether at Queen's or elsewhere;
b) respect the licensing agreements and terms for all software, and only install and use software as permitted in the license agreement for that software;
c) not use Queen's IT resources for any activities or actions which are illegal or do not comply with Canadian or Ontario legislation; and
d) not use Queen's IT Resources to do anything that is a violation of the rights of others, such as displaying or distributing obscene, harassing, defamatory, or discriminatory material or messages.
You will report suspected, known or observed IT or information security risks or exposures of a serious nature by following the Procedures for Reporting IT or Information Security Incidents or Risks.
Unit Heads are responsible for ensuring that all supervisors, employees, students, guests and contractors are made aware of their responsibilities under the Queen's University Electronic Information Security Policy Framework.
Failure to comply with these responsibilities will be considered a violation of this policy.
Contact Officer: Information Systems Security Manager – ITServices
Date for Next Review: TBD yyyy-mm-dd
Related Policies, Procedures and Guidelines:
Policies Superseded by This Policy