Prince Sultan University PSU
Policy Management System
Acceptable Use Policy
Policy Code: | IT0005 |
Policy Name: | Acceptable Use Policy |
Owner: | Information Technology Center |
Responsible Office/Department: | Vice President for Academic Affairs |
Date Created: | 2 February 2017 |
Recent Review: | December 2023 |
Approved by: | University Council, ISO |
Date of Approval: | 2 February 2017 |
POLICY STATEMENT
All users of PSU's IT resources must use them ethically, responsibly, and lawfully. Misuse, unauthorized access, or any action jeopardizing security, privacy, or reliability is prohibited. Violations may lead to disciplinary action, including termination and potential legal consequences.
BACKGROUND AND JUSTIFICATION
Information Technology (IT) resources are crucial for PSU's operations and communication. With the advantages they bring, also come risks. Our IT Acceptable Use Policy ensures these tools are used responsibly and securely, safeguarding the PSU’s assets and reputation.
SCOPE AND PURPOSE
This policy applies to anyone who owns any computing device that is connected to the ITC network. This policy defines the proper use of IT resources. Unauthorized utilization of these resources might expose PSU to numerous risks that include legal liability, virus and worms attacks, and the compromise of networked services and systems.
PRINCIPLES OF THE POLICY
- Any created data on ITC services is considered as the property of PSU. No guarantee that the stored data on ITC services will be confidential.
- Users are held responsible for their personal use of ITC services.
- Any sensitive or vulnerable data should be encrypted. For any queries regarding encrypting documents or Emails, consult ITC Helpdesk.
- Monitoring PSU network traffic is allowed to ITC staff with compliance with Information Security Procedure.
- ITC reserves the right to maintain and audit systems and networks on a regular basis to comply with ITC Policies.
DEFINITIONS
- Information Technology (IT) Resources: Hardware, software, networks, and digital tools provided by the organization to facilitate work-related tasks and communications.
- User: Any individual who accesses and uses the organization's IT resources. This can include employees, contractors, partners, and other affiliated individuals.
- Unauthorized Access: Gaining or attempting to gain access to IT resources without permission or exceeding granted permissions.
- Misuse: Using IT resources in a manner that violates the policy's terms, including but not limited to personal gain, unauthorized distribution of proprietary information, or engaging in illegal activities.
- Security: Measures and protocols in place to protect IT resources from unauthorized access, breaches, and other potential threats.
- Confidentiality: Ensuring that sensitive data is accessed only by those authorized to view it and is protected from unauthorized distribution or disclosure.
- Integrity: Ensuring that information is accurate, consistent, and free from corruption.
- Availability: Ensuring that IT resources are accessible to authorized users when needed.
- Ethical Use: Using IT resources in a manner consistent with the organization's values, moral standards, and applicable laws and regulations.
- Disciplinary Action: Measures taken by the organization in response to a violation of the IT Acceptable Use Policy, ranging from verbal or written warnings to termination of employment or contractual relationships.
RESPONSIBILITIES AND IMPLEMENTATION STRATEGIES
- Users should clearly label their data as “confidential” or “not confidential,” as defined by ITC Organization Confidentiality Policy.
- Users are accountable for maintaining the security of their accounts and passwords.
- Users are responsible for signing out or locking out all systems and accounts when they are not being used; they must not be left unattended.
- Users should be aware of possible attacks when opening e-mail attachments received from unknown senders that might comprise viruses, or Trojan horse codes.
PROCEDURES FOR HANDLING POLICY VIOLATION
Any violation of this policy will result in considering the user to be an Unauthorized User, who is susceptible to disciplinary actions according to the Enforcement section of the ITC Unauthorized Use Policy.