UNIVERSITY OF PITTSBURGH POLICY 10-02-05

CATEGORY:              SUPPORT SERVICES
SECTION:                  Computing, Information, and Data
SUBJECT:                 Computer Access and Use
EFFECTIVE DATE:   February 1, 2007 Revised
PAGE(S):                   3

I.    SCOPE

      This policy establishes restrictions regarding the access and use of University owned

      and maintained computers, computer systems, computer networks, electronic

      communications facilities, and other related computing facilities used to store and

      process data, text, and software used by the University.

II.   POLICY

      Access to University Computer Services

      University owned computing equipment may be used only by:

      -     Faculty, staff, and students for recognized instructional research, or

            administrative purposes within the University.

      -     Organizations whose use of such services is for a recognized public service.  For

            purposes of administering this policy, such classification will apply only if the

            organization has been designated as federally tax-exempt under the Federal

            Internal Revenue Statutes and whose purpose for use of such services is

            approved by the University’s Office of the Provost.

      -     Faculty and staff under professional consulting arrangements provided:

            1)   an application for services is approved by the Office of the Provost and an

                  external sponsored account is established,

            2)   a formal contractual arrangement is entered into with Computing Services

                  and Systems Development (CSSD),

            3)   payments at prevailing rates are made for such services, and


            4)   the employee is not acting as a broker for purchase of services for any

                  external organization.

      The agreement between the University and qualified tax-exempt organizations or

      consulting employees as defined above must be renewed on an annual basis and at

      any time be canceled by either party thirty days after receipt of written notice of

      cancellation by either party.

      The computer services provided for external usage must be no greater than that

      normally available to internal users and will be limited to the extent that they do not

      adversely affect the mission or needs of the University.

      Appropriate Use of University Computer Services

      University-owned computing equipment, networks, services and resources, including

      electronic mail and other forms of electronic communication, are provided for the

      purpose of conducting University-related activities and are therefore considered

      University property.  The University, as owner of such property, has the right to

      access information on the system stored, sent, created or received by employees,

      including electronic mail, as it deems necessary and appropriate.  As such,

      employees should not expect individual privacy in the system.

      University employees and students are obligated to protect University computing

      systems from illegal or damaging actions, either knowingly or unknowingly.  The

      following are considered improper use of University owned computing equipment,

      networks, services, and resources:

      -     Using information technology resources for purposes other than research or

            instructional purposes.  Computing resources may not be used for commercial

            purposes or personal gain.  Use of computer services for any commercial

            purpose, partisan political purpose or for any unlawful purpose is prohibited.

      -     Intentionally or recklessly abusing or misusing computing resources so as to

            cause damage, system interruptions, or harassment to other persons.

      -     Repeatedly or purposefully engaging in activities which can be reasonably

            expected to, or do, unreasonably tax computing resources or go beyond their

            intended or acceptable use.

      -     Borrowing, lending, falsifying or misusing a computer account computing

            resource, or allowing, or facilitating the unauthorized access to use of University

            computing resources by a third party.

      -     Obtaining user IDs and/or password(s) of other persons in order to use University

            or University-related computing resources, or impersonating another person on a

            computing resource.

      -     Using electronic media to harass or threaten other persons, or to display, design,

            copy, store, draw, print, or publish obscene language or graphics.

      -     Submitting or causing to be submitted to the University false, misleading, harassing

            or deceptive help requests or complaints.

      -     Using University computing resources to gain or attempt to gain unauthorized

            access to computing resources either inside or outside of the University.

      -     Intercepting or attempting to intercept or otherwise monitor any communications

            not explicitly intended for him or her without authorization.

      -     Copying, reading, accessing, using, misappropriating, altering, publishing or

             destroying computer files, output data, documents or other files of another

             individual or attempts to do so, without the permission of that individual, project

             leader, or authorized administrator.

      -     Making, distributing and/or using unauthorized duplicates of copyrighted material,

            including software applications, proprietary data, and information technology

            resources.  This includes sharing of entertainment (e.g., music, movies, video

            games) files in violation of copyright law.

      -     Violating the terms and conditions of software license agreements for software

            distributed by the University of Pittsburgh by giving, lending, selling, or leasing

            such media or software to others for their own use.

      -     Interfering with the operation of the University’s information technology resources

            by deliberately attempting to degrade or disrupt resource performance, security,

            or administrative operation including, but not limited to, intentionally introducing

            any computer virus or similar disruptive force into any computing resource.

      -     Using a computer, computer system, computer network, or any other University

            property for the creation, design, manufacture, preparation, display, or distribution

            of any written or graphic obscene material is prohibited.

      -     Willfully, fraudulently and without authorization gaining or attempting to gain access

            to any computer, computer system, computer network, or to any software,

            program, documentation, data or property contained in any computer, computer

            system or computer network is prohibited, including obtaining the password(s) of

            other persons in order to use University or University-related information

            technology resources without proper authorization or impersonating another

            person or an information technology resource.  This includes, borrowing, lending,

            falsifying, or misusing a computer account or allows, or facilitates the

            unauthorized access to use of University information technology resources by a

            third party.

      Reporting Violations of Computer Use Policy

      Violations of this policy should be reported immediately to the department with

      responsibilities for compliance with this policy, including Human Resources, the Office

      of General Counsel, and CSSD. Violations can also be reported by sending e-mail to

      abuse@pitt.edu.  The University will strive to maintain confidentiality to the extent

      possible consistent with other obligations.

      Disciplinary Action

      Violations of this policy will result in the appropriate disciplinary action, which may

      include loss of computing privileges, suspension, termination, or expulsion from the

      University, and legal action.

      Violations of any federal, state, or local law concerning the unauthorized access or

      use of University computers and computing services will result in the appropriate

      disciplinary action up to, and including termination from the University.

III.  REFERENCES

      Policy 10-02-04, Computer Data Administration

      Policy 10-02-06, University Administrative Computer Data (UACD) Security and

      Privacy

      Policy 10-02-11, Computer Account Administration

      Policy 10-02-12, Direct Charging for Computing and Information Systems Services