As technology evolves, so do the policies and practices that govern its use by students, staff, and faculty.

Whether you use a university-owned computer all day or just check your campus email now and then, you’re responsible for knowing some key dos and don’ts. Read on for a primer on key IT policies, standards, and guidelines.

What’s a policy versus a guideline?

The university’s IT Security website lays out policies, standards, and guidelines:

• Policies establish roles and responsibilities for campus IT users. They define what you should and shouldn’t do.

• Standards describe technical requirements for conforming with policies. They provide direction for IT professionals, especially.

• Guidelines address best practices for areas not yet covered by policies or standards. They can offer useful day-to-day direction.

What do I really need to know?

The acceptable use policy establishes basic responsibilities for everyone who uses university-managed systems, hardware, networks, and other tools:

• Use university resources primarily for work, minimizing personal use. Personal use becomes problematic when it interferes with your work, stresses systems, or increases operating costs.

• Avoid prohibited personal uses, including non-work commercial or political activity.

• Avoid any use that interferes with proper functions of IT resources.

• Respect the rights of others, including their right to keep their files private.

• Only access restricted or critical data when you have permission and a need to know.

• Respect intellectual property. Don’t use others’ work without permission, acknowledgment, etc.

• Follow all software license requirements. For example, don’t load software you haven’t purchased or licensed. Make sure all software is approved before purchasing it and installing it on university-owned computers.

• Use the university’s name only as authorized. Don’t create the impression you speak for the university.

• Follow all other university policies and external laws (see the full policy for details).

What about security and privacy?

Three key policies address security, data management, and privacy:

• The security policy defines responsibilities for accessing, sharing, and managing information. It stipulates that only authorized users with a need to know should access any data that isn’t public and that ITS must review any new technology prior to use

• The institutional data policy classifies info managed by the university and governs data access, backup, and disposal. Different data require different degrees of protection, and everyone needs to understand the rules for data they use.

• The privacy policy further addresses how info about individuals is collected, stored, processed, and used. Data from or about specific individuals requires special care.

Where can I turn for additional guidance?

The IT Security site’s guidelines section offers tips to address questions like these:

• What do I need to know if I’m working off campus? (See IT-Guideline-05: Remote Work)

• Can I email this? Save it to a flash drive? (IT-Guideline-12: Data Handling Guidelines)

• I want to use a new program or web service—what’s the approval process? (IT-Guideline-13: Security Review FAQs)

• Can or should I use artificial intelligence tools? (IT-Guideline-18: Guidelines for the Secure and Ethical Use of Artificial Intelligence)

Is the university watching what I do online?

Generally, no—the university doesn’t routinely monitor individual activity. That said, your use of campus IT sources isn’t completely private.

It’s essential to understand your IT responsibilities, follow proven practices, and ask questions when you’re not sure how to proceed. Your local IT support and the ITS Help Desk can assist.