Old Dominion University
University Policy
3500 Policy on the Use of Information Technology Resources
| Responsible Oversight Executive: | Vice President for Administration and Finance |
| Date of Current Revision or Creation: | May 10, 2022 |
-
Purpose
The purpose of this policy is to outline the responsibilities in the use of information technology (IT) resources at Old Dominion University.
-
Authority
Code of Virginia Section 23.1-1301, as amended, grants authority to the Board of Visitors to make rules and policies concerning the institution. Section 7.01(a)(6) of the Board of Visitors Bylaws grants authority to the President to implement the policies and procedures of the Board relating to University operations.
Restructured Higher Education Financial and Administrative Operations Act, Code of Virginia Section 23.1-1000 et seq., as amended
-
Definitions
Data - An information asset that represents, but is not limited to, individual data elements, lists, addresses, documents, images, measurement samples, programs, program source code, voice recordings, aggregations of data, or other information in a digital format. Data in a tangible object, typically paper, is excluded from this policy, but is subject to other University policies, including, but not limited to, policies on records management and confidentiality.
Information Security Officer (ISO) - The Old Dominion University employee, appointed by the President or designee, who is responsible for developing and managing Old Dominion University's information technology (IT) security program.
Information Technology Resources - Computers, telecommunication equipment, networks, data, automated data processing, databases, the Internet, printing, management information systems, and related information, equipment, goods, and services.
Use - Use, in the context of this policy, is not limited to actions by end users. Use is defined as any activity in the design, development, construction, implementation, transmission, storage, protection, retrieval, support or management of information technology.
-
Scope
This policy applies to all users of Old Dominion University information technology resources and governs the use of all information technology resources whether owned by or operated for University business through contractual arrangements, including, but not limited to, all employees, students, volunteers, and visitors to the institution. Employees include all staff, administrators, faculty, full- or part-time, and classified or non-classified persons who are paid by the University. Students include all persons admitted to the University who have not completed a program of study for which they were enrolled; student status continues whether or not the University's programs are in session. Visitors include vendors and their employees, parents of students, volunteers, guests, uninvited guests, and all other persons located on property, owned, leased, or otherwise controlled by the University.
-
Policy Statement
As owner of information technology resources, Old Dominion University acknowledges its responsibility to:
- ensure the appropriate and lawful use of these resources,
- safeguard the integrity of computers, networks, and data,
- ensure that use of electronic communications complies with University policy, and
- protect the University against damaging legal consequences.
Old Dominion University employees, students, and other users are afforded the privilege of using information technology resources. Privileges are granted to support the University's mission of instruction, research, and service; for conducting the business and administrative functions of the University; and to support student life.
All users of IT systems are responsible for reading and complying with University information technology requirements, reporting breaches of IT security, actual or suspected, to University management and/or the Information Security Officer, taking reasonable and prudent steps to protect the security of IT systems and data to which they have access, and complying with any Federal, State, or local statutes and University policies and standards as might apply to these resources.
Old Dominion University reserves the right to revoke any user's access privileges at any time for violations of policy, standards and/or conduct that disrupts the normal operation of information technology resources.
-
Procedures
The specific standards to be utilized for compliance with this policy are published on the Information Technology Services Computing Policies and Standards website.
-
Retention
Applicable records must be retained and then destroyed in accordance with the Commonwealth's Records Retention Schedules.
-
Responsible Officer
Chief Information Officer
-
Related Information
University Policy 3003 - Detection, Investigation and Reporting of Fraud, Waste and AbuseInformation Technology Standard 02.6.0 - Remote Access and Virtual Private Network Standard
Information Technology Standard 02.9.0 - Mobile Device Management Standard
Information Technology Standard 04.1.0 - MIDAS Identity Management Standard
Information Technology Standard 04.2.0 - Account Management Standard
Information Technology Standard 05.4.0 - Virus & Malicious Code Protection Standard
Information Technology Standard 09.1.0 - Acceptable Use Standard
Information Technology Standard 10.1.0 - Disciplinary Action Standard
Policy History
Policy Formulation Committee (PFC) & Responsible Officer Approval to Proceed:
Responsible Officer
Date
Policy Review Committee (PRC) Approval to Proceed:
Chair, Policy Review Committee (PRC)
Date
Executive Policy Review Committee (EPRC) Approval to Proceed:
Responsible Oversight Executive
Date
University Counsel Approval to Proceed:
University Counsel
Date
Presidential Approval:
President
Date
Previous Revisions
October 1, 2007; February 21, 2011; March 15, 2017; May 10, 2022
Scheduled Review Date
May 10, 2027
