保单号码: 8.1

政策部分: 信息技术

修订日期: 2019年12月16日

1.  定义

定义 of capitalized terms are set forth in Appendix A.

2.  政策声明

大学的资讯科技资源是大学教学和研究任务的重要组成部分，为学术和行政单位提供支持. 为了有效地提供这些服务，大学维持这个可接受的使用政策，以指导其使用资源. Resources are the property of the University and are to be used for only University purposes. This policy governs the appropriate use of Resources. These rules are intended to provide access in an open manner, and not impede the greatest use of SMU Resources, consistent with the federal, 状态, and local law and with the general principles that govern an academic community.

3.  目的

The purpose of this policy is to assure an information infrastructure that supports the University’s teaching, 研究 and 服务 mission. 与使用大学资源的特权一起来的是本政策中概述的具体责任.

4.  适用性

This policy applies to all Users and to all Resources, whether managed by the Office of 信息技术 ("OIT") or by another person or entity. 该政策为大学的资源使用提供了最低标准，并不限制个别校园行政或学术单位制定和执行政策. Policies existing elsewhere on campus must comply with this policy.

5.  问题

The Chief Information Officer (“首席信息官”) or designee shall be responsible for interpretation of this policy, resolution of problems and conflicts with departmental policies, 特殊情况下. The CIO may grant exceptions to this policy and/or standards after a formal review as provided below.

6.  可接受的使用

1. Each User may only use the 电脑, 电脑账户, and computer files for which that User has been given specific authorization.
2. Users may not communicate any information concerning any personal identification number, 帐户凭据, 社会保险号, 信用卡号, 财务账号, or other confidential information without the permission of its owner or the controlling authority of the Resource.
3. The University is bound by its contractual and license agreements respecting certain third party resources; Users must comply with all such agreements when using such resources.
4. Transmission of broadcast email is governed by this policy. Users may not 传输 unsolicited content, 包括 advertising third party materials or 服务s. Users must not 传输 content that is intimidating in nature or that is intended to harass recipients, 包括 content that contains obscene, 有伤风化的, lewd or lascivious materials.
5. Users must abide by OIT policies and 程序 and by all federal, 状态, 以及当地法律, 包括 copyright and other intellectual property laws, and must not conduct any activity that would jeopardize the University’s tax exempt status, or that would constitute use for political purposes, for commercial purposes (unless otherwise authorized in writing by the President or a Vice President, after consultation with the Controller), for criminal purposes or for personal economic gain.
6. Users must protect passwords and secure Resources against unauthorized use or access. 用户必须与OIT合作，以合理的方式配置硬件和软件，以防止未经授权的用户访问大学的资源.
7. Users may not use another individual's account, attempt to capture or guess other Users' passwords, 未经数据所有者或其他适当的大学员工授权，不得对软件进行逆向工程或销毁数据. Users must not use tools that are normally used to assess security or to attack computer systems or networks (e.g., password 'crackers,' vulnerability scanners, network sniffers, etc.) unless specifically authorized to do so by the Chief Security Officer (“方案”).
8. The University does not assess additional charges for identity verification. 大学使用的身份凭证包括分配的八位识别号码(SMUID)和每个学生的唯一密码. The cost of setting up and administering the SMUID/Password system is recovered through general tuition and fees. 对于参加远程教育课程使用SMUID/密码系统的学生，学校不收取额外费用.

7.  Acquisition and Deployment of Equipment and Software

Any purchase of a Resource, whether stand-alone or interconnected with other Resources on campus, must take into account standards developed by OIT. OIT will make the standards available to the SMU community. OIT实施和维护大学网站软件许可证，以确保大学用户获得优惠的价格和支持条款.

8.  业务连续性

1. 负责关键信息技术服务的部门必须保持业务连续性计划，其中包括计算机设施, 设备, 人员配备, 及资源需求. Resources are subject to backup 程序 and methods to ensure continuity of operations.
2. 所有备份介质(e.g. removable backup tapes) stored outside University data centers must be encrypted, both at rest and in motion, 减少被未经授权的各方拦截的风险，并且必须存储在距离主要数据位置足够远的地方，以确保区域灾难不会同时中断对主要数据和备份数据的访问. When backup media is retired, it must be destroyed according to OIT’s security standards.

9.  电子邮件

电子邮件s sent or received by Users in the course of conducting University business are University Data. Users must use University-provided email accounts for conducting University business, rather than personal email accounts. 电子邮件s containing confidential information must be encrypted with tools and processes approved by the CSO.

10. 客人访问

Access to the campus network by a guest shall be coordinated through a University sponsor. The sponsor will take responsibility for the actions of the guest while they are using Resources. Staff or faculty at 服务 desks (library reference desk, 电脑服务台, (或活动支持人员)一般不应赞助客人，除非他们邀请客人到校园或由合格的赞助商要求赞助客人.

11. 移动设备

任何使用新大网络访问或使用移动设备处理大学数据的人都有责任随时采取适当措施保护该信息. 所有大学员工将确保他们采取一切合理的预防措施，防止意外或故意的数据泄露，实施pin访问移动设备.

12. Remote Access and Virtual Private Network (VPN)

远程工作的大学员工必须确保用于访问资源的计算机符合所有OIT安全标准. 当用户从不安全的网络中访问资源或访问包含机密信息的资源时，必须使用VPN.

13. Cloud or Hosted Computing

大学院系和学院只能使用经it批准的云服务来存储和/或处理大学数据.

14. 第三方访问

The CSO must assess and approve all third-party vendors that host or access University Data. Contracts with third parties will include provisions relating to information security as required by the CSO. 第三方应保护资源和大学数据，其安全性至少等于本政策中所述的安全性, 大学政策8.2, Information Security, or otherwise required by the CSO.

15. 无线接入    

All wireless access points within the University must be approved and centrally managed by OIT. Non-sanctioned installations of wireless 设备 or use of unauthorized 设备 on campus premises is prohibited. 大学管理的所有无线网络都需要通过大学ID进行认证，或者为客人提供注册的方法.

16. Broadcast 电子邮件 Messages on 校园

1. 大学的政策是规范通过电子邮件向校园广播的信息，以确保这些信息对整个社区具有总体重要性. Any community member or campus group wishing to send broadcast mail messages should review the requirements listed below.
2. There are two options for delivering broadcast messages:
   1. One is through the four main bulk distribution lists which include all undergraduate 学生, 所有研究生, all faculty and all staff. 通过这些主要批量列表分发的信息将由负责发展和对外事务的副校长或其指定人员在分发之前进行审查，并应包含整个校园都必须知道的内容.
   2. The second is through departmental lists created from the four main distributions lists. All 学生, faculty or staff may opt out of these departmental lists on an annual basis. 所有希望向校园发送广播电子邮件的办公室都可以通过这些专门为其需求创建的列表来实现. Messages distributed through these departmental lists are done so at the discretion of the department.

17. 隐私

教育记录, Protected Health Information, Personally Identifiable Information, 财务信息, and University Data must be protected as provided in 大学政策 1.11, 隐私 of Health Information (HIPAA), 1.10、隐私 Education Records (FERPA), 8.2, Information Security, and 4.4、资金的收集. Student information must be protected whether the student is physically present on campus, enrolled in a distance education or correspondence course, or is a continuing education student.

18. 异常

University 员工 who are unable to comply with this policy must request an exception. 异常 to this policy must be approved by the CIO based on academic or business need. 任何希望在大学批准的解决方案之外购买服务的人都必须提交与服务提供商拟议合同的副本, 包括, 但不限于 the applicable privacy policy, 提交Give大学的高级合同管理员，由OIT和其他适当的大学部门在购买前进行审查. A security review of the 服务 must be conducted and meet or exceed industry standards for the use requested. The CIO will review exceptions annually for continued application and notify the exception holder of any concerns.

19. Consequences of Misuse of Resources

1. 怀疑或实际违反政策的直接后果是防止或阻止进一步滥用，可能包括帐户锁定, 网络访问丢失, 配额限制. Suspected violations must be reported to the OIT Help Desk at 214-768-4357 or by email at help@dp120.com.
2. In addition, 员工 found to be in violation of this policy or University Policy 8.2, Information Security, may be subject to discipline in accordance with 大学政策 2.1, Standards of Professional Ethics for Faculty and Academic Freedom, 2.17, Procedural Standards for Faculty Sanctions and Dismissals, 7.23、个人行为，7.24, Corrective Action for Staff, and 7.28, 不诚实的, Fraudulent and Illegal Practices, 是适用的, up to and 包括 termination of employment with the University.
3. 第三方, 包括 vendors and 客人, in violation of 大学政策 may be subject to reduced 服务 or denied 服务, or otherwise restricted in their ability to conduct business with the University.
4. 被发现违反此政策的学生可能会根据新大学生行为准则受到纪律处分.
5. 有些案件可能需要执法机构进行调查，并使个人承担民事和刑事责任.

附录A:定义

“首席信息官” refers to the Chief Information Officer of the University.

“方案” refers to the Chief Security Officer of the University.

“计算机设施” 指实验室, 计算中心, 公众通道, and other repositories of University-provided information technology 设备.

“移动设备” refers to cellular telephones, 智能手机, 数据卡, 热点设备, 平板电脑, accessories and other tele通信 设备 requiring access to a tele通信 服务 provider network.

“资源” refers to the University’s computing, 通信, and other information technology systems and includes all hardware, software (包括 data and documentation), 局域网, 网络系统, 以及存储在此类信息技术系统和任何其他可存储的电子设备或服务上的Apply程序和数据, 传输, 或者接收信息. 资源包括, 但不限于, 服务器, 电脑, 个人电脑, 工作站, 笔记本电脑, 大型机, 微型计算机, 移动设备, 座机电话, 无线设备, 媒体播放器, 存储介质, 计算机网络, connections to network 服务s such as the Internet and web pages, subscriptions to external computer 服务s, 网络设备, and any associated peripherals and software, regardless of whether used for educational, 研究, 服务, administrative or other purposes.

“存储媒体” refers to any device that has the ability to store data, 包括 但不限于 optical discs, 闪存, 磁带驱动器, and internal or external hard drives.

“大学数据” refers to critical data necessary to the University’s operation and other information created by or for the University, or by or for 大学受托人, 军官, 员工, 学生, Alumni, 申请人, 志愿者, 捐助者, 客人, 客户 or contractors engaged in University-sponsored activities.

“用户” refers to any person who installs, 发展, 维护, 管理, 或使用资源, 是否适合教育, 研究, 服务, administrative or other University purposes, 包括, 但不限于, 大学受托人, 军官, 员工, 学生, Alumni, 申请人, 志愿者, 捐助者, 客人, 客户, contractors engaged in University-sponsored activities, and information technology system administrators.

修改后: 2019年12月16日

采用: 2015年3月6日