Logo for Stony Brook University

P109: Responsible Use of Information Technology Resources

Issued by: Office of the Senior Vice President for Information Technology

Replaces: Policy P109, dated May 17, 2012

Effective: September 2019

Scope

This policy applies to all members of the Stony Brook University community and users of its information technology (IT) resources and services.

This policy refers to the use of all IT services and facilities owned, or contracted for by all operating units and affiliates of Stony Brook University, Stony Brook University Medicine, and the Long Island State Veterans Home. It applies to all university owned or contracted data, digital services, networks, and every device that connects to or accesses University IT services and systems.

Policy Statement

Stony Brook University provides IT resources to support its teaching, learning, research, patient care, and service mission. Users may use IT resources only for reasonable and appropriate purposes permitted by the University in the manner and extent permitted. These purposes are to help students, faculty, and staff succeed in activities consistent with the University's mission and priorities.

Policy

In order to ensure that IT resources benefit all members of the campus community, no user activity shall adversely affect the stability, availability, or security of those resources. Individuals using the University's IT resources are responsible for their use and any activity carried out through their computer accounts, and must be transparent regarding their personal and device identities. Except for any privilege or confidentiality recognized by law, individuals have no legitimate expectation of privacy during any use of the University's IT resources or in any data contained in those resources. The University will comply with, and respond to, all validly issued legal processes, including subpoenas.

Incidental personal use by authorized users is permitted as long as the use:

  • complies with the requirements of this policy and all University policies;
  • does not incur more than minimal costs to the University;
  • does not interfere with official business or an employee's job responsibilities/work; &
  • is consistent with applicable law.

The use of University IT resources for private commercial purposes, or for personal financial or other gain is prohibited.

The University reserves the right to examine, without user consent, material stored on or transmitted through its IT systems if there is reason to believe that the standards for responsible use in this policy are being violated or if required to carry out its operations. Circumstances under which the University may exercise its rights include but are not limited to:

  • installing software on devices which access, transmit, or connect to University systems and data;
  • when necessary to identify or diagnose systems or security vulnerabilities and problems, detect threats, evaluate risk, or otherwise preserve the integrity of the IT systems;
  • when such access to IT systems is required to carry out necessary business functions of the University;
  • when required to preserve public health and safety;
  • when required by local, state, or federal law or regulations, or by law enforcement;
  • when there are reasonable grounds to believe that a violation of law or a breach of University policy may have taken place and access and inspection or monitoring may produce evidence related to the misconduct;
  • when required by legal action; &
  • when a community member does not complete applicable training.

Standards

For prevailing standards as they relate to Responsible Use of Information Technology resources, please see "User Standards in Support of: P109 Responsible Use of Information Technology Resources Policy." These standards are incorporated into this policy by reference and are available at: https://it.stonybrook.edu/policies/p109/user-standards.

Compliance

The senior-most IT officer or delegate for an area has the authority to impose limitations or restrictions on the use of its IT resources for the good of the University community and to protect the integrity of IT resources and the rights of authorized individuals using IT resources.

The University may remove content or disable web sites determined to violate this policy. It may disable accounts, IDs, and block devices from accessing the network.

The University's general policies and Student Code of Responsibility apply to the IT environment just as they apply in all other University contexts. This Responsible Use of Information Technology policy supplements existing policies and standards by describing expectations and responsibilities associated with IT resources in order to ensure that IT resources remain available for use by members of the University community. Alleged violations of this Policy will be pursued in accordance with the appropriate disciplinary procedures for students, faculty, and staff. In addition to University discipline, policy violators may be subject to criminal prosecution, civil liability, or both for unlawful use of any IT system.

Reporting

Persons who become aware of credible suspected violations of this policy should report them to: https://www.stonybrook.edu/commcms/audit/fraud.html. Reported allegations may be investigated and, if appropriate, the matter will be referred to University disciplinary and/or law enforcement authorities.

Definitions

Information Technology (IT) Resources: IT resources are the set of physical and virtual components of any University computing system, devices, and supporting infrastructure used to support and provide IT based services, whether locally or remotely hosted. These include, but are not limited to: computers; software; academic technology services; computer laboratories; administrative, clinical, and research support systems; data network; online collaboration tools; web sites; online databases; computer accounts; audio/visual services; telephone systems; cellular devices, and printers.

Users: All who access or use the University's information technology (IT) resources including, but not limited to: students, faculty, staff, alumni, visiting scholars, contractors, consultants, other affiliates, and campus visitors.

Inquiries

For information related to this policy, one of the following offices may be contacted:

Office of the Senior Vice President for Information Technology & Enterprise Chief Information Officer
Room 231, Educational Communications Center
(631) 632-9085

Stony Brook Medicine Information Technology Department
Office of the Stony Brook Medicine Chief Information Officer
L4-215 Health Sciences Center
(631) 444-2249

For Students:
Office of University Community Standards
Room 347, Administration Building
(631) 632-6705
communitystandards@stonybrook.edu

Related Standards, Codes, Rules, Regulations, Statutes, Policies, and Resources


Created by Application Support for Administration
University Policy Manual @ Stony Brook University