|
Last published: 7/31/2025 |
Operating Policy and Procedure
HSC OP: 56.01, Acceptable Use of Information Technology Resources
The purpose of this Operating Policy (OP) is to define the acceptable use of all Texas Tech Health Sciences Center (外网天堂) computers, information and information systems. This policy outlines general compliance instructions and communicates acceptable and non-acceptable activities for which institutional information and information systems can be utilized.
REVIEW: This OP will be reviewed annually in July by the Vice President of Information Technology and Chief Information Officer (CIO), the Assistant Vice President of Information Security and Information Security Officer (ISO), and the Assistant Vice President of Technology Services.
POLICY
1. Information and Information Systems Acceptable Use Responsibility
外网天堂's information and information systems are owned by the State of Texas and administered by the IT (Information Technology) Division. 外网天堂 will provide access to appropriate resources to all members of the 外网天堂 community. Employee, student, and third-party users are responsible for managing their use of information and information systems and are also held accountable for their actions relating to IT security.
By logging into 外网天堂 systems, users acknowledge and agree to comply with all applicable 外网天堂 IT policies.
a. Approved Access
Some 外网天堂 positions and related activities require access to resources critical to computer security and privacy. 外网天堂 may require these users to participate in special training or complete required forms.
b. Authorized Access and Security Programs Authority
Users may use only the information and information systems to which they have been given authorized access. Users must not attempt to access any data or programs their supervisor has not given authorization or explicit consent to access.
2. System Usage
a. Reasonable Personal Use of Computer and Communications Systems
外网天堂 information and information systems are provided for the express purpose of conducting the business of 外网天堂. However, as a convenience to the 外网天堂 user community, incidental use of information and information systems is permitted. All personal use must be consistent with all 外网天堂 policies.
b. Prohibited Use of Computer and Communications Systems
Users may not access websites or use applications that appear on the State of Texas list as outlined in HSC OP 56.06 Prohibited Technologies. Additional sites may be blocked from access depending on potential risk to 外网天堂 systems. In addition, prohibitions on use are defined as follows.
(1) Incidental personal use must not result in direct or indirect costs to any 外网天堂 institution.
(2) Incidental personal use must not interfere with the normal performance of an employee's job duties.
(3) No files or documents may be sent or received that may cause legal action against any institution in the Texas Tech University (TTU) System.
(4) Incidental use of information and information systems is restricted to approved users and does not extend to family members or acquaintances.
(5) Users are prohibited from using the 外网天堂 systems or networks for personal or commercial gain. This includes:
i. Selling access to your user ID or to 外网天堂 systems or networks.
ii. Performing work for profit with 外网天堂 resources in a manner not authorized by 外网天堂.
iii. Marketing and advertising not authorized by the 外网天堂 Communication and Marketing Director.
iv. Storage of personal email messages, voice messages, files, and documents within any institutional information and information systems must be nominal.
v. All messages, files and documents-including personal messages, files and documents- located on institutional information systems are owned by the institution, may be subject to open records requests, and may be accessed in accordance with this policy.
c. Unreasonable Interference
Users must not unreasonably interfere with the fair use of information and information systems. This includes, but is not limited to:
(1) Playing games.
(2) Listening to, viewing, or streaming audio/video.
a. To ensure business critical processes are not affected by resource demands, users must not subscribe to or continuously display streaming media services except for occasional, short term or educational usage.
b. Unauthorized persistent streaming usage will result in termination of access.
(3) Intentionally misconfiguring or tampering with videoconferencing equipment.
(4) Interfering with the scheduled use of a distance learning classroom by failing to promptly vacate the room at the end of a session.
(5) Intentionally running a program that attempts to violate the operational integrity of the 外网天堂 network.
(6) 外网天堂 systems are not to be used for circulating messages in violation of 外网天堂 OP鈥檚 or System Regulations. See 外网天堂 OP 51.02 Non-Discrimination and Anti-Harassment Policy and Complaint Procedure and Texas Tech System Regulation 07.06, which includes two distinct policies and procedures based on applicable federal and state law: 07.06 A Title IX Sexual Misconduct and 07.06 B Non-Title IX Sexual Misconduct. In addition, 外网天堂 systems must not be used for partisan political purposes (e.g., using email to circulate advertising for political candidates or lobbying for public officials).
d. Use at Your Own Risk
Users access the internet through 外网天堂 facilities at their own risk. 外网天堂 is not responsible for material viewed, downloaded, or received by users through the internet as websites or email systems have the potential to deliver offensive content.
e. Activity Monitoring, User Privacy, and Investigations
Users must be aware that while using 外网天堂 systems their internet activity is monitored and recorded. This information may include, but is not limited to:
(1) Websites visited.
(2) Files downloaded.
(3) Time spent on the internet.
(4) Users of state property have no expectation of privacy for information created on or contained therein. 外网天堂 is required to disclose the contents of electronic files when required for legal inquiries, audits, or legitimate federal, state, local, or institutional purposes. All messages, files, and documents (including those of a personal nature) located on institutional information and information systems are owned by the institution, may be subject to open records requests, and may be accessed in accordance with this policy.
(5) All authorized users shall cooperate with official state and federal law enforcement authorities in aiding the investigation and prosecution of any suspected infraction of security and privacy statutes or policies involving either 外网天堂 personnel or 外网天堂 computing facilities.
f. Unattended Active Sessions
Users must not leave their personal computer, workstation, or terminal unattended without logging out or utilizing a password-protected screen saver. If sensitive information resides on a computer, the screen must immediately be locked, or the machine turned off, whenever a user leaves the location where the computer is in use.
g. Session Timeout
A 15-minute timeframe has been established for users to obscure the contents of their computer screens when inactive.
3. User IDs and Passwords
Passwords are considered confidential information and must not be shared with anyone including IT personnel or administrative assistants.
a. Personal User ID Responsibility
Users are responsible for all activity performed with their personal user IDs. Users must not permit anyone to perform any activity with their user IDs, and they must not perform any activity with IDs belonging to other users.
b. Access Code Sharing
外网天堂 accounts, user IDs, passwords, voice mailbox personal identification numbers, and any other identifiers/access codes must not be used by anyone other than the person to whom they were originally issued.
c. Sharing Passwords
Regardless of the circumstances, individual passwords must never be shared or revealed to anyone else besides the authorized user. IT staff will never ask users to share or reveal their passwords.
d. Suspected Password Disclosure
If a user suspects their eRaider account has been compromised, or, their password is disclosed to an unauthorized third party, they must immediately change their password and then contact the IT Solution Center (ITSC) for assistance to mitigate any impact that may occur.
e. Password Security
(1) Strong Passwords
Users must choose passwords that are difficult to guess. Criteria and guidelines for creating a strong password can be found in the 外网天堂 IT .
(2) Entering Passwords Safely
Users must never type their passwords at a keyboard or a telephone keypad if they are aware of someone watching their actions which may expose the information and lead to unauthorized access.
(3) Password Proximity to Access Devices
Users must never write down or otherwise record a readable password and store it near the access device to which it pertains.
4. Essential and Least Privilege
外网天堂 configures information systems to provide only essential capabilities. To ensure only essential capabilities are provided, the principle of least privilege is applied for access to applications and systems.
Users with essential or elevated privileges have a greater responsibility to the Institution to ensure the secure operation of any 外网天堂 system. As a result, users with essential or elevated privileges are held to a higher standard for disciplinary action.
5. Electronic Communication
All use of 外网天堂 electronic communication should follow the relevant policies and procedures for usage as represented by HSC OP 56.04 Data Security and Privacy and ,
a. Identity Misrepresentation
Users must not misrepresent, obscure, suppress, or replace their own or another person's identity on any 外网天堂 electronic communications.
b. Handling Attachments
All email attachment files from third parties are automatically scanned with a 外网天堂-authorized virus detection system.
c. No Guarantee of Message Privacy
外网天堂 cannot guarantee that electronic communications will be private. Users must be aware that electronic communications can, depending on the technology, be forwarded, intercepted, printed, and stored by others. Users must be careful about the topics covered in 外网天堂 electronic communications, and should use discretion when transmitting messages.
d. Outbound Email Footer
Users should include, in outbound emails, a footer that refers to the possibility that the message may contain confidential information and that it is for the use of the named recipients only.
e. Responding to Messages
If users receive messages in violation of this policy, the must immediately forward them to the ITSC.
f. Messages in Violation of Other University Policies
外网天堂's policies, including but not limited to policies addressing harassment apply to the use of information and information systems. Please refer to 外网天堂 OP 51.02 Non-Discrimination and Anti-Harassment Policy and Complaint Procedure and Texas Tech System Regulation 07.06, which includes two distinct policies and procedures based on applicable federal and state law: 07.06 A Title IX Sexual Misconduct and 07.06 B Non-Title IX Sexual Misconduct.
6. Internet and Web Usage
a. Posting Sensitive Information
Users must not post unencrypted 外网天堂 material on any publicly accessible computer unless the posting of these materials has been approved by the Office of Communications and Marketing.
b. Disclosing Internal Information
Users must follow 外网天堂 OP 67.03 Use of Social Media when posting to any website, including blogs, newsgroups, chat groups, or social networking sites. Such information includes business prospects, unpublished research data, and internal information systems problems.
c. Compliance with Applicable Laws and University Policies
外网天堂 is not responsible for content that users may encounter while using the internet. Users are responsible for ensuring that their use of the internet and access to the web is consistent with applicable laws and university policies.
d. Blocking Sites and Content Types
The ability to connect with a specific website does not in itself imply that users of 外网天堂 systems are permitted to visit that site. 外网天堂 may, at its discretion, restrict or block the downloading of certain file types and access to malicious sites that are likely to cause network service degradation (e.g., graphics, video, and music files).
7. Data Storage
a. Establishing Third-Party Networks
Users must not establish any third-party information storage network that will handle 外网天堂 information (e.g., electronic bulletin boards, blogs, cloud storage) without the approval of the IT Division.
8. Internal Systems
a. Eradicating Computer Viruses
Any user who suspects their machine has been infected by a virus or malicious software must immediately contact the ITSC. Attempts must not be made to eradicate the virus without assistance from the IT Division.
b. Trusted Software Scanning
Users must not use any externally-provided software from a person or organization other than a 外网天堂-known and trusted supplier, unless the software has been scanned for malicious code and approved by the IT Division.
c. Material That Violates Law or University Policy
Users must comply with federal and state laws and university policies. Please refer to 外网天堂 OP 51.02 Non-Discrimination and Anti-Harassment Policy and Complaint Procedure and Texas Tech System Regulation 07.06, which includes two distinct policies and procedures based on applicable federal and state law: 07.06 A Title IX Sexual Misconduct and 07.06 B Non-Title IX Sexual Misconduct.
(1) Using sexually explicit material to intimidate, persecute, or harass is illegal and is sexual harassment. For detailed guidelines on sexual harassment, refer to 外网天堂 OP 51.02 Non-Discrimination and Anti-Harassment Policy and Complaint Procedure
(2) Do not open any emails you believe to contain obscene content or pornography. If obscene content or pornography is received through email, there will be no disciplinary proceedings if the mail is deleted immediately. If the offending email originates from a TTU or 外网天堂 email address, report it to the 外网天堂 Title IX Coordinator immediately by phone at (806) 743-9891, or, by email at TitleIXCoordinator@ttuhsc.edu.
d. Copyrighted and Authorized Software
(1) Use only legal versions of copyrighted software and materials (including music, movies, and other media) in compliance with vendor license requirements.
(2) Users shall not install any software provided by 外网天堂 to non 外网天堂 owned devices without prior authorization from the IT Division. Software is licensed is to your assigned work device(s) only. To do so without authorization constitutes theft.
(3) Users must not make unauthorized copies of copyrighted software.
(4) Users must not use unauthorized software listed in the A without the explicit approval of the CIO or the CIO's designee.
e. Computer Viruses
Users must not intentionally write, generate, compile, copy, collect, propagate, execute, or attempt to introduce any computer code designed to self-replicate, damage, or otherwise hinder the performance of any 外网天堂 computer or network.
f. External Storage Checking
All removeable storage media that users connect to 外网天堂 endpointsmust be encrypted as described in the .
9. Personal Equipment
Use of personal phones, laptops, desktops, and tablets are not allowed for the creation and storage of 外网天堂 information. Only email may be accessed from personal machines.
a. User Installation of Software
Users must not install software owned by 外网天堂 on their personal devices without receiving advance authorization to do so from the IT Division.
b. Unattended Active Sessions
If the computer system to which they are connected or using contains sensitive information, users must not leave their personal computer, workstation, or terminal unattended without logging out or invoking a password-protected screen saver.
10. Unauthorized Use
For a detailed discussion of unauthorized and prohibited hardware and software, please see the .
a. Non-authorized VPN
Non-authorized or privacy VPNs are not allowed to access 外网天堂 systems. Only 外网天堂-requested and approved VPN may be use to remotely access 外网天堂 networks.
b. Peer-to-Peer Programs
(1) Use of all peer-to-peer (P2P) programs (e.g., BitTorrent) on 外网天堂 computers or the 外网天堂 network for the purpose of downloading or uploading illegal copies of copyrighted media is strictly prohibited.
(2) Any computers using P2P applications on the 外网天堂 network are subject to removal from the network until the application is removed or disabled.
c. Authorized Access and Security Programs Authority
A user must not download, install, or run programs or utilities that reveal or exploit weaknesses in the security of a system unless the individual user has explicit written consent from the institution's ISO. Such programs include, but are not limited to:
(1) Password cracking programs
(2) Packet sniffers
(3) Port scanners
(4) Any operating systems designed for discovering and exploiting vulnerabilities, (e.g., Kali Linux)
(5) Any unapproved programs on 外网天堂 information systems.
d. Circumventing or Subverting 外网天堂 Systems
Users must not attempt to circumvent or subvert the system or the network, destroy the integrity of computer-based information, or access-controlled information on the 外网天堂 network.
e. Bring-Your-Own-Device (BYOD)/Guest Wireless Network
Non-外网天堂-owned computers connecting to the HSC-Air network will automatically be redirected to the BYOD/guest wireless network. Those networks cannot be used to complete 外网天堂 business-related activities. 外网天堂-owned devices are not permitted on the BYOD/Guest network and may be disconnected without notice by the ISO.
11. Violations
Any violation of this policy may result in disciplinary action, up to and including termination of employment. 外网天堂 reserves the right to notify the appropriate law enforcement authorities of any unlawful activity and to cooperate in any investigation of such activity.
a. Disciplinary Repercussions
Misuse of 外网天堂 Information or Information Systems is a violation of the policies contained herein and can result in disciplinary action in accordance with, but not limited to, TTUS Regulation Employee Conduct, Coaching, Corrective Action, and Termination and HSC OP 77.05 Suspension and Retention, as well as the Student Handbook.
12. Related Statutes, Policies, and Requirements
Digital Millennium Copyright Act
Health Insurance Portability and Accountability Act
Payment Card Industry (PCI) Data Security Standard (DSS)
Texas Administrative Code
Texas Public Information Act
Texas Security Control Standards Catalog
外网天堂 IT Areas of Responsibility