Main Menu

IT Services Acceptable Use Policy

Royal Roads University Policy

First implemented: 
October 1, 2014
Amended: 
October 1, 2014

Purpose and Jurisdiction

The purpose of this policy is to define the acceptable use of Information Technology (IT) Resources in support of the mission of Royal Roads University. It builds on the principles of accountability, transparency, privacy, and fairness, to support a functional environment for work and study in which these resources are protected. This policy applies to anyone who uses or accesses any IT Resource belonging to, under the control or in the custody of, Royal Roads University.

Acceptable Use Policy (AUP)

Royal Roads University authorizes the University community to use its Information Technology Resources to fulfill and advance the University’s teaching, learning, research, service, administrative, and community development missions.

In addition, the University permits limited personal use of these resources, provided this use does not violate any law, statute, or University policy. Users who require a private means of computing and sending electronic communications should utilize a personal device unconnected to the University’s internal IT network.

The University respects the privacy of all users of its IT Resources, and uses reasonable efforts to maintain confidentiality of Personal Information. Circumstances may arise in which such privacy cannot be maintained. Such circumstances include, but are not limited to:

  1. Access to Personal Information may be granted to an Authorized User, System Administrator or agent to meet legitimate University business needs and operational requirements, or in the event that an Authorized User is unavailable, or has his or her access revoked.
  2. The University may audit, access or restore any IT resource within its environment when it has reasonable grounds to suspect a breach of acceptable use or a possible violation of any law or University policy.

Such access will be subject to the authorisation of the appropriate Vice-President (or designate) in consultation with the Provost.

Authorized Users must exercise good judgment in determining what is acceptable use of IT Resources with due regard to this policy, other University policies and Community Standards. Some activities may be appropriate in a specific context (e.g. for authorized academic and research purposes), while some are not appropriate in any context.

Authorised Users have an obligation to take all reasonable steps (e.g. password protection and strengthening) to protect the confidentiality, integrity, and availability of IT Resources and report encountered vulnerabilities to the computer services help desk. Failure to do so may constitute a breach of this policy.

Examples of a Breach of Acceptable Use

Unless explicitly authorised, a breach of acceptable use includes, but is not limited to:

  1. Allowing others to access your assigned personal Account
  2. Failure to exercise reasonable care in safeguarding Accounts and information
  3. Accessing someone else’s personal Account
  4. Seeking information on passwords or information belonging to others
  5. Breaking or attempting to circumvent licensing or copyright provisions
  6. Copying, deleting, intercepting, or examining someone else’s files, programs, or information
  7. Attempting to collect, use, or disclose, the Personal Information of others
  8. Using IT resources to harass or bully others
  9. Attempting to circumvent information security provisions or exploit vulnerabilities
  10. Using IT Resources (e.g. University computing account or workstation) for unauthorized commercial purposes
  11. Any interference with the ability of others to use IT Resources whether it is disruptive or not
  12. Falsifying or misrepresenting your identity
  13. Viewing or using pornographic or offensive material in a work, study, or public location
  14. Distributing or disseminating pornographic or offensive material in any location

Outcomes

If the integrity or security of an IT Resource is compromised or at risk the IT-Services Director or designate may direct the locking or quarantining of an Account or resource at his or her sole discretion. Upon reasonable belief by the IT-Services Director that a violation of this policy (AUP) may have occurred, the IT-Services Director or designate will conduct an investigation.

If access to any Personal Information is required, authorisation will be requested of the appropriate Vice-President (or designate) in consultation with the Provost.

If insufficient evidence of a violation of the AUP is found, the investigation will be closed and involved parties notified where appropriate.

The IT-Services Director will issue a written decision regarding the alleged policy violation within a reasonable timeframe, normally 30 days. Actions noted below may be initiated upon determination of a violation of this policy.

If a violation is determined to have occurred, the following actions may be initiated by the IT-Services Director:

Class or severityPossible outcomes
Minor violation of the AUPWarning
Serious or repeated violation of the AUPEscalation to appropriate authority or disciplinary process and/or restrictions on access or use
Possible violation of another University policy or regulationForward for investigation by applicable process under the applicable policy or regulation
Possible violation of federal, provincial, or municipal law or statuteForward for investigation to law enforcement

Related University Policies

This Acceptable Use Policy prohibits any use of IT Resources which potentially violates any other Royal Roads University policy, code or agreement, constitutes academic or non-academic misconduct, or which violates federal, provincial, or municipal laws or regulations.

In addition to outcomes under the AUP, such violations may be prosecuted under those laws and policies. Any information resulting from an investigation under the AUP may be shared for the purposes of such prosecutions.