IT Services Acceptable Use
Royal Roads University Policy
Purpose and Jurisdiction
The purpose of this policy is to define the acceptable use of Information Technology (IT) Resources in support of the mission of Royal Roads University. It builds on the principles of accountability, transparency, privacy, and fairness, to support a functional environment for work and study in which these resources are protected. This policy applies to anyone who uses or accesses any IT Resource belonging to, under the control or in the custody of, Royal Roads University.
Acceptable Use Policy (AUP)
Royal Roads University authorizes the University community to use its Information Technology Resources to fulfill and advance the University’s teaching, learning, research, service, administrative, and community development missions.
In addition, the University permits limited personal use of these resources, provided this use does not violate any law, statute, or University policy. Users who require a private means of computing and sending electronic communications should utilize a personal device unconnected to the University’s internal IT network.
The University respects the privacy of all users of its IT Resources, and uses reasonable efforts to maintain confidentiality of Personal Information. Circumstances may arise in which such privacy cannot be maintained. Such circumstances include, but are not limited to:
- Access to Personal Information may be granted to an Authorized User, System Administrator or agent to meet legitimate University business needs and operational requirements, or in the event that an Authorized User is unavailable, or has his or her access revoked.
- The University may audit, access or restore any IT resource within its environment when it has reasonable grounds to suspect a breach of acceptable use or a possible violation of any law or University policy.
Such access will be subject to the authorisation of the appropriate Vice-President (or designate) in consultation with the Provost.
Authorized Users must exercise good judgment in determining what is acceptable use of IT Resources with due regard to this policy, other University policies and Community Standards. Some activities may be appropriate in a specific context (e.g. for authorized academic and research purposes), while some are not appropriate in any context.
Authorised Users have an obligation to take all reasonable steps (e.g. password protection and strengthening) to protect the confidentiality, integrity, and availability of IT Resources and report encountered vulnerabilities to the computer services help desk. Failure to do so may constitute a breach of this policy.
Examples of a Breach of Acceptable Use
Unless explicitly authorised, a breach of acceptable use includes, but is not limited to:
- Allowing others to access your assigned personal Account
- Failure to exercise reasonable care in safeguarding Accounts and information
- Accessing someone else’s personal Account
- Seeking information on passwords or information belonging to others
- Breaking or attempting to circumvent licensing or copyright provisions
- Copying, deleting, intercepting, or examining someone else’s files, programs, or information
- Attempting to collect, use, or disclose, the Personal Information of others
- Using IT resources to harass or bully others
- Attempting to circumvent information security provisions or exploit vulnerabilities
- Using IT Resources (e.g. University computing account or workstation) for unauthorized commercial purposes
- Any interference with the ability of others to use IT Resources whether it is disruptive or not
- Falsifying or misrepresenting your identity
- Viewing or using pornographic or offensive material in a work, study, or public location
- Distributing or disseminating pornographic or offensive material in any location
Outcomes
If the integrity or security of an IT Resource is compromised or at risk the IT-Services Director or designate may direct the locking or quarantining of an Account or resource at his or her sole discretion. Upon reasonable belief by the IT-Services Director that a violation of this policy (AUP) may have occurred, the IT-Services Director or designate will conduct an investigation.
If access to any Personal Information is required, authorisation will be requested of the appropriate Vice-President (or designate) in consultation with the Provost.
If insufficient evidence of a violation of the AUP is found, the investigation will be closed and involved parties notified where appropriate.
The IT-Services Director will issue a written decision regarding the alleged policy violation within a reasonable timeframe, normally 30 days. Actions noted below may be initiated upon determination of a violation of this policy.
If a violation is determined to have occurred, the following actions may be initiated by the IT-Services Director:
| Class or severity | Possible outcomes |
|---|---|
| Minor violation of the AUP | Warning |
| Serious or repeated violation of the AUP | Escalation to appropriate authority or disciplinary process and/or restrictions on access or use |
| Possible violation of another University policy or regulation | Forward for investigation by applicable process under the applicable policy or regulation |
| Possible violation of federal, provincial, or municipal law or statute | Forward for investigation to law enforcement |
Related University Policies
This Acceptable Use Policy prohibits any use of IT Resources which potentially violates any other Royal Roads University policy, code or agreement, constitutes academic or non-academic misconduct, or which violates federal, provincial, or municipal laws or regulations.
In addition to outcomes under the AUP, such violations may be prosecuted under those laws and policies. Any information resulting from an investigation under the AUP may be shared for the purposes of such prosecutions.