(Note: OLPM sections on this page may be cited following the format of, for example, "UNH.VI.F.1.1". These policies may be amended at any time, do not constitute an employment contract, and are provided here only for ease of reference and without any warranty of accuracy. See OLPM Main Menu for details.)
1. The Space Allocation, Repairs and Renovations Committee Space Transfer Process
1.1.1 According to the charter of the Space Allocation, Repairs and Renovation Committee (SARRC), this committee has "ultimate responsibility for" (among other things): (1) Approving the allocation of space in all University buildings, and (2) Approving changes in the use of University lands and buildings.
1.1.2 Transfer of space between "functional units" is an important mechanism for ensuring the efficient utilization of this resource. It has been the history of SARRC, and remains the expectation of the University, that most space transfers will result from plans that are agreeable to all parties. However, when contrasting proposals for the use of space arise, a well-defined and open process for reviewing and deciding among alternatives is essential to ensure fairness and full participation by all parties.
1.1.3 As stated in the Charter, "reassignments of space contained within a functional unit, and any attendant costs, are ordinarily the responsibility of the administrator of that unit." Thus the process described here pertains only to requests to transfer space between "functional units" on campus. Under the current decentralized financial system, (Responsibility Center Management, or RCM) functional units are equivalent to RC units.
1.2 Process. Proposals to reassign space on campus can be of two types:
1.2.1 (A) the two units involved may be in agreement about the transfer, or (B) the units may disagree.
188.8.131.52 Under the first condition (A), the proposal may be brought to SARRC as a simple listing of the spaces involved. SARRC will review the request and may ask for staff analysis of impacts, followed by committee decision.
184.108.40.206 Under the second condition (B), requests for transfer of space between RC units will begin with a proposal submitted to SARRC by the unit proposing to acquire the space in question. This proposal should contain:
220.127.116.11.1 A detailed description of the spaces involved (e.g. building name and room numbers)
18.104.22.168.2 A full description of the proposed uses for those spaces
22.214.171.124.3 A description of the relevance of the transfer to University goals, as described in the Academic Plan and the Campus Master Plan
126.96.36.199.4 A quantitative and programmatic justification that space is needed by the receiving unit, and that the transfer will increase the efficiency of utilization and quality of programs; this justification should reference the unit’s three-year space utilization and needs plan
188.8.131.52.5 A projected budget for the costs of occupying and renovating the space, including the source of funds to be used for such expenses and the estimated on-going facilities charges for the acquired space
1.2.2 Prior to submitting a proposal to SARRC, the proposing unit must share its proposal with the unit to which the space is currently assigned. The affected units are expected to engage in good faith discussions intended to resolve the issues, resulting in a voluntary agreement. If a voluntary agreement is still not possible, the affected unit has the right to submit its request to maintain the status quo (or to submit a counter-proposal) to SARRC. This response should be submitted to SARRC within 45 days of receiving initial notification from the proposing unit.
1.2.3 Upon receipt of a proposal and any response from the affected unit, SARRC will commission an independent analysis of the utilization of the spaces described and the financial and programmatic impact of the transfer on both units.
1.2.4 Upon completion of this analysis, the Vice President(s) responsible for the units involved will meet with the Deans and/or Directors and attempt to resolve any disagreements arising from the proposed transfer. If agreement is reached, the process described for condition A) above will be followed
1.2.5 If agreement cannot be reached, SARRC will review all available information relating to the current and proposed use of the spaces involved. Voting members of the committee will decide, by simple majority, whether all, some, or none of the spaces will be transferred.
1.2.6 If a contested transfer is approved by SARRC, any change in space assignment will take place no sooner than 6 months, and normally no later than 9 months, after the date of approval.
4. Privacy and Security of Technological Resources
4.1 Purpose. This policy informs users of technological resources about certain privacy and security issues related to their use in compliance with the related University System policy (USY VI.F.4).
4.2 Scope. This policy applies to access and use of technological resources by faculty, staff, administrators, students and any other person whether inside or outside the academic community. For purposes of this policy the term "technological resources" shall include, but not be limited to, telephones, voice mail applications, desktop computers, computer networks and electronic mail applications, which are owned or operated by UNH. The term shall also include non-institutional technological resources used in the performance of official duties by faculty, staff, or administrators, but only to the extent of such use.
4.3 Privacy and Security Issues. Users of UNH technological resources should keep the following considerations in mind as they decide how to use those resources:
4.3.1 Although UNH will endeavor to maintain appropriate security mechanisms to prevent unauthorized access of records resident on technological resources, due to the nature of the resources, there is no way to guarantee the privacy of such records.
4.3.2 Using the delete function on a technological resource application may delete only one record of the address of the record and not the record itself -- "deleted" records may remain resident on the resource for an indefinite period of time.
4.3.3 Electronic records can be very easily copied and disseminated. As a result, electronic communications can be redistributed to an audience much broader than the original author may have intended.
4.3.4 Like all records, electronic records are subject to the possibility of involuntary disclosure. For example, by legal process (i.e. subpoena or court order) or, in certain cases, under the New Hampshire Right-to-Know law.
4.3.5 Under University System policy, all records resident on UNH technological resources are owned by UNH (although the copyright and other intellectual property rights may or may not be owned by UNH) (see USY VI.F.4) and may be accessed, copied, or deleted by appropriate UNH officials under the process established in subsection 4.4 below.
4.4 Institutional Access to Records. Under the circumstances and utilizing the process set forth below appropriate UNH officials can gain access to, copy and delete records resident on technological resources owned or operated by UNH.
4.4.1 Where there exists a legitimate official need to access, copy, or delete a record resident on a technological resource owned or operated by UNH, the UNH employee having such a need shall make a written application to one of the Vice Presidents (Academic Affairs, Finance and Administration, Student Affairs, or Research and Public Service), describing the records sought and setting forth the legitimate official need(s) sufficient to justify the request. The Vice President shall review the application, make any such further inquiry as he or she deems appropriate, determine whether there is a sufficient legitimate official need, and inform the applicant of the decision in writing. Unless the Vice President determines it would be impractical or would defeat the institutional justification to do so, the author of the record and the holder of the account in which the record resides shall be notified of a decision to allow access to, or copying, or deletion of, a record.
4.4.2 In cases where the Vice President grants the application, the author of the record or the holder of the account in which the record resides may appeal the decision to the President. Any such appeal must be in writing and submitted to the President within 48 hours of the decision. The President shall review the appeal, make any further inquiry as he or she deems appropriate, determine whether there is a sufficient legitimate official need, and inform the author or account holder of the decision in writing. The President's decision shall be final.
4.4.3 UNH technological resource system managers may maintain, control, monitor, and investigate such standard log files as may be useful for making a technological resource operate efficiently and securely. Information contained in such system log files shall be held in a confidential manner and, subject to the dictates of this policy, shall be used only for purposes of tuning systems and networks, obtaining generic and routine statistics about a system or network or for security access.
4.5 University Identifier Policy
184.108.40.206 The creation of, and compliance with this policy will help protect the privacy of students, faculty, and staff at the University of New Hampshire (UNH) by minimizing the use of Social Security Numbers (SSNs) as the primary means of identification, by limiting access to and visibility of the SSN when the use of SSNs is necessary, providing guidance for handling the non-SSN university identifier and establishing protection requirements for other legally protected personally identifiable information (PII).
220.127.116.11 This policy applies to all UNH persons, such as every student, faculty, staff member, and anyone else handling SSNs or other legally protected personally identifiable information (PII).
18.104.22.168.1 Exceptions to this policy shall be granted only by authorized University authorities, which shall be at a minimum the appropriate Vice President or higher (e.g. VP of Human Resources or VP of Student Affairs), the UNH Information Technology Security Officer, and the data owner or steward (Registrar for student SSNs, HR of employee SSNs, etc.)
22.214.171.124 Authorized personnel in this policy consist of those University employees who have received approval for data access by the appropriate data steward. Authorized personnel may include non-university persons employed by service providers that receive approval for data access by the appropriate data steward, were explicitly cleared through the standardized university security review process and for which the university has a current contract in place with the appropriate security provisions documented. Authorization shall be managed by the data stewards.
126.96.36.199 Approved processes will be those that are approved by the appropriate data steward, university CIO's office and appropriate Vice President.
4.5.3 Collection and Management
188.8.131.52 SSNs will be collected, shared and or used only where legally required or as authorized in UNH VI.F.184.108.40.206.1.
220.127.116.11 SSN values shall be collected in a confidential manner so that unauthorized persons cannot view or hear the SSN during the collection.
18.104.22.168 Other legally protected personally identifiable information (PII), such as but not limited to credit card numbers, account information, and combination of PII referenced in the state of NH privacy protection and breach reporting statutes shall be handled through approved processes.
4.5.4 Storage and Access
22.214.171.124 SSNs at rest shall be stored on centrally-managed, secure servers designed and approved for such use and conforming to accepted and appropriate industry security standards.
126.96.36.199.1 Servers used for this purpose will comply with the principles documented in the IT Server Protection Policy.
188.8.131.52.2 SSNs stored at rest should be encrypted. If they are not encrypted, administrators of the stored services should apply compensating security measures and seek the next reasonable opportunity to enable encryption at rest.
184.108.40.206 SSNs and other legally protected PII will be stored in a manner that limits access to authorized personnel.
220.127.116.11 SSNs and other legally protected PII will not be stored on personal computers and other personal devices.
18.104.22.168 Any remaining non-electronic legally protected PII, such as but not limited to printed reports, shall be protected from non-authorized access.
22.214.171.124 Legally protected PII shall not be shared through insecure mechanisms, such as electronic mail in clear text form. Where secure methods for SSN transport are not available, solutions will be developed with urgency. When secure methods are not available, as confirmed by authorities in UNH VI.F.126.96.36.199.1, SSNs will be encrypted when transmitted electronically and/or limited to the last four digits.
188.8.131.52 If a business need requires the displaying of SSNs, SSNs will be masked and/or limited to the last four digits.
184.108.40.206 Contracts involving legally protected PII will follow the "UNH Technology Vendor Guidelines for Safeguarding Privacy When Sharing Data with Third Parties" aka "Vendor Contract Best Practices".
220.127.116.11 University departments using legally protected PII on University equipment within the department's administration shall contact the UNH Information Technology Security Office and conduct a review of security on a periodic basis.
4.5.6 Use of non-SSN ID number
18.104.22.168 Student ID numbers will not be directory information as defined by UNH in relation to FERPA.
22.214.171.124 The University ID (a non-masked number) will be shared among authorized personnel.
126.96.36.199 University ID numbers, which may be visible to non-authorized personnel, must be masked to the last 4 digits.
188.8.131.52 University ID numbers may not be used as passwords for authentication purposes.
184.108.40.206 Compromise of SSNs or other legally protected PII includes any unauthorized viewing, recording, copying, destruction, modification, or creation thereof.
220.127.116.11 Any unauthorized access to or exposure of legally protected PII, as well as any known condition that may result in such unauthorized access or exposure will be reported to UNH Information Technology Security Office and the appropriate data steward immediately.
4.6 Changing and Terminating Accounts.1 Permissions to access university information technology resources will be changed promptly and appropriately when the legitimate and approved business need changes, and accounts will be disabled or terminated immediately when they are no longer needed for legitimate and approved business needs.
4.6.1 Permissions for access to university information technology resources will be granted based on legitimate and approved business needs under the guidance from data stewards. Where approval criteria is not established, a minimum of VP and CIO approval is required.
4.6.2 Supervisors will submit a change form to IT when an employee's responsibilities or employment status change in a manner that also changes their legitimate business need to access IT Systems.
4.6.3 UNH IT will monitor job status as documented in Banner HR.
4.6.4 UNH Human Resources will notify UNH Information Technology when it becomes aware of non-routine changes in employment such as leave of absence, termination or administrative leave, and will monitor for planned reduction in force (RIF) through periodic reports and notify IT of such planned RIFs.
4.6.5 When notified, IT will contact the appropriate supervisor to determine the disposition of the employee's access to IT systems. Information technology will maintain procedures to respond and modify access rights, and/or disable/terminate accounts without delay. Accounts and access rights for employees who are relieved of their duties, fired or whose employment is changed or modified under similar adverse or unexpected conditions will be disabled or terminated immediately.
4.6.6 Situations that are not covered by this policy or where there is question about whether an employee's account or access rights should be changed or terminated will be brought to the attention of the UNH Information Security Officer for guidance.
1This policy is effective as of July 1, 2011.
5. Acceptable Use for Information Technology Resources
5.1 Introduction. Information technology (IT), the large and growing array of computing and electronic data communications resources, is an integral part of the fulfillment of the University of New Hampshire's teaching, research, administrative, and service roles. Members of the University community have access to these IT resources and attendant responsibilities not to misuse them. This Acceptable Use Policy (AUP) provides guidelines for the acceptable use of the University's IT resources as well as for the University's access to information to manage these resources.
5.1.2 Use of information technology resources can be broadly categorized as acceptable, allowable, or prohibited.
5.1.3 Acceptable use of information technology resources is legal use consistent with the mission of the University of New Hampshire, i.e., use that furthers the University's mission of learning and teaching, research, and outreach.
5.1.4 Allowable use is legal use for other purposes that do not impinge on acceptable use. The amount of allowable use will vary over time based on the capacity reserve of information technology resources available beyond Acceptable use.
5.1.5 Prohibited use is illegal use and all other use that is neither acceptable nor allowable.
5.1.6 Most IT use parallels familiar activity in other media and formats, making existing University policies important in determining what use is appropriate. Using electronic mail ("e-mail") instead of standard written correspondence, for example, does not fundamentally alter the nature of the communication, nor does it alter the guiding policies. University policies that already govern freedom of expression, discriminatory harassment, and related matters in the context of standard written expression, govern electronic expression as well. This AUP addresses circumstances that are particular to the IT arena and is intended to augment, but not to supersede, other relevant University policies.
5.1.7 For statements of other applicable University policies consult the University System of New Hampshire Policy Manual (OLPM); the Financial and Administrative Procedures Manual (FAP); the handbooks for faculty, PAT staff, and operating staff; the Student Rights, Rules, and Responsibilities; and policies that govern use of particular IT systems and labs. See, too, the links to online documents in the Policy Cross-references section below.
5.2 Purpose. The purpose of this AUP is to ensure an information technology infrastructure that promotes the basic missions of the University in teaching, research, administration, and service. In particular, this AUP aims to promote these goals:
5.2.1 To ensure the integrity, reliability, availability, and performance of IT resources.
5.2.2 To ensure that use of IT resources is consistent with the principles and values that govern use of other University facilities and services.
5.2.3 To ensure that IT resources are used for their intended purposes.
5.2.4 To establish processes for addressing policy violations and sanctions for those committing violations.
5.3.1 OLPM. "OLPM" is the University System of New Hampshire On-line Policy Manual, which is the master compilation of formal System-wide and Campus-wide institutional policies.
5.3.2 FAP. "FAP" refers to the Financial and Administrative Procedures Manual that applies to all the USNH Campuses, as approved by the Board of Trustees or the Financial Policies and Planning Council.
5.3.3 AUP. "AUP" is the Acceptable Use Policy for Information Technology resources and refers to this document.
5.3.4 University. The term "University" means the University of New Hampshire (UNH), both the Durham and Manchester Campuses.
5.3.5 IT Resources. Following the definition in the OLPM (USY.VI.F.4.2), "technological resources shall include, but not be limited to, telephones, voice mail applications, desktop computers, computer networks and electronic mail applications, which are owned or operated by UNH. The term shall also include non-institutional technological resources used in the performance of official duties by faculty, staff, or administrators, but only to the extent of such use."
5.3.6 User. A "user" is any person, whether authorized or not, who makes any use of any IT resource from any location. For example, users include those who access IT resources in a University computer lab, or via an electronic network. A "user's status" means their relationship with the University, i.e., student, faculty, staff, contractor, alumni/alumnae, member of public, etc.
5.3.7 Disciplinary Authority. If informal resolution does not work or the misuse is more serious, referral is made to the existing University judicial or disciplinary process, as appropriate for the status of the user. For example, students are covered by the Student Code of Conduct and Judicial Process, staff is covered by the OLPM, and faculty is covered by the collective bargaining agreement. This may include University police when the law appears to be broken.
5.3.8 Systems Authority. While the University as an entity is the legal owner or operator of all its IT Resources, it delegates oversight of particular systems to the head of a specific subdivision, department, or office of the University ("systems authority"), or to an individual faculty member, in the case of IT resources purchased with research or other funds for which they are individually responsible. For example, the systems authority for the centrally managed Exchange environment is the Assistant Vice President, Enterprise Technology Services.
5.3.9 System Administrator. Systems authorities may designate another person as a "system administrator" to manage the particular system resources for which the system authority is responsible. Systems administrators oversee the day-to-day operation of the system and are authorized to determine who is permitted access to particular IT resources, in accordance with existing policies and procedures.
5.3.10 Computer account. A "computer account" is any access name and its associated password that is assigned to a user for access to information technology resources.
5.3.11 Specific authorization. This means documented permission provided by the applicable system administrator.
5.4.1 This Policy applies to all users of IT resources, including but not limited to University students, faculty, and staff, and to the use of all IT resources. These include systems, networks, and facilities administered by UNH Information Technology (UNH IT), as well as those administered by individual schools, departments, University laboratories, and other University-based entities. This includes the general public.
5.4.2 Use of University IT resources, even when carried out on a privately owned computer that is not managed or maintained by the University, is governed by this policy.
5.5 Acceptable Use of IT Resources. Although this policy sets forth the general boundaries of acceptable use of IT resources, students, faculty, and staff should consult their respective governing policy manuals for more detailed statements on permitted and appropriate use. This includes the University System of New Hampshire Policy Manual (OLPM); the Financial and Administrative Procedures Manual (FAP); the handbooks for faculty, PAT staff, and operating staff; the Student Rights, Rules, and Responsibilities; and specific restrictions that system administrators may place on resource use. IT resource authorities or administrators may elect to impose stricter controls than those required by this policy. In all cases where the controls are less restrictive than those of this AUP, this AUP applies.
5.5.1 IT resources may be used only for their authorized purposes, that is, to support the University's primary mission of teaching, research, and outreach (BOT.II.H.1.1). The particular purposes of any IT resources, as well as the nature and scope of authorized use and incidental personal use, may vary according to the duties and responsibilities of the user.
5.5.2 Proper authorization. Users are entitled to access only those elements of IT Resources that are consistent with their authorization.
5.5.3 Allowable use. Incidental personal use of IT resources is allowed, such as Web browsing and personal e-mail, as long as it is consistent with this AUP and any applicable departmental work-unit policies and guidelines. The capacity of IT resources available beyond acceptable use will vary over time and so individual use will be restricted if it interferes with the University's primary mission.
5.6 Prohibited Use. Prohibited use is illegal use and all other use that is neither acceptable nor allowable. The following categories of use are inappropriate and prohibited.
5.6.1 Use that impedes, interferes with, impairs, or otherwise causes harm to the activities of others. Users must not interfere with, or attempt to interfere with, the normal use of IT resources by other users. Interference includes: denial of service attacks, misusing mailing lists, propagating chain letters or hoaxes, and intentional or unintentional sending of unwanted e-mail to users without specific authorization or a way to opt-out ("slamming"). Other behaviors that cause a network traffic load or computing load that interferes with the normal and intended use of the IT resources is also prohibited.
5.6.2 Use that is inconsistent with the University's non-profit status. The University is a non-profit, tax-exempt organization and, as such, is subject to specific federal, state, and local laws regarding sources of income, political activities, use of property, and similar matters. As a result, commercial use of IT resources for non-University purposes is generally prohibited, except if specifically authorized and permitted under University conflict-of-interest, outside employment, and other related policies (FAP 8-006). System administrators are expected to develop more detailed guidance for the use of e-mail, Web pages, and other services on specific IT resources.
5.6.3 Use of IT resources in a way that suggests University endorsement of any political candidate or ballot initiative is also prohibited. Users must refrain from using IT resources for the purpose of lobbying that connotes University involvement, except for authorized lobbying through or in consultation with the University System of New Hampshire General Counsel's Office.
5.6.4 Harassing or threatening use. This category includes, for example, discriminatory harassment, display of offensive or sexual material in the workplace, and repeated unwelcome contacts with another.
5.6.5 Use that damages the integrity of University or other IT resources. This category includes, but is not limited to, the following activities:
18.104.22.168 Attempts to defeat system security. Users must not defeat or attempt to defeat any IT resources security, such as by analysis ("cracking") or guessing and applying the password of another user, or by compromising room locks or alarm systems. This provision does not prohibit, however, UNH IT or system administrators from using security-scanning programs within the scope of their systems authority.
22.214.171.124 Unauthorized access or use. The University recognizes the importance of preserving the privacy of users and data stored in IT systems. Users must honor this principle by refraining from, or assisting, unauthorized access to IT resources. This applies to a variety of situations:
126.96.36.199.1 For example, a non-University organization or individual may not use non-public IT resources without specific authorization.
188.8.131.52.2 For example, privately owned computers may be used to provide public information resources, but such computers may not host sites or services, across the University network, for non-University organizations without specific authorization.
184.108.40.206.3 For example, users are prohibited from accessing or attempting to access data on IT resources that they are not authorized to access.
220.127.116.11.4 For example, users must not make or attempt to make any deliberate, unauthorized changes to data on an IT system.
18.104.22.168 Networking equipment and software. Unless specifically authorized, by the network system administrator no user will connect networking equipment (routers, hubs, "sniffers," etc.) to the campus network, nor operate network services software (routing, "sniffing," name service, multicast services, etc.) on a computer attached to the network.
22.214.171.124 Disguised use: Users must not conceal their identity when using IT resources, except when the option of anonymous access is explicitly authorized. Users are also prohibited from masquerading as or impersonating others or otherwise using a false identity.
126.96.36.199 Distributing computer hoaxes and viruses. Users must not knowingly distribute or launch hoaxes, computer viruses, worms, or other rogue programs intended to compromise IT resources.
188.8.131.52 Removal of data or equipment. Without specific authorization by a system administrator, users must not remove any University-owned or administered IT resource equipment from its normal location.
5.6.6 Violation of law
184.108.40.206 Illegal use of IT resources, i.e., use in violation of civil or criminal law at the federal, state, or local levels is prohibited. Examples of such uses are: promoting a pyramid scheme; distributing illegal obscenity; receiving, transmitting, or possessing child pornography; infringing copyrights; and making bomb threats.
220.127.116.11 With respect to copyright infringement, users should be aware that copyright law governs (among other activities) the copying, display, and use of software and other works in digital form (text, sound, images, and other multimedia). The law permits use of copyrighted material without authorization from the copyright holder for limited "fair use". Educational use must meet the normal fair use guidelines.
5.6.7 Violation of University contracts. All use of IT resources must be consistent with the University's contractual obligations, including limitations defined in software and other licensing agreements.
5.6.8 Violation of external data network policies. Users must observe all applicable policies of external data networks when using such networks.
5.7 Personal Account Responsibility. Users are responsible for maintaining the security of their own accounts and passwords for access to IT resources. Accounts and passwords are normally assigned to individual users and are not to be shared with any other person without authorization by the applicable system administrator. Users are presumed to be responsible for any activity carried out under their IT system accounts or posted on their personal Web pages.
5.8 Personal Identification. Upon request by a system administrator or other University authority, users must produce valid identification.
5.9 Conditions of University Access to Resources. There are circumstances when a user's access to IT resources may be deactivated or terminated or expectations of privacy may be waived under the following special conditions.
5.9.1 Special Conditions. The following special conditions for institutional access to IT materials, without the consent of the user, would operate under the procedural safeguards specified in UNH.VI.F.4.4.
5.9.2 Diagnosis. When necessary to identify or diagnose systems or security vulnerabilities and problems, or otherwise preserve the integrity of the IT resources.
5.9.3 Required by law. When required by federal, state, or local law or administrative rules.
5.9.4 Reasonable grounds. When there are reasonable grounds to believe that a violation of law may have taken place and access and inspection or monitoring may produce evidence related to the violation.
5.9.5 Essential business. When such access to IT resources is required to carry out essential business functions of the University.
5.9.6 Health and safety. When required to preserve public health and safety.
5.10 Process. Consistent with the procedures specified in the OLPM for institutional access to materials and records without the consent of the user, such access is to be logged by the system administrator for subsequent review by the appropriate Vice President (UNH.VI.F.4.4).
5.10.1 User access deactivation. The University, through the appropriate system administrator, may deactivate a user's information technology privileges, even in the absence of a suspected AUP violation, when necessary to preserve the integrity of IT resources. The system administrator must notify the user in writing of any such action within 48 hours (UNH.VI.F.4.4).
5.10.2 Security scanning systems. By attaching privately owned personal computers or other IT resources to the University's network, users consent to the University use of security scanning programs while connected to the network.
5.10.3 Logs. Most IT systems routinely log user actions for a variety of reasons, including system recovery, trouble-shooting, usage reporting, and resource planning. All system administrators are expected to establish and post a description of the logging policies and procedures for the systems they manage. This may take the form of a privacy statement or a more general operational statement.
5.10.4 Encrypted material. University faculty and staff, as employees, may encrypt files, documents, and messages for protection against unauthorized disclosure while in storage or in transit. However, such encryption must allow officials, when properly required and authorized, to decrypt the information (UNH.VI.F.4).
5.11 Enforcement Procedures
5.11.1 Complaints of Alleged Violations. An important element in the enforcement of violations of this AUP is the intent, i.e., whether a violation was carried out with knowledge and awareness of the consequences. For minor violations the expectation is to resolve the violation at the lowest level of system administration involved. System administrators are expected to apply judgment in reporting a violation to a formal judicial or disciplinary process. The AUP administrator may be consulted for interpretive advice, as described below. Seen as a simple diagram:
An individual who believes that they are harmed by an alleged violation of this policy may file a complaint in accordance with established University complaint or grievance procedures. The individual is also encouraged to report the alleged violation to the systems authority responsible and to refer the matter to University disciplinary authorities.
5.11.2 Reporting Observed Violations. If an individual has observed or otherwise is aware of an alleged violation of the AUP, but has not been harmed by the alleged violation, they may report the matter to the systems authority responsible for the facility most directly involved and refer the matter to University disciplinary authorities.
5.11.3 Disciplinary Procedures. When possible, the goal is to resolve issues of use and misuse informally between the user and relevant system administrator, including use of informal departmental procedures if helpful.
Alleged violations of this policy will be pursued in accordance with the appropriate disciplinary procedures for students, faculty, and staff, as outlined in the relevant student regulations (e.g., Student Rights, Rules, and Responsibilities), the faculty handbook, or staff handbook. Faculty or staff who are members of University-recognized bargaining units are covered by disciplinary provisions set forth in the agreement for their bargaining units. Factors to consider in an alleged incident are: its nature, the intent, extent of damage, and history of offenses, leading to a recommended action.
Systems administrators may participate in formal disciplinary proceedings as deemed appropriate by the relevant disciplinary authority. And, at the direction of the appropriate disciplinary authority, systems administrators are authorized to investigate alleged violations.
5.11.4 Penalties. Users found to have violated this AUP are subject to penalties provided for in other University policies dealing with the underlying conduct. Such users may also face IT-specific penalties, including temporary or permanent reduction or elimination of some or all IT privileges. The appropriate penalties shall be determined by the applicable disciplinary authority in consultation with the system administrator.
System administrators in violation of their authority are also subject to penalties as provided in other University policies.
5.11.5 Legal Liability for Unlawful Use. In addition to University discipline, users may be subject to criminal prosecution, civil liability, or both for unlawful use of any IT resources.
5.11.6 Appeals. Users found in violation of this policy may appeal or request reconsideration of any imposed disciplinary action in accordance with the formal appeals provisions of the relevant disciplinary authority.
5.12 Policy Development
5.12.1 This AUP will be periodically reviewed and modified under the direction of the Assistant Vice President for Computing and Information Services, in consultation with University committees and constituencies. This Assistant Vice President will designate an AUP administrator to assist with:
18.104.22.168 Interpretation. For questions or assistance about the interpretation of this AUP, contact the AUP administrator.
5.12.2 Review. This AUP will be reviewed for accuracy as needed, but not less than once a year, by the AUP administrator.
5.13 Policy Cross-references. The following links are to related online policies and documents. There are other important policies and documents that are not yet online.
5.13.1 Digital Millennium Copyright Act
5.13.2 FAP on Charitable and Political Contributions Procedure 8-006
5.13.3 Library Records Confidentiality
5.13.4 NH RSA 638:16,17,18. State statutes on computer crime
5.13.5 OLPM on Mailing Lists and Directories (UNH.III.B)
5.13.6 OLPM on Privacy and Security of Technological Resources (UNH.VI.F.4)
5.13.7 Student Rights, Rules, and Responsibilities. See Appendix for the Family Educational Rights and Privacy Act of 1974 (FERPA), a/k/a "The Buckley Amendment."
5.13.8 UNH Primer on Copyright Law and Recommended Procedures
5.13.9 UNHINFO Privacy Statement
6. Personal Computer and Network Peripheral Equipment Power Management
6.1 Purpose. Optimize desktop and laptop computer and network peripheral power use.
6.1.1 Use of desktop and laptop computers, hereafter referred to as Personal Computers, is a fundamental part of campus life whether for educational, research, administrative or personal purposes. Such widespread use by the campus community, however, creates a significant portion of the total campus electrical use. Consistent application of Personal Computer power management software and settings will ensure desktop and laptop power consumption is optimized by taking advantage of automatic power down modes that reduce power consumption during periods when they are not in active use.
6.1.2 Peripheral equipment, particularly printers, is widespread. Use of network printers and multi-function devices to serve several computers in lieu of scattered individual printers will reduce energy and generally results in a lower cost per printed page. Printers and multi-function devices suitable for use as network printers also typically have power management features that can be activated to reduce power consumption without loss of efficiency and convenience.
6.2 Scope. This policy applies to all Personal Computers (desktop and laptop computers) connected to the UNH network regardless of how they are being used. Exceptions are desktop or laptop computers being used to control industrial operations or building system functions. The policy also applies to network printers/multi-function devices. The policy regarding energy settings does not apply to non-institutionally owned desktop or laptop computers used off campus to connect to the campus network.
6.3 Periodic Registration. Annually or more frequently, each Personal Computer connected to the UNH network will be registered with UNH IT. As part of the registration process, UNH IT will verify and, if necessary, install and activate power management software (see exception in UNH VI.F.6.2). Such software will also be installed and activated on any new desktop or laptop computer at the time it is registered for access to the UNH network.
6.4 Power Management Software. The power management software UNH IT installs may have provisions that allow UNH IT to remotely survey the power management settings and determine where such settings have been deactivated or changed. This will enable further refinement in power management policy based on user preferences and use patterns. However, remote changes in power management settings by UNH IT will not be permitted.
6.5 Personal Computer Power Management Software Opt-Out Provisions. As part of the periodic registration, users will have the opportunity to opt-out of the power management software installation and activation. All campus personal computer users are encouraged to use the power management software to avoid unnecessary power use, but a request to opt out will be honored without further review or approval.
6.6 Power Management Settings for University-Managed Personal Computers and Other Peripheral Equipment.
6.6.1 For Personal Computers in computer clusters, power management software will be set to power off monitors and spin down disk drives during periods of inactivity and shut down at closing hours. For computers in kiosks, the sleep mode for both monitors and computers will be enabled. New and better Operating System power-saving modes will be applied, as appropriate, as they become available.
6.6.2 Individual printers should always be set for double-sided, no color, draft quality print as the default settings and printer power management, if any, should be enabled. Where feasible, network printers/multi-function devices should be used to serve multiple workstations in lieu of individual printers.
6.6.3 Network printers/multi-function devices should be set for double-sided printing, draft quality, no color, if possible as the default. Printer power management will be enabled for all network printers/multi-function devices.
8. Special Events Property Management
8.1 Applicability: This procedure applies to all University property during the entire academic year beginning with the first day of classes and extending through Commencement weekend.
8.2.1 Core mission activities are those provided by and restricted to University employees (faculty, staff and administrators), students and alumni, the cost of which is paid in full by University funds.
8.2.2 Property Managers are University employees who have direct managerial responsibility for the oversight, operation and scheduling of University buildings and grounds.
8.2.3 An Event Manager is the individual who contacts Property Managers for the purpose of scheduling the use of University properties.
8.2.4 Special events are non-core mission activities which require the use of University buildings and/or grounds.
8.3.1 Ensure that core mission activities receive priority use of University facilities without limitations caused by special events;
8.3.2 Maximize the use of University facilities without exceeding the reasonable capacity of University parking facilities;
8.3.3 Minimize the negative impact of special events at the University on the Town of Durham;
8.3.4 Provide effective internal communications between property managers and the Department of Transportation and UNH Police;
8.3.5 Increase sensitivity to the parking needs of special event participants prior to confirming special event schedules.
8.4.1 Property Managers will be responsible for maintaining on-going communications with the Event Manager, Director of Transportation and Chief of UNH Police regarding the parking needs and schedule of special events.
8.4.2 Director of Transportation will maintain a master calendar of the demands placed on parking facilities and advise Property Managers and the Vice President for Finance and Administration when reasonable parking capacity will be exceeded.
8.4.3 The Chief of UNH Police will determine safety and security coverage, and the logistics of vehicular and pedestrian traffic in support of special events.
8.4.4 Event Managers shall work with the Property Manager, Director of Transportation and Chief of UNH Police in order to receive all necessary directions and instructions for their special event participants and communicate the same to the participants.
8.5.1 Property Managers will maintain the schedule of events for the properties under their management. Prior to confirming a special event schedule, the Property Manager shall communicate with the Director of Transportation in order to confirm availability of parking.
8.5.2 The Property Manager shall provide to the Director of Transportation the name of the special event group, the number of participants, the time-date-place(s) of the group's on-campus activities, and the name of the Event Manager.
8.5.3 The Director of Transportation will specify time, date and place of available parking for the special event. If reasonable parking is not available, the Director of Transportation shall communicate to the Property Manager and the Vice President for Finance and Administration the impending over-subscription of parking capacity.
8.5.4 In such cases when reasonable parking is not available, confirmation of the special event by the Property Manager will be suspended pending review by the Vice Presidents and President.