Guidelines for IT: COLL-IT-01 Statement
Guidelines for IT: COLL-IT-01 Statement (version 5.6.21)
The College IT guidelines are governed by IU system-wide policies, https://policies.iu.edu/information-it/index.html, including but not limited to:
- IU IT-01 Appropriate Use of Information Technology Resources: https://policies.iu.edu/policies/it-01-appropriate-use-it-resources/index.html
- IU DM-01 Management of Institutional Data: https://policies.iu.edu/policies/dm-01-management-institutional-data/index.html
- IU DM-02 Disclosing Institutional Information to Third Parties: https://policies.iu.edu/policies/dm-02-disclosing-institutional-information/index.html
- IU IT-12 Security of Information Technology Resources: https://policies.iu.edu/policies/it-12-security-it-resources/index.html
- IU IT-12.1 Mobile Device Security Standard: https://informationsecurity.iu.edu/policies/it121.html
- IU IT-28 Cyber Risk Mitigation Responsibilities: https://policies.iu.edu/policies/it-28-cyber-risk-mitigation/index.html.
The following summary of IU policies identify key points in relation to IT resource management and the work of faculty, staff, and graduate students:
- Use of Indiana University technology resources, including workstations and laptop computers, is restricted to purposes related to IU’s research, teaching, and service missions. Incidental personal use is allowed provided that it adheres to all applicable university policies and does not interfere with fulfillment of the university’s mission.
- All units that operate technology resources are responsible for ensuring the secure management of those systems.
- IT leaders are directed to use secure facilities, common information technology infrastructure, and services provided by UITS whenever possible.
- All IT users should access data only in their conduct of university business, and in ways consistent with furthering the university’s mission of education, research, and public service. They should respect the confidentiality and privacy of individuals whose records they may access, observe any ethical restrictions that apply to the data to which they have access, and abide by applicable laws, regulations, standards, and policies with respect to access, use, disclosure, retention, and/or disposal of information.
- For situations involving the purchase or acquisition of goods and services, particularly computer software and hardware, seek the advice from the appropriate Data Steward(s) and the Purchasing Department on the relevant procedures.
IU policies require that any IT resources that are purchased with university funds be managed by IU IT professionals. For College faculty and graduate students, this means that hardware such as workstations, tablets, laptops, and printers that are purchased with research, departmental, or College funds must be managed by COLL+IT staff. In this context, management of IT resources means that COLL+IT staff will install, update, and use available tools, including centrally available management tools, to maintain required security measures on all College IT devices. Management tools are available on Windows, Apple and LINUX platforms. They enable IT professionals to patch many devices at the same time. The use of these tools ensures that all College units comply with IU IT policies and promotes awareness of best practices. College IT professionals are also available for consultation and advice about any hardware and software issues.
So that devices can be effectively managed centrally, we strongly encourage departments to coordinate with their IT professionals prior to device purchase. In order to maintain a manageable workload for IT staff, whenever possible, we encourage purchases from established IT vendors on IU’s approved vendor list. COLL+IT units have developed standard security protocols for their devices.
Faculty and staff who have concerns about central management interfering with the execution of their research, teaching, or service missions, should begin by working with their IT professionals on a solution that meets their needs while also complying with IU policy requirements. In rare cases where a solution cannot be identified, faculty and staff may bring their concerns to the IT Faculty Advisory Council for further consideration. The College Faculty Advisory Council has an established procedure for exemption requests: https://collfitc.sitehost.iu.edu/doc/college-exemption-procedure-final-v2_5.2.2019.pdf. Your IT professional can walk you through the procedure.
All IT users are bound by IU policy IT-07 which concerns the privacy of all electronic files, voice, and network communications. The policy applies to all authorized users of IU information technology resources, irrespective of whether those resources or data are stored on or accessed from on-campus or off-campus locations. The policy restricts access to electronic files and voice and network communications to account holders except when access is required to serve and protect other core values of the institution. The university does not endorse the routine inspection of electronic files or monitoring of network activities related to individually identifiable use. At times, however, legitimate reasons exist for persons other than the account holder to access computers, electronic files, or data related to use of the University network, including but not limited to: 1. ensuring the continued confidentiality, integrity, and availability of university systems and operations; 2. securing user and system data; 3. ensuring lawful and authorized use of university systems; providing appropriately de-identified data for institutionally approved research projects; 4. responding to valid legal requests or demands for access to university systems and records.
The College empowers its IT professionals to do their jobs to manage systems and devices with an ample level of training and trust as stewards of the systems that are using University IT resources. The implementation of controls and auditing mechanisms are part of IU’s mitigation strategy to minimize security risks and identify potentially malicious or harmful activities that could disrupt research, teaching, service, or administrative operations across the university.
To ensure that the College operates according to IU IT policy, compliance with these guidelines is monitored by the Executive Dean’s office.