UIS IT Policies, Procedures & Guidelines

User Account Lifecycle for NetIDs

ITS provides students and employees with a campus user account (NetID) which allows access to campus services such as mail and Canvas, as well as to cloud services such as Box, Google Apps, and Office 365.

User accounts are not for life and will be de-provisioned upon meeting the conditions described below. Graduates of UIS may enroll in Email Forwarding for Life, which allows UIS graduates to opt-in and provide a personal email address that all messages sent to their NetID@uis.edu account will be forwarded to.

User account de-provisioning is the process of removing the user accounts that are no longer eligible for access to UIS services. Students and employees are responsible for transferring any data/files/emails that they would like to keep to a personal account before their accounts is de-provisioned. Below are the conditions for user account de-provisioning for students and employees:

For Students

After the start of each semester, any student account that has not been enrolled in courses in the last 3 semesters will be flagged for de-provisioning. Students will get an email notifying them that they have 30 days to clean out their accounts. At the end of the 30 days, the user account will be de-provisioned unless the student has re-enrolled in courses.

Exceptions: OPT (Optional Practical Training) students should sign up for Email Forwarding for Life so that they can continue to receive emails sent to their UIS email address. OPT is a period during which undergraduate and graduate students with F-1 status who have completed or have been pursuing their degrees for more than nine months are permitted by the United States Citizenship and Immigration Services (USCIS) to work for at most one year on a student visa towards getting practical training to complement their field of studies. F-1 students are usually permitted a total of 12 months of practical training.

For Employees

An employee’s account is de-provisioned when their relationship with the University is terminated (as reflected in Banner). Please note that the last date of employment does not necessarily correspond to the date the employee record is terminated in Banner. If a department needs to expedite the de-provisioning of a former employee’s account, they can put in request to ITS. ITS can de-activate the account until the employee record is terminated in Banner.

Exceptions: Retirees and emeriti faculty are eligible to keep their UIS accounts for life. Their accounts will not be de-provisioned, unless requested by the employee.

Note: Each user is also assigned an Enterprise account. Enterprise accounts are never de-provisioned. They allow students to view their academic history, allow employees to view W-2s, etc. However, Enterprise accounts do not provide access to UIS campus services such as email, Canvas, or cloud services.

University of Illinois Information Security Policy

• University of Illinois Information Security Policy

Guidelines for Using Computer Labs

The primary purpose of computer lab resources is for academic research, study, and doing class assignments. Lab users have a right to expect a quiet, clean, academic lab environment. These guidelines are intended to clarify the responsibilities of lab users towards this end.

• All activities must adhere to the guidelines for “Acceptable Use of Information Technology Resources”.
• Use of the lab is restricted to the current students, faculty, staff, and authorized University guests. Lab Attendants have the right to request to see a University ID.
• Children are not permitted in the labs without the supervision of an adult.
• Loud conversations are not permitted in the labs, as it is a disturbance to other users. This also includes listening to music with the earphone volume turned too high. Students engaged in loud, disruptive conversations in the labs would be asked to leave.
• Users are responsible for saving their documents on their own removable media or cloud storage.
• When all workstations are in use and students are waiting to use a computer, please be considerate.
• While you have the freedom to view varying types of materials, please remember that others in the lab may, and can, see what you are looking at. We are not trying to dictate what material you may view, only asking that you have respect for other people’s feelings while doing so.

Intentional failure to comply with these guidelines will result in action that may include suspension of user privileges.

Policy for Acceptable Use of Network Resources

Access to the UIS campus network is a privilege granted to employees, students, and guests who agree to comply with the provisions of this policy. Everyone using the campus network is responsible for using it in an appropriate, ethical and lawful manner.

All users must comply with the following:

• Each computer must have a functional anti-virus program installed on it. The software must be configured to be automatically updated as new updates are made available. Employees and students may use the latest version of anti-virus software supplied by UIS Information Technology Services at no additional cost. The free version of anti-virus software can be downloaded from the University of Illinois Webstore
• No user-supplied network equipment may be connected to the campus network. This includes network hubs, network switches, and other similar equipment. Wireless switches and routers of any kind are not permitted, even if not connected to the campus network.
• No attempt on the part of the user will be made to interfere or block anti-virus updates, operating system updates, or other activities deemed necessary by Information Technology Services to maintain and ensure a safe networking and computing environment
• Students are responsible for the actions of their guests and agree to ensure that guests comply with this policy.

Email Distribution Lists

Electronic announcements are distributed to the university community through email distribution lists and myUIS portal. A distribution list is a list of email addresses. Emails sent to a distribution list are received by all members of the list.

Guidelines

All uses of distribution lists must adhere to the UIS Acceptable Use Policy, as well as other policies related to specific distribution lists (such as lists for departments, colleges, organizations, etc). Individuals who send messages through distribution lists are personally responsible for the message content. Distribution lists may only be used for university related purposes and may not be used for private or personal use. When sending an email to a distribution list, it is helpful to consider the following questions:

• Does this email pertain to all individuals on the list or just a few?
• Is there a more effective method of distributing this information?
• Does using the list conflict with any aspects of the UIS Acceptable Use Policy?
• Is this information directly related to the group receiving it?

Distribution Lists Administrated by ITS

General Campus Announcements

General announcements pertaining and of interest to all members of the campus community may be sent to the UIS Campus Announcements distribution list. All employees can email to this list. Messages sent to this list will appear in the campus portal (my.uis.edu). All emails sent to campus announcements will be gathered into a single email digest and delivered daily at 9:15am directly to all employee and student email inboxes in addition to being posted to the portal. You may also subscribe to this list and receive messages through MS Outlook and other RSS feed readers. The feed address is http://uisapp.uis.edu/announcements/campus.rss.

Guidelines for Using the Campus Announcement System

• The Campus Announcement system is automated. Any email sent to campusannouncements@uis.edu will automatically be included.
• Use descriptive subject lines in your announcement emails. The subject line forms the link people will see and base their decision on whether they want to open your message. Subject lines will be truncated at 60 characters in the email digest, and will follow Camel Case format (where the first letter of each word is capitalized; only recognized acronyms will remain in all capital letters).
  • Known abbreviations have been added as exceptions – for example, department and building abbreviations (such as ITS, UHB, BRK). Additionally, two-letter words submitted in all capital letters have been added as exceptions. These will remain in all capitals letters while other words will convert to camel case. Because of this, subject lines should NOT be submitted using all capital letters. For example, a subject sent as “HERE IT IS, IF YOU ARE READY” would show up as “Here IT IS, IF You Are Ready”.
  • If order for your announcement to post properly, you must have information on the subject line.
• The announcements will appear exactly as submitted; please do not include any additional instructions/correspondence.
• The deadline for each day’s announcements is 8:59am. Any announcement submitted after 9:00am will appear in the next day’s announcements.
• Emails sent using [Delay Delivery] run the risk of being skipped (i.e. not sent out) since the email send date – not the delivery date, is used for basing the decision to include an email or not (from the previous 24 hour period).
• Because the system is automated, we cannot prevent the announcement from being posted unless we are contacted prior to that day’s deadline.
• Please do not reply to Campus Announcements. Instead, please contact the originator of the announcement.
• Announcements will continue to be posted immediately on the MyUIS portal site.
• Be mindful of your target audience; if a message is relevant to a smaller group you should target them directly. For example, if your information is only useful to Academic Professionals then the announcement should be sent to their distribution list instead of the entire campus.
• If you are announcing an event or service, please be clear about what department/organization is hosting/sponsoring the event or service.
• If you add image graphics to your campus announcement make sure the images are either GIF or JPG files. All other image formats will not display correctly on the email digest and campus portal.

Official Employee Announcements

Official university announcements are sent to the UIS Employee – Official Information DL list. Every UIS employee is a member of this list and receives these official announcements in their email inbox. Due to the official nature of this distribution list, only certain University officials can send messages to this list.

Official Student Announcements

Official student announcements are sent to the UIS Student – Official Information DL. Every currently enrolled student is a member of this list and receives the official announcements in their email inbox. Due to the official nature of this distribution list, only certain University officials can send messages to this list.

UIS Academic Professionals

Every UIS Academic Professional is a member of this list and receives messages in their email inbox. Members of this list along with University officials may send messages to this list.  The UIS Academic Professionals distribution list is provisioned automatically based upon data that is synchronized from Banner/EDW on a daily basis.

UIS Civil Service Employees

Every UIS Civil Service Employee is a member of this list and receives messages in their email inbox. Members of this list along with University officials may send messages to this list.  The UIS Civil Service Employees distribution list is provisioned automatically based upon data that is synchronized from Banner/EDW on a daily basis.

Other Distribution Lists

In addition to the three main distribution lists discussed above there are a number of other important lists that serve large segments of the UIS community. The following is a list of other frequently used general distribution lists and the staff members that manage the list:

• UIS Business Managers DL - Annie Macon
• UIS Deans, Directors and Department Heads – Kelly Walraven
• UIS Emeritus Faculty – Monica Kroft
• UIS Faculty (this list may also include emeritus faculty, by request) – Monica Kroft
• UIS Online – Carrie Levin
• UIS Part-Time Faculty – Monica Kroft
• UIS Academic Program Support Staff – Monica Kroft
• UIS Student Organization Advisors DL – Cynthia Thompson
• UIS Student Organizations DL – Cynthia Thompson

Use of these and all other distribution lists must adhere to the UIS Acceptable Use Policy as well as other guidelines set by the list manager.

Campus departments and organizations can request new distribution lists by contacting the ITS Client Services Center (techsupport@uis.edu).

Academic Forum Listserv

An academic forum listserv is available for full-time faculty to engage in faculty-related discussions and conversations.

Data Migration Policy – On University owned computers

In some instances, such as certain virus infections, the only software repair option available for your computer may be to reformat the hard drive. Reformatting the hard drive means completely erasing all files and data on your computer and performing a clean install of the operating system.

In any instance where your computer is going to be reformatted by the ITS Client Services, we will migrate your university-related files and data for you. ITS Client Services will also migrate certain types of personal files (see below). On Windows computers, ITS Client Services will normally migrate the ‘My Documents’ folder and all its subfolders. If you have files stored in other places on your computer you can place those files in a folder on your desktop called “Backup”. (If you are not able to backup your files because your computer won’t start, the Help Desk will seek your guidance in locating your files in other locations).

ITS Client Services is not able to migrate or otherwise back up any currently installed applications or system settings to the reformatted operating system.  ITS Client Services will reinstall all ITS supported software and peripherals.

Files that ITS Client Services will migrate include, but are not limited to:

• documents
• spreadsheets
• databases
• digital camera pictures
• graphic design work
• PDF files
• files directly related to instruction (may include movies, music, etc.)

Plan for Combating the Unauthorized Distribution of Copyrighted Material by Users of UIS Network

The Higher Education Opportunity Act (HEOA) is a reauthorization of the Higher Education Act. It includes provisions that are designed to reduce the illegal uploading and downloading of copyrighted works through peer-to-peer (P2P) file sharing.

UIS takes the following measures to comply with the requirements:

Annual Disclosure

UIS uses a variety of methods to inform the campus community about the copyright infringement laws.

• “Acceptable Use of Information Technology Resources” policy includes statements about copyright laws. The policy is posted in all computer labs and distributed via email to all students and employees annually.
• The “Policy for Acceptable Use of Network Resources for Residential Students” is included in the packet of information residential students receive.
• The U.S. Copyright Office “Summary of Civil and Criminal Penalties for Violation of Federal Copyright Laws” statement is posted on ITS website
• UIS’s plan for complying with the HEOA P2P requirements is included in the Student handbook.
• UIS’s policies and procedures concerning the Digital Millennium Copyright Act are posted on the ITS and the Library websites.

Investigation of copyright violators UIS accepts and responds to Digital Millennium Copyright Act (DMCA) notices. When UIS receives a copyright infringement claim involving music, video, software, or other digital materials, the following steps are taken:

• Check network usage logs and registration information to examine the system alleged to be involved in copyright infringement and identify the person using it. ITS will not disclose the user’s identity.
• Notify the alleged student violator and the Vice Chancellor for the Student Affairs of the infringement claim.
• Should the infringement notice involve an employee of the university, the initial notice will be forwarded to the respective supervisor/chair to be addressed.
• If the user does not dispute the claim, require the user to submit a statement (a) confirming the copyright infringement, (b) acknowledging violation of the Acceptable User Policies, and (c) removing copyrighted materials and promising not to repeat the behavior. Shutdown user’s network port and/or wireless access until the statement is received.
• If the user denies using copyrighted materials, he/she must make a statement denying the copyright infringement. ITS will inform the claimant that the user has denied the claim. Under the DMCA, the claimant may pursue a subpoena to obtain the identity of the system user and may file a lawsuit against the user.
• For repeat student violators, ITS suspends the user’s access to the campus network for five days and informs the Vice Chancellor for the Student Affairs of the action taken.
• In the case of subsequent offenses by the same university employee, a notice will be sent to the supervisor/chair as well as the department head with the option to respond to the infringement within a week before a suspension is placed on their account.
• During the suspension period students still have access to the network using lab and checkout laptops.
• Inform the claimant that the matter has been resolved.

Offering of Legal Alternative

• A current listing of legal alternatives for downloading are posted on the ITS website.

Review the plan annually to determine the effectiveness

• The UIS IT Management Team will periodically review the copyright education efforts at the University. Reviews of these coordinated education efforts will also take place when considerable changes to the law, regulations or other events require.

UIS Security Incident Handling Procedure

• UIS Security Incident Handling Procedure (PDF)

Protecting Personal and Confidential Data at UIS

• Protecting Personal and Confidential Data at UIS (PDF)

University of Illinois Social Security Number Policy

• University of Illinois Social Security Number Policy

Illinois Identity Protection Act (IPA) Awareness

• Illinois Identity Protection Act (IPA) Awareness

Guidelines for Using University Phones

• Guidelines for Using University Phones (PDF)

Summary of Civil and Criminal Penalties for Violation of Federal Copyright Laws

Copyright infringement is the act of exercising, without permission or legal authority, one or more of the exclusive rights granted to the copyright owner under section 106 of the Copyright Act (Title 17 of the United States Code). These rights include the right to reproduce or distribute a copyrighted work. In the file-sharing context, downloading or uploading substantial parts of a copyrighted work without authority constitutes an infringement.

Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or “statutory” damages affixed at not less than $750 and not more than $30,000 per work infringed. For “willful” infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys’ fees. For details, see Title 17, United States Code, Sections 504, 505.

Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense.

For more information, please see the Web site of the U.S. Copyright Office, especially their FAQ’s.

Protection of Electronic Information

Protection of Information in Electronic Media

Information and data maintained in electronic media on University computer systems are protected by the same laws and policies, and are subject to the same limitations, as information and communications in other media. Before storing or sending confidential or personal information, campus users should understand that most materials on University systems are, by definition, public records. As such, they are subject to laws and policies that may compel the University to disclose them. The privacy of materials kept in electronic data storage and electronic mail is neither a right nor is it guaranteed.

Examination of Contents of Electronic Messages and Files

Unless required by law or by authorized administrative approval to do otherwise, campus and unit-level system administrators will not examine the contents of electronic messages and files and will make every reasonable effort to protect them from unauthorized inspection, subject to the following:

• Contents of Email: The contents of electronic messages might be seen by a system administrator in the course of routine maintenance or in order to dispose of undeliverable messages. In addition, electronic mail systems store messages in files (e.g., the file containing a user’s inbound mail.) These files are copied in the course of system backups, and these backup copies may be kept long after original messages were deleted.
• System Files and Logs: In the course of resolving system performance or security problems, system administrators may examine the contents of files that control the flow of tasks through the system or that grant unauthenticated access to other systems. This includes systems logs that document some activities of users.
• File and Directory Names: File names and directory names are treated as public information and are not protected.

Process for Requesting Disclosure of Contents of Messages and Files

• Requesting Disclosure: Requests for disclosure must be made in writing through regular reporting channels, consistent with the guidelines below. Requests for disclosure are made to the campus Chief Information Officer (CIO), who is assigned the responsibility for implementing this policy and ensuring that the scope of the disclosure is limited to a legitimate University purpose. The CIO carries out these responsibilities in consultation with Legal Counsel and other appropriate offices. The CIO may designate an individual to act on his or her behalf in fulfilling these responsibilities. All authorizations by the CIO or designee will include specifications for the form and timing of notification to the person whose information is accessed or disclosed.
• Action While a Request is Pending: While a request consistent with this process is pending or under consideration, the requesting unit executive officer may ask computer system administrators to take reasonable, necessary steps to maintain, store, or otherwise prevent the deletion or modification of the information being sought. This must be done in such a way as to maintain the privacy of said information until the requested disclosure is reviewed. The Office of the CIO may be able to advise units on appropriate procedures.
• Notification of Affected Individual(s): When the CIO or a designated authorized unit administrator provides access to, and disclosure of, email messages and/or file content under provisions of external laws, regulations or applications of this University policy, the requesting administrator will normally notify in advance the individual(s) whose information is to be released, indicating the information to be released and the law, regulation or policy that governs the release. If individuals are not notified in advance, the CIO will be responsible for determining when notification is appropriate and for ensuring that such notification is carried out. Circumstances in which notification may be delayed include, but are not limited to, (1) the presentation by legal bodies of subpoenas or other instruments prohibiting advance notification, (2) situations where the safety of individuals is involved, or (3) investigations or inquiries conducted under published University policies.
• Conditions for Disclosure: In the absence of legally compelled access or disclosure, the CIO is authorized to grant access to a user’s file contents or electronic mail messages, or to give copies of them to any third party within the University only if all the guidelines below are met:
  1. The access or disclosure is requested in writing through regular University reporting channels, including the unit executive officer of the individual whose information is being disclosed and the next administrator in that reporting chain.
  2. The reason for the requested disclosure serves a legitimate University purpose.
  3. The disclosure is not invasive of legitimate privacy interests or unreasonable under the circumstances, e.g., in light of alternative means of acquiring the information or achieving the requester’s purpose.
  4. The nature and scope of the disclosure is submitted in writing to and approved by the CIO. This request is normally submitted by the approving executive officer indicated above.
  5. The affected individuals are notified in a timely manner in writing of any access or disclosure.

Equipment Transfer and Disposal

Disposals

• Disposal of Electronic Equipment (desktops & laptops only) will be handled by UIS Information Technology Services. Individual departments will need to complete an Interdepartmental Transfer in FABweb to transfer the equipment to UIS Information Technology Services, who will then complete data wiping, internal redistribution, and disposal. The new responsible COA and Org are 4-305002. Step-by-step procedures are attached.
• Disposal of non-electronic equipment (anything sent to the UIS surplus building) will be handled by completing a Surplus/Disposal transaction in FABweb. Once the transaction has been completed and approved by the department the request is reviewed by University Property Accounting & Reporting (UPAR) staff. After UPAR staff review the request, an excel spreadsheet approved by UPAR will be sent back to the department representative and the Facilities Scheduling and Services staff. Facilities Scheduling and Services staff will contact the department to arrange for transportation.

Transfers

• Transfers between departments will be handled by completing a transfer request in FABweb. Once both the originating and receiving departments have approved the request in FABweb the property contact of the receiving department will use the “Save to Excel” functionality to create a spreadsheet. To arrange for moving the equipment, attach the spreadsheet to an email and send to Jason Gibson (jgibs4@uis.edu) at Facilities Scheduling and Services. It is your department’s responsibility to forward the excel spreadsheet to Facilities Scheduling and Services. UPAR will not be involved in reviewing or approving these transfers.

NOTE: FABweb transfers are currently coded to require at least one Tagged/Controlled equipment item, but units can use the functionality for all items by first adding a valid PTag and deleting the PTag from the list after all non-tagged equipment is added to the request.

Transfers from Surplus

• Contact Jason Gibson, Facility Scheduling and Services at 206-6379 or jgibs4@uis.edu to inquire about available surplus equipment. Departments will be given a tag number or description of the items. Use the tag number or description to complete an electronic version of the Surplus Equipment Retrieval Form. Send the form as an email attachment to obfsuafrproperty@uillinois.edu. UPAR will forward the approved form back to Jason who will arrange for delivery of the equipment. Once the equipment is delivered to the department the records will be updated in Banner by UPAR.
• If you have questions, please contact Janet Ayers at jayers2@uillinois.edu or 312-996-2858 or Jeff Weaver at jweaver2@uillinois.edu or 217-244-7978.

Workstation Locking

The safety and security of our data is a top priority at UIS. In an effort to better protect your files, ITS implemented a computer security policy that will automatically lock office, classroom, and lab computers after 20 minutes of inactivity. This policy is based on a recommendation from The Office of University Audits.

ITS encourages you to lock your computer anytime you walk away from it, even for just a minute. To do so, press Ctrl+Alt+Del and then choose Lock this computer. Or press the Windows key and ‘L’.

Locking workstations after a period of inactivity is an easy way to help make our data more secure and better protected. Additional information about this policy and applying this practice to Macs is available on the Security Best Practices webpage.