POL 08.00.01 – Use of IT Resources Policy
Authority: Board of Trustees
History: First Issued: April 17, 1998. Last Revised: April 26, 2024.
Related Policies:
REG 08.00.02 – Use of IT Resources Regulation
REG 04.25.05 – Information and Communication Technology Accessibility
REG 08.00.03 – Data Management Regulation
REG 08.00.10 – Anti-Virus Software Requirements
REG 08.00.11 – Online Course Material Host Requirements
RUL 08.00.13 – Network Printer Security Standard
RUL 08.00.14 – System and Software Security Patching Standard
RUL 08.00.15 – Third-Level URL Naming Standard
RUL 08.00.16 – NC State University Security Standards for Sensitive Data and Systems
RUL 08.00.17 – Cybersecurity Incident Response Procedure
RUL 08.00.18 – Endpoint Protection Standard
REG 11.00.01 – Family Educational Rights and Privacy (FERPA)
Contact Info:Chief Information Security Officer, Office of Information Technology (919-515-2794)
1. PURPOSE
This policy establishes the Chancellor’s (or Chancellor’s designees’) authority to develop and enforce regulations and rules governing the use of IT Resources
2. SCOPE
This policy governs the use of all IT Resources at North Carolina State University (hereinafter referred to as “university” or “NC State”), and applies to all faculty, staff, students, and any individual who has access to IT Resources. For the purposes of clarity, this Policy also applies to personally owned devices to the extent they are included in the definition of IT Resources herein.
3. POLICY
All IT Resources shall be used in compliance with all applicable statutes, rules and regulations, university obligations, and all university Policies, Regulations, and Rules (PRRs). The Chancellor or Chancellor’s designees shall develop and enforce supporting Regulations and Rules as needed to implement this policy.
4. NON-COMPLIANCE AND VIOLATIONS
4.1. Non-compliance and violations will be addressed as follows:
4.1.1. Students or employees who violate these policies will be subject to sanctions by the university in accordance with the applicable student or employee disciplinary procedures.
4.1.2. For all others, violations will result in appropriate action depending on their affiliation with the university and the degree of impact on the university.
4.1.3. Violations of law may also be referred for criminal prosecution.
4.1.4. The Chief Information Security Officer (CISO) — or the CISO’s designees — may suspend a user’s access to university-owned IT Resources for as long as necessary to protect the IT Resources, to prevent an ongoing threat of harm to persons or property, or to prevent a threat to university operations, services or activities.
4.1.5. The CISO or designees may isolate an IT Resource for as long as necessary to protect other IT Resources; prevent an ongoing threat of harm to persons or property; or prevent a threat to university operations, services or activities.
5. gLOSSARY
5.1 Acronyms
Acronym | Definition |
CISO | Chief Information Security Officer |
IT | Information Technology |
OIT | Office of Information Technology |
PRR | Policies, Regulations and Rules |
5.2 Term Definitions
IT Resources. For the purposes of this policy, “IT Resources” means any information technology resources (hardware, software and content including but not limited to electronic networks, systems, computers, devices, telephones, applications, data, and files residing in any of these) that are used for university purposes, regardless of whether owned by the university, a third party or personally owned.
Policies, Regulations, and Rules (PRRs). See NC State University PRR definitions.