1) Computing and Telecommunications (hereinafter referred to as C&T) will oversee maintenance and development of the infrastructure.

2) C&T is responsible for insuring that an annual review of the infrastructure is conducted by an independent, non-vendor-related firm.

3) Users must assure that adequate space and security for wiring and communications closets are available within prescribed requirements (see C&T Operational Guidelines, Criteria for Communications Closets, on the C&T Home Page).

4) C&T will assure that wiring is maintained at approved standards throughout the campus in order to provide adequate service to all users. Hence, C&T will enforce strict standards related to the level of wiring and connectivity. There can be no exception to these standards.

5) C&T will assure that demands are met for remote site access to the UT system and Internet service. C&T will fulfill this responsibility by maintaining a service agreement between the University and an appropriate vendor and by assuring that the services are provided in accordance with that agreement.

� Faculty, students and staff are expected to follow security policy. The circumvention of security controls for information resources is a violation of this policy. Assisting anyone or requesting anyone to circumvent security controls also is a violation of this policy.

� All information processing areas used to house information resources supporting mission critical applications must be protected by physical controls. These must be appropriate for the size and complexity of the operations and the sensitivity of the systems operated at those locations. Physical access to these areas shall be restricted to authorized personnel. Authorized visitors are to be supervised and their entry and exit recorded in a log.

� C&T will protect the central computer resource by restricting access to authorized personnel using access locks on machine room doors; daily security audit reporting, monitoring console logs for break-in alarms; restricted access to privileged accounts based on job requirements; and, frequent password changes for privileged accounts.

� End-users housing servers will protect them by using software which provides password and virus protection, limiting physical access to authorized personnel, restricting modem connection, and allowing C&T to test security as necessary.

� Passwords for access to systems will be issued by C&T. These passwords must be changed periodically by the named owner of the account. Passwords should be changed every 90 days on all information resources used for mission critical applications. Each individual should have a unique password - passwords should not be shared.

� Information resources may be used only for University-related purposes. For University employees, information resources may be used only for work-related purposes. The Tennessee Open Records Act requires that certain records be made available for inspection on request; however the process of requesting access to such records is by submitting a request to the Office of General Counsel, 66 North Pauline, Suite 428, Memphis, TN 38163. The Open Records Act does not authorize copying or distribution of records, and it is a violation of this policy to distribute information resources or the output of information resources in any other way.

� Unauthorized use, alteration, destruction, or disclosure of information resources is a violation of University policy and a computer�related crime, punishable under the Tennessee Computer Crimes Act and federal Copyright Act which are summarized in Appendix A. It is safest to assume that activities which are unlawful in terms of printed material, such as alteration of a signature, are likewise unlawful in terms of online material. Faculty, students, and staff are responsible for knowing and adhering to these statutes.

� Internet access to the University network infrastructure will be controlled as appropriate by C&T.

� It is not the practice of the University to monitor the contents of electronic messages. However, all information on University equipment is the property of the University and the information in electronic mail and computer files may be subject to access or disclosure under certain circumstances; e.g., requests filed under the Tennessee Open Records Act, during audits, or for legal purposes.

� Network traffic will be monitored on a routine basis to identify loads to adequately size the network and to identify usage patterns.

� The end-user is responsible for securing microcomputer end-user workstations used in sensitive or critical tasks with adequate controls to provide continued confidentiality, integrity, and availability of data stored on the system. Adequate controls are defined as using password protection software and virus protection software as listed in C&T Operational Guidelines, Software Standardization, on the C&T Home Page. Also, it is the responsibility of the end user to backup the system as described in C&T Operational Guidelines, Backup Procedures, on the C&T Home Page. The security controls over the backup resources must be as stringent as the protection of the primary resources.

� Computer software purchased using any University funds is University property and users of this software should protect it as such in accordance with University Fiscal Policy Section 135, Part 01, Copyright Compliance and License Agreements. University software should not be distributed, sold, taken home for personal use, or copied unless allowed by the software license agreement.

1) All units should consult with C&T to develop an information technology strategy to best meet the needs of their respective units.

2) Approval by C&T is required on all external agreements such as grants, contracts, collaborations or corporate alliances which require or include information technology that interfaces with or utilizes any facet of the UT Memphis Network and Computing Facilities. C&T should be contacted for consultation prior to negotiations for such agreements.

Hardware is defined as the physical aspect of computers, telecommunications, and other information technology. Hardware includes not only the computer monitor and processing unit but also the cables, connectors, power supply units, and peripheral devices such as the keyboard, mouse, audio speakers, and printers.

The UT Memphis campus embraces the Intel computing environment as the desktop workstation hardware of choice. For the period of time during which existing Macintosh hardware is utilized, C&T will continue to support the Macintosh hardware; however, new purchases will be Intel hardware. C&T has planned a migration by department to the Intel platform. This migration is scheduled to be completed by December 2001.

Standard Hardware. It is imperative that hardware be verifiably reliable and efficient and of good quality, therefore, computer hardware should be selected from the standard information technology hardware which is listed on the Computer Acquisition Page (see C&T Home Page). It is understood that the standard technology is not always the least expensive. Purchases of standard hardware are covered under the UT Knoxville contract and therefore the bidding process is not required, shipping and handling charges are eliminated, and a three-year maintenance is mandatory with all purchases. Standard hardware is purchased by submitting a Purchasing Requisition to the Purchasing Office.

Due to the fact that non-standard hardware may be incompatible with the network or may have other quality issues, requests for acquisition of hardware not included on the Computer Acquisition Page is discouraged and requires approval of C&T. [Editorial Note: The Computer Acquisition Page is being revised to remove Apple]

Servers. In order to be connected to the UT Memphis Network, servers must be registered with and meet security requirements of C&T. A Server Registration Form is available from the C&T Home Page. C&T will have administrator access to all servers connected to the UT Memphis Network and will audit these servers for security purposes. If security audit by C&T reveals security problems, the server will be disconnected from the network. Servers must be protected by passwords and be physically housed so that only authorized personnel have access to them.

Modems. Due to the significant risk posed to campus network security, modems must not be connected to the UT Memphis Network without approval from C&T. C&T will review each specific request and make security recommendations based on the individual case.

While the value of equipment such as computer hardware is easily appreciated, the larger investment in less tangible information assets such as software, data and automated processes is critical to the overall success of computing on campus. Computer software is defined as a set of computer programs, procedures, and associated documentation concerned with the operation of a computer, computer system, or computer network.

Electronic Mail. Electronic mail is intended to be a convenient way for the faculty, staff, and students to communicate with one another as well as colleagues at other locations. In order for campus communications to flow smoothly, all users of electronic mail must have University electronic mail accounts. Electronic mail accounts are available from C&T by request to the Help Desk. Electronic mail is considered a University-wide service and is therefore supported by state funding.

Internet Access. With departmental approval, software providing access to the World Wide Web (Internet) can be obtained from the C&T. The Internet is to be used for University-related or for University-approved purposes only; use for for-profit activities or use for private or personal business is in violation of the University’s Work Rules (see Personnel Policy 580) and can result in disciplinary action.

Standard Software. A listing of standard software for administrative and general use is available on the C&T Home Page (see C&T Operational Guidelines, Software Standardization). C&T supports this standard software and works with General Stores to stock the software at an economical price to the University. Requests for acquisition of software for administrative and general use not included in the listing requires approval of C&T. Software that is not a University standard will not be supported by C&T.

Application Software. C&T will assist areas in analyzing systems to determine whether commercial software packages will sufficiently meet computing application needs and should be purchased, or if systems should be developed in house. Existing commercial software is available to meet most needs and this software will be explored before in-house development is considered.

Development Priorities. C&T is committed to developing state–of–the–art systems. C&T maintains an application development and technology support staff for the purpose of developing and supporting computing applications and resources on campus. Application requests are prioritized by Deans and Vice Chancellors within their area of responsibility. The Planning Committee is responsible for addressing the priorities campus wide and for allocation of funding and computing resources in response to needs of the campus.

Web Page Development/Ownership.

C&T maintains the UT Memphis World Wide Web Server to aid the instructional, research, and administrative activities of the campus, and to provide access to global electronic resources. The organization of this server is designed to:

Access To Publishing

C&T will maintain a UT Memphis home page that provides official general information concerning the institution, its organization and its policies and that provides pointers to home pages of UT Memphis units. Any officially recognized UT office, unit, project, program, area, or student organization, as well as any individual faculty, student, or staff member, may publish via the UT Memphis Network in accordance with University policies, procedures and guidelines.

UT Memphis recognizes the value and potential of personal publishing on the Internet and so allows students to produce personal Web pages. Faculty and staff personal pages are permitted when created by the individual in his/her capacity as a University employee to promote his/her role with the University and its programs. Personal pages published via the UT Memphis Network cannot be used for personal gain. The University accepts no responsibility for the contents of these pages and will not undertake to edit or preapprove these pages; but, does reserve the right to monitor such pages when published through the University servers and to remove any materials that may be disruptive, offensive to others, harmful to morale, or otherwise in violation of University policies and procedures. University Fiscal Policy Section 175, Part 01 states, "UT cannot protect users from the presence of material they may find offensive. However, such presence must not be represented nor construed as an endorsement or approval by UT."

All units or individuals desiring to publish must register their intent with C&T and be in compliance with the UT Network Publishing Guidelines available on the C&T Home Page (see C&T Operational Guidelines, UT Network Publishing Guidelines).