Policy Number: IT-2
Effective Date: July 2002
Revisions: July 2006, June 2002, July 2000, April 1999
Responsible Officer: Chief Information Officer - DUCOM
The Drexel University College of Medicine's Acceptable Use Policy (“AUP”) sets forth the standards by which all students, faculty, staff and authorized guests (hereafter referred to collectively as "User(s)") may use their assigned computer accounts, email services and the shared Drexel University College of Medicine network. The use of the Drexel University College of Medicine (“DUCOM” or the “College”) Network is a revocable privilege. The DUCOM Network is the sole property of DUCOM and shall include, without limitation: all DUCOM network and computing resources including electronic communications systems and equipment, Internet access, searches and communications, hardware, software, databases, or other electronic content, network resources and services.
The DUCOM network is provided to support DUCOM business and its mission of education, clinical care, and research. Any other uses, including uses that jeopardize the integrity of the DUCOM Network, the privacy or safety of other Users, or that are otherwise illegal are prohibited.
By using or accessing the DUCOM Network, Users agree to comply with the AUP and other applicable DUCOM policies which may be implemented from time to time, as well as all Federal, state, local laws and regulations. Using and/or accessing the DUCOM Network without proper authorization is strictly prohibited.
General guidelines for acceptable use of the DUCOM Network are based on the following principles:
- Users are expected to behave responsibly with respect to the DUCOM Network at all times.
- Users are expected to respect the integrity and the security of the DUCOM Network.
- Users are expected to behave in a manner consistent with DUCOM's mission and comply with all applicable laws, regulations, and DUCOM policies.
- Users are expected to be considerate of the needs of other Users by making every reasonable effort not to impede the ability of others to use the DUCOM Network and show restraint in the consumption of shared resources.
- Users are expected to respect the rights and property of others, including privacy, confidentiality and intellectual property.
II. Access Requirements
The following statements govern access to the DUCOM Network:
- All access is denied unless expressly granted. DUCOM's Office of Information Technology (“COM IT”) (“IRT”) generally grants access in the form of computer and network accounts to registered students, faculty, staff, and others as appropriate for such purposes as research, education (including self study), or DUCOM administration. Passwords and/or personal identification numbers protect DUCOM accounts.
- Accounts are assigned to individuals and are not to be shared. Each User is solely responsible for all functions performed from accounts assigned to them. It is a violation of the AUP for any User to allow others (including other Users within the DUCOM Network) to use or have access to their account. It is a violation to use another User's account, with or without that person's permission. Intentionally or negligently revealing one's password is prohibited. It is a violation to attempt to learn the password to another User's account, whether the attempt is successful or not.
- The password used with an account, is the equivalent of an electronic signature. The use of User ID and password authenticates an identity and gives on-line affirmations the force of a legal document.
- Users are responsible for ensuring that they also comply with all IRT , HIPAA, and COM IT policies, including those related to keeping the DUCOM Network secure such as the Security of Information and Networked Systems Plan and the Security of Enterprise Systems Plan, which can be found at:
The following activities are specifically prohibited:
- Users may not attempt to disguise their identity, the identity of their account or the machine that they are using. Users may not attempt to impersonate another person or organization. Users may not appropriate DUCOM's or Drexel University 's name, network names, network number spaces, or DUCOM's or Drexel University logos, trademarks or servicemarks. Users may not use DUCOM's or Drexel University 's assigned Internet number space for their own domain. Users may not remove, cause to remove, or prevent DUCOM's computing equipment from residing within the DrexelMed domain.
- Users may not attempt to intercept, monitor, forge, alter or destroy other Users' communications. Users may not infringe upon the privacy of others' computer or data. Users may not read, copy, change, or delete another User's data or communications without the prior express permission of the owner.
- Users may not engage in actions that disrupt or interfere with the legitimate use by other Users of any computers and/or networks, including the DUCOM Network, that interfere with the supervisory or accounting functions of the systems, or that are likely to have such effects. Such conduct includes, but is not limited to: placing of unlawful information on the system, transmitting data or programs likely to result in the loss of an individual's work or system downtime, sending "chain letters" or "broadcast" messages to lists or individuals, or any other use that causes congestion of any networks or interferes with the work of others, i.e. spam.
- Users may not distribute or send unlawful communications of any kind, including but not limited to threats of violence, obscenity, child pornography and/or harassing communications (as defined by law).
- Users may not attempt to bypass computer or network security mechanisms, including the DUCOM Network. Possession of tools that bypass security or probe security, or of files that may be used as input or output for such tools, shall be considered as the equivalent to such an attempt. The unauthorized scanning of the DUCOM Network is also prohibited.
- Users must obey all established guidelines for any computers or networks used, both inside and outside of DUCOM. For example, individuals using computing resources provided by IRT, COM IT, DUCOM or Drexel University Libraries, individual Colleges, Schools or Departments must adhere to the policies established for use of those resources. Users accessing off-campus computers via external networks must abide by the policies established by the off-campus owners of those computers and networks as well.
- Users may not engage in the unauthorized copying, distributing, altering or translating of copyrighted materials, software, music or other media without the express permissions of the copyright holder. Information on the Digital Millennium Copyright Act can be found at: http://www.copyright.gov/legislation/dmca.pdf and the Copyright Act at: http://www.copyright.gov/title17/
- Users may not use the DUCOM Network for private business, commercial or political activities, fundraising, or advertising on behalf of non-DUCOM organizations, unlawful activities or uses that violate other DUCOM policies. Users may not extend or share the DUCOM Network.
- Users may not violate any laws or ordinances, including, but not limited to, copyright, discrimination, harassment, and/or export controls. DUCOM may contact local or federal law enforcement authorities to investigate any matter at its sole discretion.
- The use of the DUCOM Network is also required to conform to the following DUCOM policies:
- OGC – 5 The Code of Conduct
- HR – 1 Affirmative Action & Equal Opportunity
- HR – 2 Non-Discriminate/Reasonable Accommodation of Individuals with Disabilities
- HR – 3 Harassment Policy
Because the primary use of the DUCOM Network is to further the College's missions, members of the College community should not have an expectation of privacy in their communications. By their nature, electronic communications, especially E-mail connected to the Internet, may not be secure from unauthorized access, viewing or infringement. Although the College employs technologies to secure certain categories of electronic messages, as a rule, confidentiality of E-mail and other electronic documents cannot be assumed. Therefore, by using the DUCOM Network, Users do not have any expectation of privacy and DUCOM reserves the right to monitor and review the use of the DUCOM Network under the following circumstances without the prior notification or consent of the User:
- Routine audits approved in advance by the Chief Compliance Officer for the management of the DUCOM network;
- In order to respond to legal processes, law enforcement and other third party requests as required by law;
- For safety and other emergency purposes;
- Where DUCOM has reason to believe that there is an actual or potential threat to the security or integrity of the DUCOM Network or other misuse of the DUCOM Network;
- Where DUCOM has reason to believe that a User has violated this AUP or engaged in other misconduct or violation of DUCOM policy or during the investigation of such violation or misconduct.
- In all other circumstances in which the Senior Vice President for Health Affairs (upon consultation with the Office of General Counsel) determines that there is a reasonable basis for exercising this right.
DUCOM (under the direction of the Senior Vice President for Health Affairs after consultation with the Office of General Counsel) will generally only exercise the right to monitor under the aforementioned circumstances in order to balance the interests of Users' privacy against DUCOM's reasonable need to supervise, manage and operate its information systems and to protect the interests of individuals and DUCOM. These guidelines supersede any other policies or procedures to the contrary.
Penalties for violating the AUP may include restricted access or loss of access to the DUCOM Network or systems, termination and/or expulsion from DUCOM and in some cases, civil and/or criminal liability.
DUCOM reserves the right to update or revise the AUP or implement additional policies in the future. Users are responsible for staying informed about DUCOM policies regarding the use of computer and network resources and complying with all applicable policies.
Inquiries regarding this policy can be directed to the Human Resources Department.