Photo 51 Rosalind Franklin's logo

 

 
 
Web Site Search
 
Information Technology Services

NEED HELP? Contact the Helpdesk at 847-578-8800 or
helpdesk@rosalindfranklin.edu
Office Hours: Monday—Friday, 8:30 a.m.—4:30 p.m.
Room L. 181

IT Home
About IT Services
FAQs
Technology Purchases

HelixNet
Forms
Wireless
Technology Policies

 

 

Information Technology Services

NEED HELP? Contact the Helpdesk at 847-578-8800 or
helpdesk@rosalindfranklin.edu
Office Hours: Monday—Friday, 8:30 a.m.—4:30 p.m.
Room L. 181

IT Home
About IT Services
FAQs
Technology Purchases

HelixNet
Forms
Wireless
Technology Policies

 

 
 
Technology Policies
  • User Access Policy - This policy describes the level of access that an individual has to computing resources on the campus. In general, it is good practice to limit an individual’s access to the lowest level possible that still allows productive work. If you believe you qualify for an exception to this policy, please visit our forms page and complete the Non-Standard User Account Request Form.
  • Wireless Networking Policy - Recent excitement about wireless technologies have inspired many people to attempt to create their own wireless environment. This policy sets some guidelines related to the implementation of wireless throughout the campus. Wireless areas will be allowed in just about any area of the university, but the implementation and ongoing support must be managed by the IT Department.
  • Information Technology Security Policy - This is an umbrella policy that most other policies are a critical component of. In this general policy, we simply define our desire to have a safe and compliant technology environment. Furthermore, we discuss how everyone needs to play a part in maintaining this environment.
  • Acceptable Encryption Policy - Members of the RFUMS community have an obligation to protect the confidentiality, integrity, and availability of information stored, transmitted, or processed by the university. When there is a need to move sensitive information to its intended destination in a manner that has potential to expose it to an unauthorized recipient, we need to encrypt the data so that it will not be legible to the unauthorized recipient. This primarily impacts faculty and staff who need to transmit data to off-campus locations, or carry portable devices for work-at-home or collaborative research purposes. However, there may be students who are employed by the university or hold student governance positions that may be exposed to sensitive information in the course of their duties. For more information on the types of data that need special attention, please see the Information Sensitivity Policy.
  • Portable Device Policy - In the past few years, technology advances have allowed very small devices to carry very large amounts of data. This policy discusses the caution that must be used when utilizing these portable devices to carry “protected” data off the university campus.
  • End User Account Policy - This policy describes who is entitled to use university technology resources and the conditions of this use. Special attention is focused on the areas of account terminations (when an individual leaves the university), and abuse of privileges (theft, vandalism, harassment, etc.).
  • Technology Project Review Policy - This policy establishes the rules and processes through which new technology may be introduced to the campus. It is not acceptable to purchase or utilize unapproved software, hardware, or services at the university without following the review and approval processes. If you would like to request new technology for utilization at the university, please visit our forms page and complete the Technology Project Initiation Request Form.
  • Network Password Policy - This policy describes rules for the creation and frequency of changing passwords. It also contains a list of best practices for keeping your password secure.
  • IT Technology Standards Policy - Although this is often an unpopular topic, there are clear operational benefits to the university in standardizing the computer products that it purchases. This standardization policy document describes the purpose, scope, and procedures related to implementing standardized technology on the campus. If you believe you qualify for an exception to this policy, please visit our forms page and complete the Technology Standards Exception Request Form. Click the following links for additional information pertaining to Standard Computing Equipment and Software and Supported Computing Software.
  • IT Change Control Policy - A significant concern of any auditor is the manner in which changes to a system are managed. This policy covers the requirements needed to document, communicate, and control changes to all network based university applications, systems, and devices. This policy will help ensure changes occur securely, reliably, and with proper authorization and notification.
  • Information Sensitivity Policy - The Information Sensitivity Policy is intended to improve the ability of the university community to properly manage access to university information in compliance with Federal and State laws and regulations, and other university policy requirements. It supports and promotes greater understanding of and appropriate use of information, and heightened awareness of the sensitive nature of information based on various risk factors. Students are usually not exposed to sensitive information and will generally only need to be concerned about information sensitivity when they have an employment or student governance relationship with the university.
  • Information Security Review - Because we are entrusted with a significant amount of sensitive data at the university, we have a great responsibility to guarantee the security and integrity of this information. There are a wide variety of concerns that may put our data at risk when implementing new technology on the campus. This policy requires that all new technology is reviewed for security risks, and that all identified risks are properly mitigated or accepted by university administration.
  • Information Security Incident Response Policy - This policy describes the procedure necessary to report information technology security incidents that may occur at the university. This will most often involve a faculty or staff member noticing a situation such as a loss of sensitive information, evidence of unauthorized access to a computer or data, physical destruction of computing resources, or evidence of corruption of data. While students are less likely to be exposed to knowledge of such incidents, they are still encouraged to report any situation related to the security of the university’s technology infrastructure. Examples may include: a recent theft of their identity, viewing of personal or grade information on an unsecured web site, or finding discussion board postings (or other D2L activity) attributed to their user ID when they did not make the postings.
  • DMCA Enforcement Policy - The Digital Millennium Copyright Act (DMCA) is an extension of US copyright laws specific to the unique nature of protecting copyright in an electronic environment. For our institution, the act will most often apply (copyright will most often be violated) through the use of peer-to-peer networking software such as Napster, Limewire, or BitTorrent. These applications not only allow you to illegally download content, but they then share the content with others on your network which is a far more severe violation of copyright law. There are also many other ways to violate copyright in the electronic world such as posting protected material on a public web site or circumventing anti-piracy measures to make illegal copies of material. The DMCA makes it very clear that the university is a “service provider” because we give our students, faculty, and staff access to the public Internet. This service provider status obligates us to perform certain activities that are defined in the policy. Basically, these activities are related to educating the community on copyright law, tracking repeat offenders, and having a remediation plan in place for repeat offenders. Note that an individual will always be responsible for their copyright violation activities regardless of the policies and procedures that the university has in place. This is clearly noted in the policy. As an example, a recent judgment against a Boston University graduate student required a payment of $675,000 (or $22,500 per song) for downloading and sharing 30 songs on his computer. In July, a Minneapolis resident was ordered to pay $1.92 million for sharing 24 songs.

 
Technology Policies
  • User Access Policy - This policy describes the level of access that an individual has to computing resources on the campus. In general, it is good practice to limit an individual’s access to the lowest level possible that still allows productive work. If you believe you qualify for an exception to this policy, please visit our forms page and complete the Non-Standard User Account Request Form.
  • Wireless Networking Policy - Recent excitement about wireless technologies have inspired many people to attempt to create their own wireless environment. This policy sets some guidelines related to the implementation of wireless throughout the campus. Wireless areas will be allowed in just about any area of the university, but the implementation and ongoing support must be managed by the IT Department.
  • Information Technology Security Policy - This is an umbrella policy that most other policies are a critical component of. In this general policy, we simply define our desire to have a safe and compliant technology environment. Furthermore, we discuss how everyone needs to play a part in maintaining this environment.
  • Acceptable Encryption Policy - Members of the RFUMS community have an obligation to protect the confidentiality, integrity, and availability of information stored, transmitted, or processed by the university. When there is a need to move sensitive information to its intended destination in a manner that has potential to expose it to an unauthorized recipient, we need to encrypt the data so that it will not be legible to the unauthorized recipient. This primarily impacts faculty and staff who need to transmit data to off-campus locations, or carry portable devices for work-at-home or collaborative research purposes. However, there may be students who are employed by the university or hold student governance positions that may be exposed to sensitive information in the course of their duties. For more information on the types of data that need special attention, please see the Information Sensitivity Policy.
  • Portable Device Policy - In the past few years, technology advances have allowed very small devices to carry very large amounts of data. This policy discusses the caution that must be used when utilizing these portable devices to carry “protected” data off the university campus.
  • End User Account Policy - This policy describes who is entitled to use university technology resources and the conditions of this use. Special attention is focused on the areas of account terminations (when an individual leaves the university), and abuse of privileges (theft, vandalism, harassment, etc.).
  • Technology Project Review Policy - This policy establishes the rules and processes through which new technology may be introduced to the campus. It is not acceptable to purchase or utilize unapproved software, hardware, or services at the university without following the review and approval processes. If you would like to request new technology for utilization at the university, please visit our forms page and complete the Technology Project Initiation Request Form.
  • Network Password Policy - This policy describes rules for the creation and frequency of changing passwords. It also contains a list of best practices for keeping your password secure.
  • IT Technology Standards Policy - Although this is often an unpopular topic, there are clear operational benefits to the university in standardizing the computer products that it purchases. This standardization policy document describes the purpose, scope, and procedures related to implementing standardized technology on the campus. If you believe you qualify for an exception to this policy, please visit our forms page and complete the Technology Standards Exception Request Form. Click the following links for additional information pertaining to Standard Computing Equipment and Software and Supported Computing Software.
  • IT Change Control Policy - A significant concern of any auditor is the manner in which changes to a system are managed. This policy covers the requirements needed to document, communicate, and control changes to all network based university applications, systems, and devices. This policy will help ensure changes occur securely, reliably, and with proper authorization and notification.
  • Information Sensitivity Policy - The Information Sensitivity Policy is intended to improve the ability of the university community to properly manage access to university information in compliance with Federal and State laws and regulations, and other university policy requirements. It supports and promotes greater understanding of and appropriate use of information, and heightened awareness of the sensitive nature of information based on various risk factors. Students are usually not exposed to sensitive information and will generally only need to be concerned about information sensitivity when they have an employment or student governance relationship with the university.
  • Information Security Review - Because we are entrusted with a significant amount of sensitive data at the university, we have a great responsibility to guarantee the security and integrity of this information. There are a wide variety of concerns that may put our data at risk when implementing new technology on the campus. This policy requires that all new technology is reviewed for security risks, and that all identified risks are properly mitigated or accepted by university administration.
  • Information Security Incident Response Policy - This policy describes the procedure necessary to report information technology security incidents that may occur at the university. This will most often involve a faculty or staff member noticing a situation such as a loss of sensitive information, evidence of unauthorized access to a computer or data, physical destruction of computing resources, or evidence of corruption of data. While students are less likely to be exposed to knowledge of such incidents, they are still encouraged to report any situation related to the security of the university’s technology infrastructure. Examples may include: a recent theft of their identity, viewing of personal or grade information on an unsecured web site, or finding discussion board postings (or other D2L activity) attributed to their user ID when they did not make the postings.
  • DMCA Enforcement Policy - The Digital Millennium Copyright Act (DMCA) is an extension of US copyright laws specific to the unique nature of protecting copyright in an electronic environment. For our institution, the act will most often apply (copyright will most often be violated) through the use of peer-to-peer networking software such as Napster, Limewire, or BitTorrent. These applications not only allow you to illegally download content, but they then share the content with others on your network which is a far more severe violation of copyright law. There are also many other ways to violate copyright in the electronic world such as posting protected material on a public web site or circumventing anti-piracy measures to make illegal copies of material. The DMCA makes it very clear that the university is a “service provider” because we give our students, faculty, and staff access to the public Internet. This service provider status obligates us to perform certain activities that are defined in the policy. Basically, these activities are related to educating the community on copyright law, tracking repeat offenders, and having a remediation plan in place for repeat offenders. Note that an individual will always be responsible for their copyright violation activities regardless of the policies and procedures that the university has in place. This is clearly noted in the policy. As an example, a recent judgment against a Boston University graduate student required a payment of $675,000 (or $22,500 per song) for downloading and sharing 30 songs on his computer. In July, a Minneapolis resident was ordered to pay $1.92 million for sharing 24 songs.

 
 
   Site Login   Email   D2L   Site index   Events Calendar   Media/Press   Map & Directions   Directory   inSite   Phone Directory
                        Rosalind Franklin University of Medicine and Science - 3333 Green Bay Rd, North Chicago, IL 60064    (847) 578-3000