UITS Rules of Conduct with Respect to Confidential Information
January 30, 2006
  1. UITS employees are expected to read and understand Information Technology (IT) policies, standards, guidelines and recommendations as listed on the University ITS (hereinafter "UITS") policy web page (itpolicy.uconn.edu). Upon notification by UITS management of additional IT policies or a change to current IT policies, the employee is responsible for becoming familiar with the new or changed policy. An employee is expected to meet with his/her manager or director if s/he requires clarification on any IT policy, standard, guideline or recommendation.
  2. UITS employees are expected to read and understand the Introduction to Information Security Awareness available from the UITS policy web page (itpolicy.uconn.edu). Upon notification by UITS management of a change to the Introduction to Information Security Awareness, the employee is responsible for becoming familiar with the revised document. An employee is expected to meet with his/her manager or director if s/he requires clarification concerning the Introduction to Information Security Awareness document.
  3. UITS employees will be advised of the specific Confidential Information to which s/he has been granted access. A UITS employee is expected to access that Confidential Information solely in order to perform his/her specified duties.
  4. UITS employees are expected to protect all Confidential Information to which s/he has been granted access, regardless of the form of that Confidential Information. It is expected that a UITS employee will not exhibit, reveal, release or distribute to or discuss with anyone that Confidential Information, except as required within the scope of his/her job responsibilities and/or as directed by a member of the UITS executive team (VPET).
  5. It is expected that a UITS employee will not seek personal benefit or permit others to benefit personally from any Confidential Information, as defined above, that has come to him/her through his/her work assignments.
  6. It is expected that a UITS employee will not make or permit unauthorized use of any Confidential Information.
  7. It is expected that a UITS employee will not attempt to access, alter, change, modify, add, or delete from any record, report or information system including audit trails and logs, a true and correct entry, outside of the scope of his/her job responsibilities.
  8. It is expected that a UITS employee will not intentionally include or cause to be included in any record, report or information system, a false, inaccurate or misleading entry.
  9. UITS employees are responsible for any access by the employee to Confidential Information made using their ID. It is expected that a UITS employee will not share his/her ID and/or PIN number with any other individuals except as directed by a member of the UITS executive team (VPET).
  10. The UITS employee acknowledges that s/he will report activities by any individual or entity that s/he has knowledge and evidence of that may compromise the proprietary nature and/or confidentiality of Confidential Information to the UITS Help Center.

Policies and Other Documents Directly Related to the UITS Rules of Conduct with Respect to Confidential Information and the UITS Confidential Information Policies/Procedures Employee Acknowledgement Form (NOTE: All policies and other documents listed are available from the UITS Policy Page (itpolicy.uconn.edu).

POLICIES:
Access Control for Computing Resources and Equipment
Contingency Planning
Data Security Training
Device and Media Control
Electronic Data Integrity
Electronic Data Security Management
Electronic Privacy and Disclaimer Notice
Electronic Workstation Use and Security
Individual Responsibility with Respect to Appropriate Use of IT Resources
Responsibility for Maintaining Currency of Legal Obligations with Respect to University Data
Roles and Responsibilities with Respect to University Data
Security Incident Response
Security Policy
Social Security Number Use at UCONN
Systems of Record
Third Party Access to Information Technology Resources
Workforce Security – Access to Data

OTHER DOCUMENTS:
Individual Workstation Security Guidelines
LAN Security Guidelines
Laptop/Portable Computer Security Guidelines
Outlook eMail Security Guidelines
Password Guidelines
Security Standards
Procedures for Removing (Wiping) Data from a Computer Prior to Re-Deployment, Surplus or Disposal