This policy applies to the purchase of all computer related hardware, software, or services that are to accessed on a university owned device that may or may not connect with Rockhurst University’s computer network. 

 

I. Purpose 

 

The purpose of a user network account policy is to establish guidelines and rules for managing user accounts on a computer network. The policy outlines the responsibilities and expectations of network users in order to maintain the security and integrity of the network.

 

II. Policy 

 

  • Passwords: Users should be required to create strong passwords that include a mix of upper and lower case letters, numbers, and symbols. Passwords should be changed regularly and should not be shared with others.

 

  • Access control: Users should be granted access only to the resources and systems that are required for their job or academic role. Access should be granted based on the principle of least privilege, meaning that users should only have the minimum level of access necessary to perform their duties.

 

  • Data protection: Users should be required to protect sensitive data by encrypting it when transmitting or storing it, and by not sharing it with unauthorized individuals or third-party services.

 

  • Authentication: All user accounts should be authenticated using secure methods such as multi-factor authentication (MFA) or biometrics. This helps to prevent unauthorized access to university systems and data.

 

  • Monitoring and reporting: The university should monitor user accounts for suspicious activity, and users should be required to report any suspected security breaches. This helps to identify security threats and prevent further damage.

 

  • Training and awareness: The university should provide training and awareness programs to help users understand their responsibilities for maintaining the security of their accounts. This includes guidelines for safe browsing, avoiding phishing scams, and protecting sensitive data.

 

  • Incident response: The university should have an incident response plan in place to quickly respond to security incidents and minimize the impact of any security breaches.

 

  • Regular security reviews: The university should conduct regular security reviews to identify vulnerabilities and ensure that security controls are effective.

 

 

III. Exclusions 

 

There are no exclusions. The CIO has the sole authority to make exceptions, in writing, to this policy.  

 

IV. Procedures 

 

  1. Standard Approved Software, Hardware and Services

 

  1. The CIO will establish and maintain a website of computer technology acceptable standards, models and vendors. The website will contain appropriate instructions, forms and information for the purposes of acquiring technology resources.

 

  1. When technology is approved as a campus standard, it is pre-approved for procurement without additional consideration by Information Technology or Physical Plant Purchasing.

 

  1. Non-Standard Software, Hardware and Services

 

  1. If a package is not listed as a current standard, it is non-standard. Requests for non-standard software must be made using the Help Desk ticketing process and must be approved by the Dean or department head before coming to Information Technology for final approval.

 

  1. Non-standard software may not be supported by Information Technology. Before purchasing non-standard software, the purchaser must identify the source of support for the software being purchased.

 

Purchase of non-standard technology components is allowed. However, such purchases should be minimized as much as reasonably possible. The purchase of non-standard technology components must be justified by the existence of special circumstances that require it. Also, the purchaser of a non-standard technology component must document the source of support for the component before purchase will be approved.

 

  1. Workstation and Laptop Replacement Guidelines

 

  1. Refer to Rockhurst’s Faculty and Staff Technology Equipment Policy

 

  1. Information Systems Software

 

  1. Information Systems software is software that fulfills a specific business purpose, depends on integration with other sources of information, and is typically used by more than one person.

 

  1. All Information Systems must be evaluated and approved by the CIO before purchase.

 

Examples of Information Systems are: student information systems (Banner), Customer Resource Management (Slate), and learning management systems (Canvas). When an application software package is considered for purchase, it must be evaluated in terms of its fit with the campus environment (operating hardware requirements, database management system, operating system requirements, Web environment requirements), Legal/FERPA considerations, and the support requirements associated with the package.