Back to Policy
OIS: FAQs: Policy: Summary of Responsibilities of All Users of University Info Resources
All users of University information resources must use those information resources in a responsible manner. Below is a summary of the various responsibilities defined by state and federal law, and the policies of the A&M System and the University. These responsibilities are the baseline responsibilities of all users. A user may have additional responsibilities if they are the Owner or Custodian of an information resource.
- Keep personal use of University information resources (e.g., your University desktop workstation) to a minimum. (A&M System Policy 33.04, University Procedure 29.01.03.C2.02 - Acceptable Use)
- Protect your privacy. Anything you store on a University information resource (e.g., your files and emails) and anything you send or receive via the University network can be examined by authorized University personnel. (A&M System Policy 29.01, University Procedure 29.01.03.C2.09 - Information Resource Privacy)
- Protect your University passwords. (University Procedure 29.01.03.C2.15 - Passwords)
A. Do not disclose your University passwords to anyone else for any reason.
B. Do not fall prey to "phish" emails that ask you to disclose your username and password.
C. Log in to the University network with only your password. Do not log in to the network with anyone else's password.
D. If anyone else discloses their network password to you, or you learn that someone else has disclosed their password to others, it is your duty to notify the Office of Information Security.
E. If you believe that your password has been compromised (i.e., someone else now knows it), you must 1) change the password immediately and 2) notify the Office of Information Security
- Protect the University's confidential/sensitive information. (University Procedure 29.01.03.C2.28 - Classification and Protection of Data; Encryption, TAC 202.75(4))
- Confidential information includes student grade information, health care information, social security numbers, and credit card/bank account numbers.
- Sensitive information includes University operational documents, personnel records, research data, and internal communications.
- These are just examples - contact firstname.lastname@example.org if you are in doubt.
- Only the Owner of the confidential/sensitive information may determine who can access that information and how it can be shared or otherwise used. Make sure you know the Owner's rules regarding the handling of the Owner's confidential/sensitive information. Users must not use such data for personal purposes without the express prior approval of the Owner.
- Confidential/sensitive information should not be stored on a portable device unless absolutely necessary, and should be deleted from that device as soon as possible.
- Per Texas state law, confidential/sensitive information in your possession must be encrypted if it is:
- Stored on any portable device (e.g., USB stick, smartphone, laptop), OR
- Stored on any non-University computer (e.g., your home computer), OR
- Sent via email.
- Protect your workstation: log off, shut down, or lock the desktop when you walk away from your workstation. (University Procedure 29.01.03.C2.28 - Password)
- Receive the mandatory information security training. (A&M System Regulation 33.05.02 and University Procedure 29.01.03.C2.19 - Security Training)
- Upon first receiving their network username and password, and every two years thereafter, each user must take and pass the Information Security training course on TrainTraq.