In this article: IS&T has taken official University of Utah policy and condensed it into a synopsis that highlights the areas that most directly apply to CE staff. It is expected that all CE staff will adhere to this policy.

Information Systems & Technology Policy

Department-issued Computer Workstations and Laptops

CECE provides computer workstations and laptops for end users.  In addition to University guidelines, the following apply to this equipment:

1. All computer workstations and laptops must use the standard image and client management software that CE IT services provides.

2. Software installation on computers/laptops must be pre-approved by IS&T.
3. Software and Hardware purchases must be pre-approved by IS&T.
4. Department issued computers are the property of the University of Utah and should be protected and treated as a work resource.  Applying stickers to work resources is not appropriate.
   

Personal Laptops/Devices

Any personal devices approved for departmental use is required to meet University and department IT Resource standards. Users must accept responsibility to ascertain, understand, and comply with the laws, policies, rules, procedures, contracts, and licenses applicable to their particular personal device use.

Remote Access

Employees who access UCL and University systems remotely must adhere to University usage and security policies as if they were accessing the information on-campus.  Additional information can be found at Rule 4-004H: Remote Access. Employees on extended leave will have their system access restricted or frozen until their return. 

Responsible Use

Users must adhere to the Ethical Standards and Codes of Conduct (https://www.hr.utah.edu/ethicalstandards/index.php) established by the University when utilizing University equipment, networks, or systems. Users may not use University resources to conduct personal business, including soliciting business, selling products, etc.  Time spent on non-work related websites/social media should be kept to a minimum and should not disrupt departmental business.  Excessive use of the University’s network bandwidth (such as large file downloads) is not permitted. 

University Accounts

Employees may not share account information, passwords, or any other authentication data, including login information for email, CIS, UBox, or other University accounts. Additional information can be found at Rule 4-004A: Acceptable Use and Rule 4-004D: Access Management.

Guest Accounts

Guest accounts (gNIDs) may be issued for students to use in classes when they don't know their unid and password.  Guest accounts fall under the same guidelines as staff accounts in that one account is to be issued per student and sharing account information is prohibited.  Identity must be logged to the matching guest account and records must be stored for 6 months.  See the KB article: gNID - How to request a temporary guest account.

File Storage/Sharing

Work related files must be stored on UBox https://box.utah.edu/ or other approved department provided storage.  UBox and Department provided storage are approved for Public, Sensitive, and Restricted data types.  All other storage is not approved for anything beyond public information.
Information should not be stored via Dropbox, Google Apps (Google Docs & Drive), Google Apps for Education University of Utah (Google Docs & Drive), Apple iCloud, Microsoft OneDrive, or Adobe Creative Cloud or any other non-approved storage.

Sensitive data

Sensitive data is considered to be any data that is not Public data.  That includes but is not exclusive to the below data types.  Additional information can be found at: Rule 4-004C Data Classification and Encryption Rev. 1

• Personally Identifiable Information (PII)
• Protected Health Information (PHI)
• Payment Card Industry (PCI)
• Financial information
• Donor information
• Intellectual Property
• designated Non-Public Academic Activity Information (DNPAAI)
• Employee information
• Student information
• Current litigation materials
• Contracts
• Physical building and utilities detail documentation

FERPA

The Family Education Rights and Privacy Act of 1074 (FERPA), as amended, is a federal law that sets forth requirements regarding the privacy of student records. FERPA governs the release of records maintained by an educational institution and access to those records. Institutions that receive funds administered by the Federal Office of Education are bound by FERPA requirements and failure to comply may result in the loss of federal funding. All employees of CECE with access to student information must be FERPA Certified. For more information about FERPA, see our policy and information page. 

Social Media

Employees are not allowed to create a social account, group, or page that is representative of the University or University Connected Learning without prior management approval/designation. Employees are not allowed to post on behalf of the University to websites, blogs, social media, etc., without prior management approval/designation.  Any social media postings on personal accounts that could appear to be made on behalf of the University must contain a disclaimer that the opinions are the User’s own and not necessarily those of the University. Additional information can be found at: Policy 4-004: World Wide Web Resources Policy and Rule 4-004A: Acceptable Use.

Third Party Software (not supported by the U)

All third party software, either desktop or web, must be approved by the director of IS&T. Prior to purchasing the right to use the software the vendor must go through a security & accessibility audit.

Systems Supported By the U and/or IS&T

To gain access to any of the systems below, the staff member must be FERPA certified. 

Peoplesoft

Peoplesoft is the University of Utah's student information system. It is currently the official student record for CECE. 

For more information around Peoplesoft class management, please see our Peoplesoft Class Scheduling Policy.

CECE Intranet

CECE Intranet is the legacy system for managing student registration. 

Salesforce

Salesforce is our CRM (Customer Resource Management) tool. Here CECE staff can manage student information from the student who is interested in our programs to those actively working on certificates. For more information around the potential use of Salesforce please see a member of the data team. 

For more information around Salesforce Data Governance please see our Salesforce Data Governance Policy article. 

Astra

Astra is University System used to check availability of classroom space on campus, at the Sandy Site, and in UUCE space. An employee in each vertical will be given access to schedule space in this system. This employee would be responsible for scheduling "one-off" space requests such as orientations, additional class meetings, and/or meetings held outside of conference room space for their vertical.

CLSS

The CLSS System is a University System used to review, submit, maintain the schedule of all classes. Each vertical will be given 1-2 people with access to this system.

Any questions or comments about the policy above should be directed to the director of IS&T.

Tableau

Tableau is a data visualization software that can easily connect to a wide variety of data sources. Tableau allows for rapid insight by transforming data into highly appealing visualizations called dashboards.  More information can be found here: University of Utah Business Intelligence

Canvas 

Canvas is  the university supported LMS (learning management system). This is supported through the campus department TLT. This is the only supported LMS for student information.

Product Owners

For more information about these systems, please slack or email the Product Owner below.