17.1 Policy

This policy is in place to ensure that OIST Information Technology Resources (IT resources) [link: 17.8.1] are provisioned and used in an effective, efficient, prudent and responsible manner [link: 21.3.2], in line with the missions of the University and in compliance with relevant legal and contractual obligations. All users are expected to be familiar with these policies, rules and procedures and consequences of violation.
All University information is deemed to comprise University information assets [link: 17.8.2]. The University owns and controls its information assets. Appropriate handling of information assets is vital to the protection of OIST and its community, all users are responsible in this regard.
Though the University takes reasonable security measures to protect the security of its IT resources, the University does not guarantee absolute security nor privacy. The University has the right to monitor any and all IT Resources and their usage, including e-mail, without limitation. The University is responsible for taking any measures necessary to ensure the security and integrity of its IT Resources. When it becomes aware of violations of policy or law, either through routine system administration activities or via incident notification, it is the responsibility of the University to investigate as needed or directed, and take action to protect its resources and/or to provide information relevant to an investigation.
OIST has an obligation to preserve Information Assets for archival and reporting purposes. Additionally, upon direction from the President or General Counsel and upon consent of Chief Information Officer (CIO) [link:, 17.4.5] and Chief Information Security Manager (CISM) [link: 17.4.6], Information Assets may sometimes be preserved for prescribed periods of time for litigation or other legal purposes.

IT Resources are not to be used for personal or private purposes unrelated to the mission of the University. However, incidental personal use is permitted so long as such use does not interfere or conflict with the employee’s work responsibilities or other obligations to the University, and does not generate additional direct cost to the University. Users are responsible for the content of their personal communications. The University accepts no responsibility or liability for unauthorized use of its IT resources in a manner which does not comply with policy or law.

Table of Contents