• Search
• Home  |  SDSURF Directory

• Find Funding

  • Communications
  • FIPS
  • Focus on Funding
  • Proposal Submission
  • Related Links
  • SMARTS
  • SPIN
  • Sponsored Research Development
  • Workshops

• Manage Funds

  • Forms
  • PaymentNET
  • PCard Program
  • P I Profile
  • Project Administration Guide
  • Sponsored Research Administration

• Departments

  • Accounts Payable
  • Communications
  • Computing Services
  • Facilities Planning & Management
  • Finance & Accounting
  • Human Resources
  • Payroll
  • Purchasing
  • Risk Management
  • Sponsored Research Administration
  • Sponsored Research Contracting and Compliance
  • Sponsored Research Development
  • Technology Transfer Office
  • SDSURF Directory

• E-Systems

  • Email - Web Access
  • Employee Gateway
  • FileX
  • FIPS
  • InfoEd
  • My Service Desk
  • Online Recruitment System (ORS)
  • PaymentNET
  • P I Profile
  • SMARTS
  • SPIN

• About Us

  • About Us
  • Board of Directors
  • Electronic News & Notices
  • Graphic Identity System
  • Organization Charts
  • Property Locations
  • Requests for Information
  • SDSURF Directory

SDSURF › Human Resources › Annual Policy Notification Summary › Voice–mail, E–mail and Computer Access Policy

Voice–mail, E–mail and Computer Access Policy

Purpose

This policy sets forth guidelines for voice–mail, e–mail and computer systems usage, and serves as an advisory concerning SDSU Research Foundation's (SDSURF), access to and disclosure of messages and information stored on these systems. The purpose of this policy is to preserve the public image of SDSURF, and to ensure proper usage of its systems under its auspices. This policy applies to all SDSURF central, agency and project staff employees.

Scope

This policy applies to all voice–mail, e–mail, and computer services provided by SDSURF or the University to SDSURF employees, and to all users and uses of such services. It applies to all SDSURF records in the form of e–mail or computer information in the possession of SDSURF employees or other users of computer services provided by SDSURF. This policy also includes the appropriate use and guidelines for voice–mail, e–mail and computer systems.

Appropriate Use of Voice–mail, E–mail and Computer Systems

Voice–mail, e–mail and computer systems used by SDSURF employees are provided solely to further SDSURF's business operations. These systems and the information stored therein belong to SDSURF. SDSURF maintains the right to monitor, review, or access and retrieve all information and other data, including personal messages, stored on SDSURF's voice–mail, e–mail and computer systems, at any time, by authorized SDSURF personnel. Consequently, SDSURF's voice–mail, e–mail and computer systems, including the Internet, should be used primarily for business purposes.

Incidental and occasional personal use of these systems is permitted, however personal messages and data are not to be considered confidential or private. Although employee passwords may be used for SDSURF or project–oriented security reasons, the use of such passwords is not intended to assure employees that any messages or other communications generated by or stored on these systems will be kept confidential. Employees are therefore asked to exercise good judgment in using these systems. Do not share passwords with anyone, unless otherwise directed to do so by SDSURF management or by our IT department.

Guidelines for Use

This section sets forth guidelines concerning the appropriate use of SDSURF's voice–mail, e–mail and computer systems.

• Accounts created for an individual are for the use of that individual only. Computer accounts, passwords, and other types of authorization are assigned to individual users and must not be shared with others. Users are responsible for any use of their assigned account(s).
• Since voice–mail and e–mail messages, as well as other computer–stored data, are considered business records and can be subpoenaed (and electronically retrieved, even after you delete them), nothing should be included in a voice–mail or e–mail message that you would not consider putting in a memo.
• Employees should delete unwanted electronic files, voice–mail and e–mail messages as soon as practical and in accordance with current record retention policies.
• Observe all applicable policies of all internal and external computers or networks when using such resources.
• Employees should log off when not using the computer system.
• Employees should exercise good judgment in the use of e–mail distribution lists. These lists are intended for business purposes only.
• Employees should avoid opening email and attachments from unknown users and to browse only “work” related websites to help avoid malware infections.
• Protect passwords so that others cannot gain access to your account(s).
• Report unauthorized use of computing resources or observed gaps in system or network security to your project director, supervisor or system administrator, or other appropriate authority immediately upon discovery.

Voice–Mail, E–Mail and Computer Systems Prohibited Use

SDSU Research Foundation's voice–mail, e–mail and computer systems should not be used for the following purposes:

• The creation or distribution of any illegal, disruptive, discriminatory, threatening, harassing, abusive, or offensive messages, including offensive comments about ancestry, race, color, creed, sex, gender, physical or mental disabilities, age, sexual orientation, medical condition, marital status, religious beliefs and practices, political beliefs, or national origin. Sending chain letters or joke e–mails from an SDSURF e–mail account is also prohibited. Other misuse includes, but is not limited to, off color jokes or anything that may be construed as harassment or showing disrespect for others.
• Unauthorized disclosure of sensitive or confidential information.
• Anything in conjunction with an employee's outside business endeavors or sales of any product or outside service (home products, cosmetics, etc.).
• Messages related to political issues (i.e., encouraging or advocating a certain position, bill, etc.) unless there is a legitimate reason directly related to SDSURF’s business. Prior approval for such messages and their planned distribution list must be obtained from the office of SDSURF's Executive Director.
• Messages or other communications violating SDSURF policy or contrary to supervisory instructions.
• To access a file, use a password, or retrieve or download any stored communication without express authorization.
• Sending e–mail or other communications that either mask identity or indicate that someone else sent them.
• Accessing another employee's voice–mail, e–mail or computer systems without express authorization.
• Do not attempt to obtain system privileges to which authorization has not been granted or give unauthorized access to others.
• To copy or distribute copyrighted material unless you have confirmation from an appropriate source that SDSURF has the right to copy or distribute the material.
• Install any software on SDSURF's computer systems without the prior authorization of the appropriate SDSURF IT manager.
• For illegal duplication of software and its related documentation, employees also may not use any software on local area networks or on multiple machines that is not in accordance with the software license agreement.
• Personal announcements (items for sale, requests for roommates, etc.).
• Do not violate the security policies of SDSU, SDSU Research Foundation or any other computer network facility, interfere with the authorized computer use of others, or interfere with the normal running of services on any computer system or network. This includes unauthorized modifications to software or hardware of any computer or network, propagating viruses, or excessive network traffic that interferes with the use of others.
• Non–SDSU, Non–SDSU Research Foundation (personal) information (both electronic and non–electronic), such as personal credit reports, personal bank statements, or event contract information from a synchronized cell phone should not be stored on any SDSURF systems, as SDSURF does not assume responsibility for securing this information and many systems may not be secured for this information by default. Personal information does not just pertain to first party personal information (yours), but also to any third party personal information (someone else’s).
• Do not store or process protected level 1 or 2 data on any personal devices (laptops, computers, pda’s, mobile phones, portable media, etc.).

Employees should notify their supervisor or any member of management upon learning of a violation of this policy. Any violations of these “Guidelines for Use” or other provisions of this policy may result in disciplinary action, including possible termination.

Both California law and SDSURF policy prohibit, in general, the theft or other abuse of information technology facilities or resources. Such prohibitions apply to e–mail and voice–mail services, and include (but are not limited to): unauthorized entry, use, transfer, and tampering with the accounts and files of others; interference with the work of others and with other information technology resources or services.

Privacy and Disclosure

As previously noted, SDSURF's voice–mail, e–mail and computer systems are provided to facilitate the conduct of its business. All messages and other communications generated through and/or stored on these systems are considered business records. Employees who use the voice–mail, e–mail and/or computer systems, including using SDSURF's system from their home should understand that information stored on these systems cannot be considered confidential or private. Indeed, SDSURF reserves the right to access any voice–mail, e–mail or other computer–stored information at any time in the service of its legitimate business interests.

Employees should understand that the "delete" function of SDSURF's voice–mail, e–mail and computer systems does not necessarily purge these messages/information from all systems. While deletions may occur at the user level, copies may remain on one of the system's many back–up files.

Personal Use

Incidental and occasional use of SDSURF resources for personal e–mail is acceptable, but non–work related e–mail shall be saved in a separate folder from work–related e–mail. Virus or other malware warnings and mass mailings from SDSURF shall be approved by SDSURF before sending. These restrictions also apply to the forwarding of e–mail received by an SDSURF employee.

External Access

Under certain conditions, employees will need to communicate with external users via voice–mail, e–mail and/or on the Internet. Employees are cautioned to exercise an additional level of discretion and sound judgment when communicating with third parties via these systems.

For example, all employees should safeguard SDSU Research Foundation’s confidential information, as well as that of guests and others, from disclosure. Messages containing confidential information should not be left visible while you are away from your work area.

Also, you should be aware that Internet sites maintain logs of visits from users. These logs identify the company and the individual who accessed the Internet website. If your work requires a high level of security, please ask your supervisor or an appropriate manager for guidance on securely exchanging e–mail or gathering information from Internet sources.

Restrictions and Prohibitions

In addition to the restrictions and prohibitions outlined in this or in other SDSURF policies, employees must safeguard their log–in id and password from disclosure to any person and should not:

• Utilize unsecured communication or transmission methods to deliver protected level 1 or level 2 data (as defined in section 3.0 of the San Diego State University Information Security Plan), including but not limited to E–Mail, Voice–mail and fax transmissions;
• Circumvent data security schemes, identify or exploit security vulnerabilities or decrypt secure data;
• Monitor, read, copy, change, delete or tamper with any other employee's electronic communications, files or software;
• Knowingly or recklessly run or install a program, such as a worm or virus, that is intended to damage or place an excessive load on computer system or networks;
• Knowingly or recklessly interfere with the normal operations of computers, peripherals or networks;
• Connect unauthorized equipment to the network or load unauthorized software on individual computers or the system;
• Deliberately waste computer resources, including bandwidth, disk space, and printer paper or running or installing games or other unauthorized software on SDSURF computers;
• Use SDSURF's systems or networks to gain unauthorized access to any computer system;
• Post or communicate any on–line statements or comments about SDSURF that have not received prior authorization from SDSURF senior management.

Any employee found to have violated these guidelines or other provisions of this policy may be subject to disciplinary action, up to and including termination of employment. Any employee with questions regarding any of the above is encouraged to ask his or her manager, supervisor or the Human Resources & Risk Management office for clarification.

Separation from SDSU Research Foundation

When an individual's affiliation with SDSURF is terminated, their SDSURF hosted e–mail will be deactivated.

Updated 4/2010

SDSU Research Foundation
5250 Campanile Drive
San Diego, California 92182

©2007