Faculty

Security Awareness Training Policy, Information Technology

Title: Security Awareness Training Policy, Information Technology
Policy Owner: Information Technology Services / Chief Information Security Officer 
Applies to: All faculty, staff, student employees, and volunteers   
Campus Applicability: All campuses except UConn Health 
Effective Date: August 30, 2021
For More Information, Contact UConn Information Security Office 
Contact Information: techsupport@uconn.edu or security@uconn.edu 
Official Website: https://security.uconn.edu/

PURPOSE 

The Information Security Office (ISO) maintains an active Security Awareness Training program available to all faculty, staff, and student employees. This policy establishes the authority of the ISO to mandate Security Awareness training as needed and outlines the expectations for individuals and departments in assisting with ensuring the confidentiality, integrity, and availability of university systems, services, and data. 

APPLIES TO 

This policy applies to all University faculty, staff, student employees, and volunteers who regularly interact with or have access to confidential or protected information within the university. 

POLICY STATEMENT  

While the Information Security Office maintains an active information security program, faculty and staff members’ knowledge of the threats and risks to the University’s systems and data is a critical component in helping to defend the University from attack.  

The ISO maintains an Information Security Awareness program that supports University employees’ and students’ needs for regular training. Training on important information security topics is available or communicated in multiple ways including: 

  • Online training systems with a variety of topics relevant to Information Security (available at https://security.uconn.edu/training) 
  • Communications to targeted groups by email of ongoing or imminent threats 
  • Postings on various web-based systems across the university (security.uconn.edu or techsupport.uconn.edu) 
  • Availability of ISO staff for in-person discussions on information security 

As part of their ongoing operations and employee development, all academic and administrative departments should identify opportunities to engage faculty, staff, and student employees in Security Awareness training annually. These opportunities may include those offerings from the ISO or a tailored program for specific threats against departments or systems, which may also be included in procedural manuals or scheduled as group training opportunities. 

The ISO is authorized to mandate Security Awareness training. In some areas, Security Awareness training may be mandatory based on federal or industry regulations. Training for these programs must be coordinated with the ISO to ensure regulatory requirements are met.  

ENFORCEMENT  

Failure to comply with mandatory Security Awareness training, or to coordinate training with the ISO, may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code. 

Questions about this policy or suspected violations may be reported to any of the following: 

Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

Information Security Office – https://security.uconn.edu 

REFERENCES 

Compliance Training Policy 

POLICY HISTORY 

Policy created:  May 16, 2012 

Revisions:  August 30, 2021 [Approved by President’s Senior Team]

Risk Management, Information Technology

Title: Risk Management, Information Technology
Policy Owner: Information Technology Services / Chief Information Security Officer 
Applies to: All department and school/college system owners and IT professionals   
Campus Applicability: All campuses except UConn Health 
Effective Date: August 30, 2021
For More Information, Contact UConn Information Security Office 
Contact Information: techsupport@uconn.edu or security@uconn.edu 
Official Website: https://security.uconn.edu/

PURPOSE 

As technology and capabilities change our University environment, threats against these technologies also evolve. To provide the highest level of protection for the University, department and system owners are responsible for regular assessments of risks to their technology platforms. The Information Security Office is responsible for overseeing the evaluation of IT risk across the organization. 

APPLIES TO 

This policy applies to all University department and school/college system owners and IT professionals.  

DEFINITIONS  

Confidential Data: Confidential data is institutional information protected by law, government regulations, statutes, industry regulations, contractual obligations, or specific university policies. Examples of confidential data may include Personally Identifiable Information (PII), Protected Health Information (PHI), Educational Records (FERPA), Credit Card Information (PCI-DSS). An extended list of Confidential Data can be found in Appendix A of the Data Classification Policy. 

Protected Data: Protected data is institutional information that must be guarded due to proprietary, ethical, privacy, or business process considerations. By default, most administrative data will fall into this classification or if data is not confidential or public, it will fall into the protected data category. 

Risk Assessment: Part of the ongoing risk management process that assigns relative priorities for mitigation plans and implementation.  

Risk Assessment Tool: Risk assessment tools are available to department and school/college system owners and IT professionals to collect information about systems, services, and data that will inform efforts to continuously strengthen UConn’s information security.  

POLICY STATEMENT  

The Information Security Office (ISO) is authorized to administer the University’s risk management process, which includes the delegation of responsibility for ensuring that information systems are assessed for risk. 

Due to the size and complexity of the UConn environment, each department and system owner is responsible for conducting a regular and ongoing risk assessment of the Information Technologies they are responsible for overseeing. 

In conducting a risk assessment, departments/individuals should evaluate risks to Information Technology based on a People, Process, Technology (PPT) methodology. Using this methodology and leveraging ISO policies, including the Acceptable Use Policy, Confidential Data Policy, Data Roles and Responsibilities Policy, Security Awareness Training Policy and System and Application Security Policy (available at https://security.uconn.edu), departments must evaluate opportunities to reduce risk to the confidentiality, integrity, and availability of information technology assets. 

Some University organizations will be required to do regular risk assessments as a regulatory or industry requirement. Organizations typically focusing on Personal Health Information or Credit Card Processing will have more formal risk assessments conducted by their leadership and review by Information Security Office on an annual basis.   

ENFORCEMENT 

Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code. 

Questions about this policy or suspected violations may be reported to any of the following: 

Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

Information Security Office – https://security.uconn.edu 

 

POLICY HISTORY 

Policy created:  May 16, 2012 

Revisions: August 30, 2021 [Approved by the President’s Senior Team]

 

Data Classification Policy

Title: Data Classification Policy
Policy Owner: Information Technology Services / Chief Information Security Officer 
Applies to: All students, faculty, staff, volunteers, and contractors  
Campus Applicability:  All Campuses except UConn Health
Effective Date: August 30, 2021
For More Information, Contact UConn Information Security Office 
Contact Information: techsupport@uconn.edu or security@uconn.edu 
Official Website: https://security.uconn.edu/

PURPOSE 

This policy defines the classifications of institutional data (i.e., the categories of data that the University is responsible for safeguarding) and the associated measures that are necessary to safeguard each classification. Institutional data commonly exists in many forms, including electronic, magnetic, optical, and traditional paper documents. Common types of electronic data include email messages, spreadsheets, word processing documents, PDF reports, and university managed databases and file storage systems. 

APPLIES TO 

This policy applies to all University faculty, staff, students, student employees, volunteers, and contractors who have access to protected or confidential information. This policy covers data that is stored, accessed, or transmitted in all formats, including electronic, magnetic, optical, paper, or other non-digital formats. 

DEFINITIONS  

Cloud: Any environment not operated by UConn. This includes cloud-based services that provide basic infrastructure including operating system and storage or services that provide a full software stack for an intended purpose or platform offering multiple services. 

Confidential Data: Institutional information protected by law, government regulations, statutes, industry regulations, contractual obligations, or specific university policies. Examples of confidential data may include Personally Identifiable Information (PII), Protected Health Information (PHI), Educational Records (FERPA), Credit Card Information (PCI-DSS). An extended list of Confidential Data can be found in Appendix A of this policy. 

Protected Data: Institutional information that must be guarded due to proprietary, ethical, privacy, or business process considerations. By default, most administrative data will fall into this classification or if data is not confidential or public. 

Public Data: Institutional information that may or must be freely available to the general public. Such information has no local, national, international, or contractual restrictions on access or usage. 

POLICY STATEMENT  

Through the normal course of business, many individuals at the University of Connecticut collect, maintain, transmit, and/or have access to personal information, financial data, and other information which is protected or confidential in nature. The protection of some types of data is governed by industry or governmental regulations. While other types of information may not be covered by specific legal requirements, it is in the University of Connecticut’s best interest to take steps to safeguard all university information reasonably and responsibly. 

Except for those classes of data expressly protected by statute, contract, or industry regulation, the data classification examples presented in this policy are guidelines. Ultimate responsibility for the classification in the university environment is determined by the Data Steward, as defined in the University’s Data Roles and Responsibilities Policy, and the Office of General Counsel for any given set of data. 

Data Protection 

The University of Connecticut has established the following requirements and guidelines in order to protect each classification of data. 

Public Data 

While there are few restrictions on public data, such data should be properly secured to prevent unauthorized modification, unintended use, or inadvertent/improper distribution. It should be understood that any information that is widely disseminated within the university community is potentially available to the public at large. 

The following guidelines are for information systems that are used to store and share the University’s public data. 

  • When practical, public data should only be shared via systems over which the University maintains full administrative control, which includes the ability to remove or modify the data in question. 
  • Information systems, such as web servers or cloud services that are used to share public data, must be properly secured to prevent the unauthorized modification of published public data. 
  • Interactive access to databases containing public data, such as online directories or library catalogs, should be properly secured using query rate limiting, CAPTCHA’s or similar technology to impede bulk downloads of entire collections. 

    Protected Data 

    Protected data requires additional levels of protection because its unauthorized disclosure, alteration, or destruction could cause damage to the University or its constituents.  

    In addition to the requirements outlined for public data, protected data must also meet these requirements: 

    • If stored in the cloud, stored only on cloud-based information systems managed or contracted by the University. 
    • Protected through the use of authenticated access in order to prevent loss, theft, or unauthorized access, disclosure or modification. 
    • Printed sensitive data including reports must be stored in a secure manner (file cabinet, closed office, or department where electronic/physical access control systems are in place) when not in use. 

    Confidential Data 

    Confidential data (see Appendix A) requires the highest level of protection due to the risk and magnitude of loss or harm that could result from disclosure, alteration, or destruction of the data. Certain types of information, such as health information, may have additional requirements for protection. Wherever possible, confidential information should remain in source systems and not propagated through saved files, spreadsheets, or other file formats. Whenever storage of confidential data is required outside the source system, it should be limited to the minimum amount, and for the minimum time, required to perform the business function, or as required by law and/or State of Connecticut Data Retention requirements. 

    In addition to the requirements for protected data, confidential data must be: 

    • Protected with strong passwords and should leverage Multi-Factor Authentication whenever such capabilities exist.  
    • Stored on devices that have appropriate protection, monitoring and encryption measures in order to protect against theft, unauthorized access and unauthorized disclosure. 
    • Transmitted using approved encryption methods. 
    • Accessed via approved remote access services such as VPN when accessed remotely.  
    • Stored on university-owned devices. Confidential data is not permitted to be stored on any personally owned devices including mobile phones, laptops, or home computers. 
    • Stored, if printed material, only in a locked drawer; a locked room; an area where access is controlled by a guard, cipher lock, and/or card reader; or an area that has sufficient physical access control measures to afford adequate protection and prevent unauthorized access by members of the public, visitors, or other individuals not on a need-to-know basis. 

      The University’s Confidential Data may not be accessed, transmitted, or stored using public computers or via email. 

      Encryption 

      To maintain its confidentiality, all data shall be encrypted while in transit across communication networks or when stored. Stored data may only be encrypted using current encryption methodologies. To ensure that data is available when needed, each department or user of encrypted University data will ensure that encryption keys are adequately protected and that procedures are in place to allow data to be recovered by another authorized University employee. In employing encryption as a privacy tool, users must be aware of, and are expected to comply with, Federal Export Control Regulations. 

      Service Providers  

      Departments shall take steps to ensure that third-party service providers understand the University’s Data Classification Policy and protection of the University’s Data. No user may give a third-party access to the University’s Protected or Confidential Data or to systems that store or process Protected or Confidential Data without permission from the Data Steward and a standard Confidentiality Agreement from University Procurement in place.  

      Disposal 

      Systems administrators will ensure that all data stored on electronic media is properly destroyed or wiped to current Department of Defense Data Wipe standards prior to the disposal or transfer of the equipment.  

      Confidential Data maintained in hard copy form will be properly disposed of when no longer required for business or legal purposes. 

      ENFORCEMENT 

      Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code.  

      Questions about this policy or suspected violations may be reported to any of the following: 

      Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

      Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

      Information Security Office – https://security.uconn.edu 

      REFERENCES 

      Data Roles and Responsibilities, Policy On 

      POLICY HISTORY 

      Policy created:  May 16, 2012 

      Revisions: August 30, 2021

       

      Data Roles and Responsibilities Policy

      Title: Data Roles and Responsibilities Policy, Information Technology
      Policy Owner: Information Technology Services / Chief Information Security Officer 
      Applies to:  All students, faculty, and staff  
      Campus Applicability:  All campuses except UConn Health 
      Effective Date: August 30, 2021
      For More Information, Contact UConn Information Security Office 
      Contact Information: techsupport@uconn.edu or security@uconn.edu 
      Official Website: https://security.uconn.edu/

      PURPOSE 

      To define the responsibilities of individuals within the organization in protecting the University of Connecticut’s data assets. 

      APPLIES TO 

      This policy applies to all University faculty, staff, students, student employees, volunteers, and contractors who have access to or have been assigned one of the roles defined in this policy. 

      POLICY STATEMENT  

      Through the normal course of operations of the University, ever increasing amounts of data are created, processed, modified, and eventually disposed of as part of daily activities. To ensure the proper management of the various data sets, the University has defined the following roles and responsibilities to ensure data is properly protected, used, and managed throughout its lifecycle. 

      Data Stewards are employees of the university responsible for the overall use and proper handling of administrative, academic, public engagement, or research data. Data Stewards must classify data according to the University’s Data Classification Policy. Data Stewards ensure that appropriate steps are taken to protect data and implement policies and agreements that define appropriate use of data.  

      The Data Steward or their designated representatives are responsible for: 

      • Ensuring the information they are responsible for is accurate 
      • Authorizing the specific use of information across the organization 
      • Working with other Data Stewards to resolve conflicting data issues 
      • Specify appropriate controls, based on data classification, to protect the data from unauthorized modification, deletion, or disclosure 
      • Ensuring access rights are evaluated on a regular basis 

        Data Administrators are usually system administrators who are responsible for applying appropriate controls to data based on its classification level and required protection level. Data Administrators are also responsible for securely processing, storing, and recovering data. The Data Administrator is accountable for: 

        • Implementing the appropriate controls specified by the Data Stewards 
        • Removing access rights to specific data resources due to a job change or separation from the University 
        • Implementing the appropriate monitoring techniques and procedures for detecting, reporting, and investigating incidents 
        • Assisting Data Stewards in evaluating the overall effectiveness of controls and monitoring  

        Data Users are individuals who receive authorization from the Data Steward/Administrator to access, enter, or update information. Data Users  must use the resource only for the purpose specified by the Data Steward, complying with controls established by the Steward, and preventing disclosure or confidential or protected information. 

        ENFORCEMENT 

        Failure to properly fulfill the roles and responsibilities articulated in this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code. 

        Questions about this policy or suspected violations may be reported to any of the following: 

        Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

        Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

        Information Security Office – https://security.uconn.edu 

         

        POLICY HISTORY 

        Policy created:  May 16, 2012 

        Revisions: August 30, 2021 [Approved by President’s Senior Team]

        Acceptable Use, Information Technology

        Title: Acceptable Use, Information Technology
        Policy Owner: Information Technology Services/Chief Information Security Officer
        Applies to: All University Information Technology Users
        Campus Applicability: All campuses except UConn Health
        Effective Date: August 30, 2021
        For More Information, Contact UConn Information Security Office
        Contact Information: techsupport@uconn.edu or security@uconn.edu
        Official Website: https://security.uconn.edu/

        BACKGROUND 

        The University’s IT resources support many systems to fulfill the academic, research and administrative needs of the University’s constituents, including students, faculty, staff, and guests. These resources must be used in a responsible manner consistent with Federal and State laws and University policies. 

        PURPOSE 

        To define expectations of appropriate use and inform all users of information technology (IT) resources at UConn of their obligation to comply with all existing laws and institutional policies in their use of IT resources. 

        APPLIES TO 

        This policy applies to all constituents (students, faculty, staff, affiliates and guests) who use UConn’s information technology resources, including but not limited to wired and wireless networks, computer-based systems and services, printers/copiers, and cloud-based services. 

        DEFINITIONS  

        Access Point (AP): A networking hardware device that allows other Wireless (Wi-Fi) devices to connect to the University network. 

        Information Technology (IT) Resources: Include but are not limited to: 

        • Systems and equipment such as computers, hard drives, printers, scanners, video and audio recorders, cameras, photocopiers and other related devices.  
        • Software such as computer software, including open-source and purchased software, and all cloud-based software including infrastructure-based cloud computing and software as a service.  
        • Networks such as all voice, video, and data systems, including both wired and wireless network access across the institution. 

          IoT: Internet of Things are devices that communicate across a network without direct human interaction. These include but are not limited to smart assistants, lightbulbs, appliances, and televisions. 

          POLICY STATEMENT  

          The appropriate use of UConn IT Resources focuses on three primary areas including: (1) the fair and equitable use of limited resources by all constituents; (2) individual responsibilities in the use of UConn IT resources; and (3) the appropriate use of IT resources in compliance with all applicable federal and state laws, university rules, regulations and policies. 

          All activities involving the use of UConn IT resources are not personal or private; therefore, users should have no expectation of privacy in the use of these resources.  Information stored, created, sent or received via UConn systems, including cloud-based systems, may be accessible when required by law, including requests made under the Freedom of Information Act (FOIA), the Family Educational Rights and Privacy Act (FERPA), subpoena, or other legal process, statute, or regulation. 

          ACCEPTABLE USE 

          • UConn provides IT resources to enable faculty, students, and staff to accomplish their university-related work and support the University’s mission. University equipment is to be used primarily in support of the University’s mission and may not be used to conduct commercial activities or any activity prohibited by state and federal law or University policy.  
          • UConn IT Resources may not be used for the illegal download, copying, or distribution of copyright materials without the copyright owner’s permission or where not permitted by fair use standards under the TEACH Act. 
          • Actions that negatively impact the ability of the University to operate or cause undue stress on IT resources are prohibited. These actions include but are not limited to interfering with the legitimate use of IT resources by others, introducing additional software or devices to any IT resource without appropriate authorization, or the mass mailing of unapproved email or other electronic communication. 
          • Do not intentionally seek or provide information or access to IT resources to which one is not authorized, nor assist others in doing so. Do not attempt to subvert or circumvent University systems’ security measures nor use University IT resources to subvert or circumvent other systems’ security measures for any purpose. 
          • Do not publish, post, transmit or otherwise make available content that is in violation of law or policy. The University cannot protect individuals against the existence or receipt of material that may be offensive to them. As such, those who make use of electronic communications are warned they may come across or be recipients of material they find offensive or objectionable. 
          • Do not violate the privacy of other individuals. This includes viewing, monitoring, copying, altering, or destroying any file, data, transmission or communication unless you have been given explicit permission by the owner. 
          • Do not forge, maliciously disguise or misrepresent your personal identity. This policy does not prohibit users from engaging in anonymous communications, providing that such communications do not otherwise violate the Acceptable Use Policy. University technology resources may not be used by employees of the University for partisan political purposes or presenting the impression the University has a particular political position except for those individuals authorized by the University as part of their formal responsibilities. 

            INDIVIDIUAL RESPONSIBILITIES 

            • Protect your data and the institution’s data 
            • Do not share your password with ANYONE or allow anyone else to use your account(s).  
            • Do not use anyone else’s account. 
            • Be vigilant in identifying and reporting various types of phishing attacks to gain access to your information. Store confidential and/or sensitive data on appropriate University approved services only. 
            • While UConn owned computers often are maintained by ITS and other University IT organizations, any personally owned devices connecting to the University network (including tablets, cell phones and IoT devices) are expected to be kept up to date with current operating system and software patches, as well as employing appropriate security measures which are automatically updated. 
            • Do not utilize UConn computing resources, including personally owned computers connected to UConn’s network for non-University related commercial activity.  
            • Users who connect personally owned computers to UConn’s network that are used as servers, or who permit others to use their computers, whether directly or through user accounts, have the additional responsibility to respond to any use of their server that is in violation of the Acceptable Use Policy. IT Resource administrators and those who permit the use of the computers by others are responsible for the security and actions of others on their systems. 

                  ENFORCEMENT 

                  Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code.  

                  Individual or system access may be revoked at any time based on the decision of the Chief Information Security Officer or the Chief Information Officer to protect the confidentiality, integrity, and/or availability of UConn IT Resources.  

                  PROCEDURES/FORMS 

                  Questions about this policy or suspected violations may be reported to any of the following: 

                  Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

                  Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

                  Information Security Office – https://security.uconn.edu 

                  POLICY HISTORY 

                  Policy created:  05/16/2012 

                  Revisions: 08/24/2015; 08/30/2021 [Approved by President’s Senior Team]  

                   

                  Accounts Payable Policies and Procedures Manual

                  Title: Accounts Payable Policies and Procedures Manual
                  Policy Owner: Accounts Payable
                  Applies to: Faculty, Staff, Students
                  Campus Applicability: All University departments at all campuses except UConn Health
                  Effective Date: March 28, 2012
                  For More Information, Contact Accounts Payable
                  Contact Information: (860) 486-4137
                  Official Website:  https://accountspayable.uconn.edu/

                  PURPOSE

                  The following Policies and Procedures ensure that the University pays claims in a timely and accurate manner, while safeguarding the University by adhering to Federal and State regulations. Moreover, these Policies and Procedures provide efficient, effective and professional service to our students, faculty, staff, and vendors.

                  APPLIES TO

                  These policies and procedures apply to faculty, staff, and students on all University of Connecticut campuses.

                  POLICIES AND PROCEDURES

                  • Payment of Personal Services

                  For services costing less than $2,500, please visit: http://accountspayable.uconn.edu/payment-for-personal-services/ .

                  • Payment of Meals

                  For meal expenses incurred while attending meetings held in connection with University Business, please visit: https://policy.uconn.edu/2011/05/24/payment-of-meals-policy/ (for Travel meal expense policies, please visit: https://policy.uconn.edu/2020/04/29/travel-and-entertainment-policies-and-procedures)

                    • Out of Pocket Purchases

                    University employees may make small out-of-pocket purchases of emergency allowable goods and services for official University use. Please visit: http://accountspayable.uconn.edu/out-of-pocket-purchases/

                      • Accreditation Expenses

                      Payment of the services of a team or an individual for the purpose of gaining or maintaining accreditation requires a Personal Services Agreement when the cost is $2,000 or more.

                      Please visit: http://accountspayable.uconn.edu/accreditatation-expenses/

                      • Memberships

                      Professional organization memberships may be processed through HuskyBuy or the departmental purchasing card. Please visit: http://accountspayable.uconn.edu/membership-in-professional-organizations/

                      • Recruitment Expenses

                      Please visit: https://policy.uconn.edu/2011/05/31/reimbursement-of-recruitment-and-moving-expenses/

                      • Subscriptions

                      Subscriptions to magazines, newspapers or periodicals may be processed through HuskyBuy or the departmental purchasing card. Please visit: http://accountspayable.uconn.edu/subscriptions-to-magazines-newspapers-or-periodicals/

                      ENFORCEMENT 

                      Violations of this policy or associated procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, and applicable collective bargaining agreements.

                          POLICY HISTORY

                          Policy Created Effective: March 28, 2012
                          Revised: May 1, 2020; editorial revisions January 24, 2022

                          Capital Improvement Plan (CIP) Policy

                          Title: Capital Improvement Plan (CIP) Policy
                          Policy Owner: Office of the Executive Vice President for Administration & Chief Financial Officer
                          Applies to: Faculty, Staff
                          Campus Applicability: Storrs, Regionals, and School of Law
                          Effective Date: May 11, 2012
                          For More Information, Contact Finance/Planning
                          Contact Information: (860) 486-2434
                          Official Website: http://finance.uconn.edu/

                          Capital Improvement Plan (CIP) Policy

                          REASON FOR POLICY

                          The University of Connecticut By-Laws indicate that the Executive Vice President for Administration and Chief Financial Officer (EVP Admin &CFO) is responsible for overseeing long-range financial planning and management of the operating and capital budgets for all units of the University.  Working closely with the Provost and the other Vice Presidents, the EVP Admin & CFO oversees capital and operating budget development, monitoring and reporting; and coordinates operating and capital budgets in conformity with policies set forth by the Board of Trustees.  The CIP policy ensures that these responsibilities may be accomplished.

                          APPLIES TO

                          The CIP policy applies to all faculty and staff at the Storrs, Law School and Regional Campuses.

                          POLICY STATEMENT

                          The CIP and budget for the Storrs, Law School and Regional Campuses must be developed annually.  It will identify the physical improvements necessary to maintain and upgrade the campuses, prioritize these investments, and provide a timeline for implementation.  The CIP will be managed jointly by the Executive Vice President for Administration and Chief Financial Officer and the Executive Vice President and Provost.

                          PROCEDURES/FORMS

                          Procedures and forms may be found at: http://finance.uconn.edu/wp-content/uploads/sites/1118/2015/08/CIP.pdf

                           

                          Use Of Space Heaters in University Buildings

                          Title: Use Of Space Heaters in University Buildings
                          Policy Owner: Environmental Health & Safety/UConn Fire Department
                          Applies to: Faculty, Staff, Students, Others
                          Campus Applicability: Storrs and Regional Campuses, and the Law School
                          Effective Date: February 6, 2012
                          For More Information, Contact Division of Environmental Health and Safety
                          Contact Information: (860) 486-3613
                          Official Website: http://www.ehs.uconn.edu/

                          PURPOSE

                          As stated in the University’s Health and Safety Policy, the University of Connecticut is committed to providing a healthful and safe environment for all activities under its jurisdiction. In keeping with this commitment, the University has developed this policy to protect the University community and its visitors from the significant fire and workplace safety risks posed by the use of space heaters.  This policy is in keeping with the requirements of the Connecticut Life Safety and Building codes and ConnOSHA and CT Department of Public Health regulations.

                          SCOPE

                          This policy applies to the use of space heaters by faculty, staff, students, and others in University-owned buildings at the Storrs and regional campuses and at the Law School.

                          POLICY STATEMENT

                          Space heaters pose serious fire and electrical hazards, and are not efficient from an energy use standpoint; therefore, the use of space heaters at the University is strongly discouraged. Their use should be reserved for times of heating system failures rather than as a means for supplementing an existing heating system.

                          University building occupants should first contact Facilities Operations Work Order Control (6-3113) to request assistance in adjusting the temperature of an area.  If Facilities Operations personnel determine that the work area cannot be heated to the satisfaction of the occupant(s), the temporary use of space heaters will be allowed with the following exceptions:
                          Space heaters are not permitted in residential occupancies unless issued by permit through the UConn Fire Department in emergencies.  Space heaters are not permitted, under any circumstances, in laboratories, inpatient units, storage areas, or areas not actively occupied by people.  However, space heaters will be permitted in laboratory office spaces.

                          ENFORCEMENT

                          The University Fire Department and the Department of Environmental Health and Safety reserve the right to inspect and declare “unapproved” any space heater that creates a safety hazard or is inappropriate to a particular location, based on specific circumstances or legal requirements.  If warranted, space heaters may be removed from service and taken to a designated storage area for later collection by its owner and subsequent removal from the University.

                          Violations of this policy may result in appropriate disciplinary measures in accordance with University Laws and By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Conduct Code.

                          PROCEDURES

                          Approved Heaters

                          In order to ensure that all space heaters meet current safety guidelines, the University Fire Department and the Department of Environmental Health and Safety have approved a limited selection of space heaters for use within the University, which are available at Central Stores.

                          See approved space heaters here.

                          Effective Fall Semester 2003, all other space heaters currently in use must be taken out of service.  Department-owned heaters must be turned in as surplus to Central Storrs.  Privately owned heaters must be removed from the University.

                          Safe Use and Care

                          • BEFORE OPERATING A HEATER, ALWAYS READ AND FOLLOW THE MANUFACTURER’S OPERATING INSTRUCTIONS.
                          • To prevent overloading an electrical circuit, a space heater must be plugged into a circuit that is rated for 15 amps or more.
                          • Always turn off a heater and unplug it when you leave the office.  NEVER leave an operating heater unattended.
                          • Before use, ensure that the heater is clean and not covered with dust.  The cord must be in good condition and not frayed.
                          • NEVER use an extension cord or power strip with a space heater.  It should be plugged directly into a permanent wall outlet (receptacle). Exception: Radiant Panel heaters may be used with extension cords or power strips rated for 15 amps or more.
                          • Never run a power cord under a carpet or floor mat.
                          • NEVER use a heater where flammable materials or vapors may be present.
                          • Do not use space heaters under desks or in other enclosed spaces.
                          • Do not place a heater near combustible materials such as papers, fabric, plastics, or office furniture.
                          • Do not place a heater in or near wet areas or in high traffic areas such as exit ways.
                          • ALWAYS maintain safe distance clearances around space heaters, as directed by the manufacturers’ instructions.
                          • Inspect space heaters at least annually and have them repaired, as needed, by a qualified electrician.
                          • Heaters that cannot be repaired must be discarded with the plug cut off to prevent inadvertent use by others.
                          • Avoid placing space heaters near room thermostats.

                          Emergency Closing Policy

                          Title: Emergency Closing Policy
                          Policy Owner: Office of the President, Office of the Provost, Human Resources Department
                          Applies to: Faculty, Staff, Students, Others
                          Campus Applicability: All campuses except UConn Health
                          Approval Date: August 30, 2023
                          Effective Date: August 31, 2023
                          For More Information, Contact: Office of Faculty & Staff Labor Relations and the Department of Human Resources
                          Contact Information: (860) 486-5684 or laborrelations@uconn.edu
                          (860) 486-3034 or hr@uconn.edu
                          Official Website: http://www.hr.uconn.edu/

                          PURPOSE

                          During inclement weather and other emergency situations at the University of Connecticut, the safety of our students, faculty, and staff is paramount. At the same time, the University has very important research, teaching, service, and outreach missions, and must maintain continuous and effective business operations. With due consideration to safety, the University will remain open and operate normally to the greatest extent possible. Faculty, staff, and students should evaluate their own circumstances carefully, exercise appropriate judgment, and take responsibility for their safety when making decisions during inclement weather.

                          The purpose of this policy is to provide direction to the University community in the rare circumstances when the University Administration decides to cancel classes; delay opening, release employees early, or close operations at some or all University campuses. This policy also explains how employees will be notified of the University’s decisions and clarifies expectations regarding attendance and performance of job-related duties. The policy applies to the entire University community, including administration, faculty, staff, and students, at all campuses except UConn Health.

                          POLICY STATEMENT

                          Decisions to alter the University’s normal operations and schedule for all campuses are made jointly by the President’s Office, Provost’s Office, University Safety, and the Head of Human Resources. Decisions about such alterations are made with full input from University Communications and Facilities Operations and Building Services for all campuses. Careful consideration will be given to the particular conditions and circumstances at each campus, and decisions will account for variations that may exist among the situations at different campuses.

                          When the University is open and operating normally, all employees are expected to make every effort commensurate with their personal safety to be at work. Individual academic departments and administrative units are not permitted to close and release employees. Those decisions will be made on a university-wide basis. Departments, regional campuses, and units may cancel special events they sponsor at their discretion and are responsible for communicating such cancellations.

                          If an emergency occurs that may require an adjustment in work schedules for an individual unit or small number of units (such as a power outage or flood in a single building), employees should work from another location if possible. Supervisors must obtain permission from the President’s Office and Provost’s Office as appropriate, before releasing employees from work for more than a short period of time.

                          Notification

                          The University will make announcements about closings or delayed openings as soon as feasible, and generally no later than 5 a.m. When conditions change rapidly or unexpectedly, however, the University may need to make or update decisions about classes and business operations on short notice.

                          The UConnALERT website, alert.uconn.edu, is the definitive source of information about the University’s operating status. All announcements regarding changes to the University’s operating schedule will be posted to this site as soon as decisions are made.

                          In addition to the UConnALERT website, advisory messages will be issued regarding closings, cancellations, early dismissals, or delays. UConn faculty, staff and students should visit alert.uconn.edu to register for cell phone text alerts, update their contact information, and obtain information related to emergency procedures and campus safety.

                          Community members may also call the University’s 24-hour emergency closing information number, (860) 486-3768, to check the University’s operating status for all campuses. Second and third shift employees are urged to call this number for information.

                          Individual units are responsible for communicating decisions about whether any special events they sponsor are postponed or canceled. Community members should contact the sponsoring units directly for information about such events. This applies to athletic events, performances, conferences, lectures, presentations, workshops, and other events hosted by a sub-unit of the University.

                          Expectations for Employees

                          This section summarizes the information applicable to:

                          • All Employees (except essential/emergency support services staff)
                          • Faculty/Class Instructors
                          • Essential/Emergency Support Services Staff

                          All Employees (except essential/emergency support services staff)

                          When the University is open and operating normally, employees are expected to report to work. During inclement weather, employees are expected to plan accordingly, including accounting for extra time needed to travel to and from work. If an employee decides not to remain at or report to work because of concerns about travelling safely, employees may use vacation, personal, or other accrued time without advance approval. Employees must promptly notify their supervisors in these situations. Employees who anticipate concerns may discuss in advance the possibility of flex time or telecommuting with their supervisors.

                          When the University directs employees not to report to campus during a closing, delay, or cancellation, employees will not be charged leave unless their time off was already scheduled and approved. If an employee is on a scheduled day off due to sick leave, vacation, personal time, earned time, or leave of absence without pay during an official University closing, delay, or early release, the employee’s time will be charged accordingly.

                          Since employees who are not on a pre-approved leave during a closing would normally be present at work, employees are expected to be accessible and responsive to their supervisors as needed during their regularly scheduled work hours. Supervisors may require that employees check and respond to email regularly, respond to work calls, or attend virtual meetings, and may expect that assigned work that can be accomplished remotely is completed on time regardless of emergency cancellations. Likewise, supervisors may make reasonable adjustments to be able to continue University business, including holding meetings by teleconference and handling normal business by email, and employees who would normally be present at work may be required to participate.

                          Faculty/Class Instructors

                          All faculty at all campuses must abide by the University’s decision to remain open. If the University does not cancel classes, faculty are expected to hold classes as scheduled, except in circumstances when a faculty member determines that they are unable to travel safely to campus. In these exceptional cases, the faculty member must notify their dean and department head and must also notify all students in the class. Faculty must not cancel class prior to the University’s decision about whether the University will alter its normal schedule. Faculty may elect to hold classes virtually using online methods.

                          Only the instructor of record for a class may decide to cancel a class. Teaching Assistants may not make independent decisions to cancel classes or other activities related to classes; they must consult with the faculty member for the course.

                          Instructional time that is cancelled is expected to be made up in accordance with the By-Laws, Rules, and Regulations of the University Senate. The University’s academic calendar includes specified “emergency closing make-up dates.” Faculty who plan to use these times to make up class must inform students as soon as possible and reserve a classroom through the Registrar’s Office. Faculty may also make up classes at other times but must be sensitive to students’ availability to attend.

                          Faculty should respect the decisions of commuting students who decide not to travel to campus, or to leave class early in order to get home safely, and provide options for them to make up missed work. The Dean of Students Office is available to assist faculty and students with concerns about missed work.

                          Essential/Emergency Support Services Staff

                          Operations including university safety, residential and dining services, health services, animal care, facility maintenance, information technology services, student support services, transportation, and other important services may be required to continue even in severe weather or during other circumstances that require the University to cease other operations.

                          The University may designate employees as “Essential” employees (also known as “Emergency Support Services Staff”) if it determines their job functions are necessary or potentially necessary to conduct the University’s business even when the University is not operating normally. Employees designated as essential are typically expected to report to or remain at work when the University has a delayed opening, early release, or closure.

                          Individual Departments determine which, if any, of their employees are essential. Further, Departments may require all essential employees to report during any closure. Alternatively, Departments may develop a procedure that limits the number of essential employees required to report based on the nature or duration of the closure, the nature of the functions the Department performs, and the level of staffing needed. This approach is typically implemented through an “on call” notification system or a rotating assignment.

                          Departments are responsible for notifying essential employees annually of their designation. Employees hired into positions that are essential are first notified of their designation at the time of hire. In addition, the business needs of the University may change in ways that require other employees to be deemed essential even if they were not designated so at hire. In such cases, the Department will notify affected employees at the time of their designation. By October 1st of each year, Departments with essential employees must provide a list of these employees to the Office of Faculty and Staff Labor Relations and the Department of Human Resources.

                          Unless provided in the applicable collective bargaining agreement or authorized by the Governor, the University is prohibited from awarding compensatory time or extra compensation to essential employees for working during their regularly scheduled hours when the University has a delay, early release, or is closed.

                          ENFORCEMENT

                          Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Code.

                          RELATED PROCEDURES AND POLICIES

                          Time and attendance procedures for employees and supervisors are posted on the Payroll Department website at www.payroll.uconn.edu.

                          Requirements with respect to instructional time and making up time are defined in the By-Laws, Rules, and Regulations of the Senate (http://policy.uconn.edu/2011/05/19/by-laws-rules-and-regulations-of-the-university-senate/) and the University’s Credit Hour Policy (http://policy.uconn.edu/2012/08/22/credit-hour).

                          POLICY HISTORY

                          Policy adopted: October, 2012

                          Revisions:

                          November 26, 2014
                          August 27, 2015
                          August 30, 2023 (Approved by the Senior Policy Council and the President)
                          July 12, 2024 (Editorial revisions by University Compliance)

                           

                          Acceptance and Disposal of Textbook Donations, Policy on

                          Title: Acceptance and Disposal of Textbook Donations, Policy on
                          Policy Owner: Office of the Provost
                          Applies to: Faculty, Staff
                          Campus Applicability:  All University Campuses, including UConn Health
                          Effective Date: October 12, 2011
                          For More Information, Contact Office of the Provost
                          Contact Information: (860) 486-4037
                          Official Website: http://provost.uconn.edu

                           

                           

                          Introduction:
                          It is understood that from time to time the publishers of academic textbooks and related materials may provide free copies to faculty or staff for their use. Under State of Connecticut and University of Connecticut ethics policies, these free materials may not be accepted as personal property and should instead be accepted as property of the University. The eventual disposal of free textbooks and related materials is subject to University policy.

                          Purpose:
                          The purpose of this policy is to delineate the appropriate acceptance and eventual disposal of gift textbooks and related materials.

                          Scope:
                          This policy applies to all faculty and staff of the University of Connecticut and the University of Connecticut Health Center.

                          Definitions:
                          Prohibited Donor: Registered lobbyists or a lobbyist’s representative; Individuals or entities doing business with or seeking to do business with the University; or Contractors pre-qualified by the Connecticut Department of Administrative Services.

                          Published: the reproduction of a textbook or related materials through print, digital, or other media, including but not limited to, standard printed texts and e-books.

                          Related materials: documents or other media used to supplement or in any other way support a textbook in the teaching and study of a subject.

                          Textbook: a book published and used in the teaching and study of a subject.

                          Policy:
                          Under State of Connecticut and University of Connecticut ethics rules, faculty and staff are prohibited from personally accepting a free textbook or related academic materials from prohibited donors if the value of the item(s)  is more than $10.00.  Most publishers offering free textbooks would fall under the definition of a prohibited donor.

                          As permitted under state and University rules, a free textbook or related academic materials valued at more than $10.00 may be accepted as property of the University.

                          When a free textbook and/or related academic materials are deemed out-of-date or are otherwise no longer in active use, they may not be removed from the University for personal use. These items may be donated with the approval of the appropriate Dean or through the University Libraries “Disposal of Materials Policy” by donating them to the Library.

                          Policy History

                          Effective October 2011 (Approved by the President’s Cabinet)