Staff

Travel and Entertainment Policy

Posted on April 21, 2026April 22, 2026 by Quiles, Anida

Title:	Travel and Entertainment Policy
Policy Owner:	Executive Vice President for Finance and Chief Financial Officer
Applies to:	University Workforce Members, Students, and Guests
Campus Applicability:	All UConn Campuses, except UConn Health
Approval Date:	April 20, 2026
Effective Date:	April 21, 2026
For More Information, Contact:	Associate Vice President for Financial Operations and Controller
Contact Information:	travel@uconn.edu
Official Website:	https://travel.uconn.edu/

BACKGROUND
PURPOSE
APPLIES TO
DEFINITIONS
POLICY STATEMENT

PRE-TRIP
ELIGIBLE BUSINESS EXPENSES
INTERNATIONAL TRAVEL
EXPENSE REPORTING
- Prohibited Business Travel Expenses
- Sponsored Program Expenses
EXCEPTIONS TO POLICY

ENFORCEMENT
PROCEDURES/APPENDICES
REFERENCES
POLICY HISTORY

BACKGROUND

The University of Connecticut (University) recognizes and supports the need of members of its community to travel for conferences, events, and other purposes in support of and consistent with the University’s mission. The University may also find it important to host guests for similar purposes. This policy addresses the most common aspects of University Business Travel and entertainment.

PURPOSE

To establish rules that balance the University’s Business Travel and entertainment needs with the responsible stewardship of public resources, and to make employees and approvers aware of their respective obligations in incurring, seeking reimbursement for and approving travel and/or entertainment expenses.

APPLIES TO

University Workforce Members, students and guests, including but not limited to recruits and job candidates.

DEFINITIONS

Approver: An individual designated to review and/or authorize Business Travel and associated expenses, in compliance with University policies and procedures. See Appendix 1 Roles and Responsibilities for further details.

Business Expense (“Travel Expenses”)

Business Expenses (“Travel Expenses”) meet the following criteria:

Reasonable Expenses: Costs that a prudent person would incur under similar circumstances. They should not be excessive or extravagant and must reflect fair market value.
Necessary Expenses: Costs essential to conducting official University business. They must directly support the University’s objectives and be indispensable for the completion of a specific task or duty.
Appropriate Expenses: Costs suitable and fitting for the context of the business activity. They should align with the University’s mission and adhere to its policies and ethical standards.

Business Travel: Travel or entertainment undertaken for activities directly related to official University business.

Local Lodging: Defined as accommodations less than 75 miles from the closer of home or work.

Long-Term Business Travel: Travel lasting 30 or more consecutive days in length in a single location.

Official Duty Station: An employee’s primary work site or post of duty. For employees with multiple work sites or posts of duty, the Official Duty Station is the location where the employee is expected to perform the majority of their work. The Official Duty Station does not include a remote work site.

Reimbursement: The repayment of allowable, properly documented out-of-pocket or Travel Card expenses associated with approved Business Travel.

Travel Card: A University-issued credit card used to pay for authorized travel-related expenses incurred during official University business.

Traveler: Anyone traveling on behalf of the University including University Workforce Members, students, guests, recruits and job candidates.

Senior Institutional Official: The appropriate University officer, including the President, Provost, or the Executive Vice President for Finance and Chief Financial Officer, who has authority and responsibility for the area or activity to which the policy applies.

University Workforce Members: Employees, volunteers, trainees, and other persons whose conduct, in the performance of work for the University, is under the direct control of the University, whether or not they are paid by the University.

POLICY STATEMENT

The University reimburses Travel Expenses incurred for official University business when properly authorized and documented pursuant to applicable University policies and procedures, the rules applicable to accountable plans under the Treasury Regulations and, for certain independent contractors, the rules applicable under the Internal Revenue Code. All such expenses must comply with the requirements outlined in this policy and the associated Travel and Entertainment Procedures (“Procedures”).

Workforce members may be subject to additional or differing travel and entertainment requirements under a collective bargaining agreement (CBA) or provisions in their employment agreement. In the event of a conflict between this policy and an applicable CBA or employment agreement, the CBA or employment agreement shall control.

PRE-TRIP

Pre-Approval

Travel requiring airfare or lodging must be pre-approved prior to the start of the trip. Airfare and Lodging expenses incurred without prior approval may not be reimbursed. Please see Procedures for more information on required levels of approval. Approvers must verify that the requested travel meets the criteria of Business Travel, as defined.

All travel related to conferences (i.e., seminars, workshops, retreats, conventions, etc.) must have supporting evidence of the description of the conference, its location and the dates attached to the Concur Request and Expense report relating to the conference.

The decision to reimburse a Traveler for expenses that required pre-approval but was not obtained will be at the sole discretion of Senior Institutional Officials.

Travel Advances

Advances are only provided for international travel or special cases where a credit card cannot be used, subject to eligibility.
Advance requests are limited to 75% of estimated expenses and must exceed $500.

International Travel

While the University supports international travel to strengthen the University’s partnerships in education and research, certain federal regulations must be followed and steps taken to support a compliant trip. Requirements include, but are not limited to, obtaining prior approval for any Business Travel to a sanctioned country. Failure to obtain prior authorization for activities subject to export control or sanction regulations may result in serious personal liability and dis-allowance of charges by the University.

ELIGIBLE BUSINESS EXPENSES

The following Travel Expenses are eligible for reimbursement or to be incurred on a Travel Card. Unless otherwise stated, Travelers must select the lowest price that meets the Business Travel needs. Refer to the Procedures for additional details.

General Trip Requirements

Eligible reimbursements will only be made to the Traveler who incurred the expense(s).

Expenses paid with credits received from rebates, points, vouchers, etc., are not eligible for Reimbursement regardless of how the credits were earned.

Receipts are required for expenses exceeding:

$50 when using a University Issued Travel Card.
$25 when using personal funds (out of pocket expense)

Travelers may incur reimbursable expenses before and after actual business dates, defined as travel days. The eligibility of allowable expenses depends on the one-way flight time excluding layovers.

Preceding business start date:

If the duration of the departure flight is less than (8) hours, Travelers may claim expenses the day immediately preceding the start of University business.
If the duration of the departure flight exceeds eight (8) hours, Travelers may claim travel-related expenses (e.g., meal per diem, parking, etc.) for up to three (3) days immediately preceding the start of official University business. However, reimbursement will be limited to a maximum of two (2) nights of lodging at the business location.

After the conclusion of business, Travelers may claim related expenses for one (1) travel day following the conclusion of University business.

Long-Term Business Travel

Long-Term Business Travel requests must include a detailed description that explains its necessity to conduct University business.

Travelers may choose cost-effective, self-catering accommodations (i.e., kitchen included) in lieu of standard lodging. Self-catering accommodations are limited to studio or one-bedroom units with costs that do not exceed 50% of federal per diem and is comparable to standard lodging in the area.
The University provides meal per diems for Long-Term Travel for a maximum of 30 days at 50% of federal per diem. Requests for exceptions must detail applicable extenuating circumstances and be submitted by the Traveler in Concur at least 10 days prior to the trip.

Accompanying Individuals

In rare circumstances, the Travel Expenses of a spouse, partner, immediate family member or dependent (“accompanying individual”) may be eligible for reimbursement if the presence of the accompanying individual serves an essential business function.
The accompanying individual must have a defined, documented, and pre-approved official role that is essential to University business. A detailed justification specifying the official role of the accompanying individual and supporting documentation, such as event programs or correspondence verifying their official role, must be submitted for approval to a Senior Institutional Official prior to travel.
Expenses incurred without the required documentation or prior approval will not be reimbursed, and the Traveler may be held personally responsible for such expenses.

Combined Business and Personal Travel

Travelers may combine personal travel with approved Business Travel subject to the following requirements and only when authorized in advance by an Approver.

When weekends, holidays, or necessary standby days fall between Business Travel days, the University may reimburse lodging and meal expenses only if the Traveler demonstrates cost savings to the University. The determination of cost-savings is made by the University, not the Traveler.
Travelers who choose to arrive early or extend their stay for non-business reasons are responsible for all expenses incurred for personal days, including additional airfare expenses due to an additional flight leg or different airport from the business location related to personal travel.

Travelers must clearly document personal travel and separate eligible Travel Expenses from personal expenses.

Transportation

Air Travel

University Workforce Members and students should purchase the lowest commercial airfare available but may also make reasonable allowances for practicality and preferences such as safety, scheduling and any need for special accommodations. First class air travel, refundable tickets and seat upgrades such as Comfort or Economy Plus are not reimbursable. If free seat selection is not available at time of booking, then Reimbursement for seat selection fees up to $50 per leg is allowed. Baggage fees for up to two checked bags are reimbursable. Overweight baggage fees are not allowed.

Employees and students must use Concur or the University’s preferred travel agency to book airfare when arranging travel for themselves, guests, or suppliers.
Guests and suppliers are strongly encouraged to have the University book their travel through Concur or the University’s preferred agency.
Travelers are required to park at airport economy lots. Central garage parking is not permitted.

Airfare Class

Business class is not allowed. Economy upgrades (i.e., Economy Plus, Comfort plus, etc.) are allowed for international flights where the total flight duration one way, excluding layovers, exceeds eight hours.

Sponsored Program Air Travel

Sponsors have specific rules for the reimbursement of airfare, including:

Upgraded class airfare (i.e., Economy Plus, Comfort Plus, etc.) may not be charged to a federal sponsored award even in the case of international flights, and the cost in excess of the basic least expensive airfare, for purposes herein referred to as “coach fare,” must be charged to an account other than the federal grant/contract, except when traveling coach would: (1) require circuitous routing; (2) require travel during unreasonable hours; (3) excessively prolong travel; (4) result in additional costs that would offset the transportation savings; or (5) offer accommodations not adequate for the Traveler’s medical needs. The Traveler is responsible for documenting the foregoing exceptions.

Note that the “Fly America Act,”49 U.S.C. 40118, requires all Travelers to use United States air carriers for all air travel and cargo transportation services supported by Federal funds. One exception to this requirement is transportation provided under a bilateral or multilateral “Open Skies” air transport agreement, to which the United States government and the government of a foreign country are parties, and which the Department of Transportation has determined meets the requirements of the Fly America Act.

Ground Travel

Personal Vehicles

Mileage Reimbursement is based on the standard IRS rate and excludes normal commutes between the Traveler’s home and their Official Duty Station when traveling during the work week.

Travelers will not receive Reimbursement for travel from their home to their Official Duty Stations or commuting expenses between local Storrs Campuses
Travelers will be reimbursed for travel between regional campuses, less their normal commute to their Official Duty Station. This does not include employees that have more than one Official Duty Station e.g., employees that are required to work at UConn and UConn Health.
Tolls and parking fees are reimbursable.

Rental Cars

Employees and students must use Concur or the University’s preferred travel agency to book rental cars when arranging travel for themselves, guests, or suppliers
Guests and suppliers are strongly encouraged to have the University book their travel through Concur or the University’s preferred agency
Travelers must reserve an appropriately sized class of vehicle for the number of passengers.
Prepaid fuel is not reimbursable. Post paid fuel service (i.e., charged after rental) is reimbursable if using the University’s preferred rental car supplier.
Additional insurance and upgrades (e.g., GPS, roadside assistance) are not reimbursable.
- If there are no cars available from UConn’s preferred car rental agency, then additional insurance is reimbursable.

Alternative Transportation

Rideshare services, or public transit are allowable if the cost is the same or less than mileage and parking fees associated with a rental car or personal vehicle.

Livery Service

Livery service is permitted if using University-preferred livery suppliers on flights departing from the following airport locations:

Boston
New York
New Jersey
Bradley International Airport – guests only

Costs charged to a sponsored award must not exceed costs that would have been incurred with the use of a personal vehicle (i.e., mileage and parking).

State-owned Vehicles

If a University workforce member or department has a state-owned or state-funded (i.e., an automobile allowance/stipend) vehicle, the University Workforce member or department must use the vehicle for Business Travel whenever possible.

Rail Travel

Business class is allowed for journeys over four (4) hours excluding layovers.
First-class rail travel is not reimbursable.

Lodging

Lodging expenses cannot exceed the federal per diem lodging rate by more than 50% percent (excluding taxes). Conference hotel rates are allowed to exceed the federal per diem lodging rate by more than fifty percent (excluding taxes) for rooms booked at the conference hotel.

Lodging is limited to one bedroom per Traveler on University business.

Travelers will not be reimbursed for lodging costs prior to the day of departure or after return. Local Lodging is not allowed, unless it is needed for a conference.

Meals

For individual meals only meal per diem amounts will be reimbursed; actual meal costs will not be reimbursed.

If a meal was provided, the corresponding meal per diem must be deducted by the Traveler.
The first and last days of travel are reimbursed at 75% of the daily meal per diem rate

For business meals, alcohol restrictions and additional requirements, please see the separate Payment of Meals Policy.

Gratuities and Miscellaneous

Gratuities are reimbursable at a rate not to exceed 20% of the cost.

Travelers may receive reimbursement for miscellaneous business services/charges while traveling on University business. E.g., Internet access, use of a computer, and other similar business services.

Single-Day Travel

Travelers are eligible for meal per diems if they are away from their home and Official Duty Station for more than ten hours without an overnight stay. The per diem cannot exceed 75% of the U.S. General Services Administration (GSA) per diem rate in effect for the destination of travel. Such Reimbursements will be treated as taxable income to the University Workforce Member or student.

INTERNATIONAL TRAVEL

Reimbursements for international travel are based on actual exchange rates documented by receipts or credit card statements.

Passport and visa fees are reimbursable when required for Business Travel and when permitted by the funding source as in the case of a sponsored project. Travel Expenses to obtain or renew a passport or to obtain a visa are not reimbursable.

International Medical and Emergency Evacuation Expenses:

Medical and emergency evacuation insurance are covered by the University’s contracted supplier for travel during Business Travel dates. Any additional insurance purchased is not reimbursable.
Costs relating to required vaccinations, prescriptions, medical co-pays for Business Travel are reimbursable.

EXPENSE REPORTING

Expense reports must be submitted within 30 days of the Business Travel end-date using Concur.

Prohibited Business Travel Expenses

The following list is not exhaustive. Consult the Travel and Entertainment Procedures and/or with Travel Services for further information.

Normal commute mileage
Personal items (e.g. toiletries, souvenirs)
Alcohol
Fines (e.g., parking traffic violations)
Expenses paid with credits
Accompanying individuals without a legitimate business purpose
Expenses without documentation, unless below the thresholds above
Trip insurance

EXCEPTIONS TO POLICY

Exceptions to policy must demonstrate cost savings and/or business necessity and be pre-approved by Travel Services, Accounts Payable, or a Senior Institutional Official. Exceptions that involve funding from a federal granting agency must also be approved by Sponsored Program Services.

Extenuating circumstances where an exception to policy occurred during travel and could not have been foreseen must be approved post-trip by Travel Services in Procurement, Accounts Payable, or a Senior Institutional Official.

Individuals who require accommodations for reasons of health or disability may seek reasonable exceptions to this policy through the University’s Department of Human Resources.

ENFORCEMENT

Travelers who do not comply with this policy or its associated procedures may be personally responsible for expenses incurred. Violations of this policy or its associated procedures may also result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Code.

PROCEDURES/APPENDICES

Travel and Entertainment Procedures
Appendix 1 Roles and Responsibilities

REFERENCES

Export Control and Economic Sanctions Policy
Financial Conflicts of Interest in Research Policy
Fly America Act
Payment of Meals Policy
University’s Export Control website
University Travel Cards | Travel Services

POLICY HISTORY

Policy created:

Revisions:

04/20/2026 (Approved by the University Senior Policy Council)
11/19/2025 (Approved by the University Senior Policy Council and President)
06/30/2021 (Minor revisions, Approved by Board of Trustees)
4/29/2020 (Approved by Board of Trustees)
12/1/2017 (Approved by Board of Trustees)
7/1/2015 (Approved by Board of Trustees)
11/1/2012 (Approved by Board of Trustees)
3/24/2008 (Approved by Board of Trustees)

Registered and Trustee Student Organizations, Policy on

Posted on March 9, 2026March 17, 2026 by Quiles, Anida

Title:	Policy on Registered and Trustee Student Organizations
Policy Owner:	Division of Student Life & Enrollment
Applies to:	All University Workforce Members, Students, Guests and other Third Parties that engage with student organizations
Campus Applicability:	All UConn Campuses
Approval Date:	March 4, 2026
Effective Date:	March 9, 2026
For More Information, Contact:	Associate Vice President for Student Life
Contact Information:	solid@uconn.edu or studentactivities@uconn.edu
Official Website:	https://studentlife.uconn.edu/

BACKGROUND

The University of Connecticut recognizes the longstanding role of student organizations in fostering student engagement, leadership development, and community building across all campuses. Student organizations operate in a variety of forms, funding structures, and engage regularly with University resources, employees, and third parties.

This policy formalizes the University’s definitions, oversight, and relationship with Registered Student Organizations and Trustee Student Organizations.

PURPOSE

To establish a clear and consistent framework as it relates to the University’s working relationship with student organizations across its campuses.

APPLIES TO

All students, workforce members, and third parties that engage with student organizations.

DEFINITIONS

Registered Student Organization (RSO): A student-run entity voluntarily formed by University of Connecticut students, with a common interest, for a lawful purpose, and registered with their respective campus-based Student Activities office.

Trustee Student Organization (TSO): A Registered Student Organization formally recognized by the University’s Board of Trustees and separately funded through student-fees in accordance with Connecticut General Statutes. TSOs are student-governed and student-managed with operational and editorial autonomy (where applicable).

Advisor: A full-time University employee, including faculty and staff, or a graduate assistant where permitted, who is officially designated through the student organization registration process or assigned as part of their University role to provide guidance and support to a RSO or TSO.

The following individuals are not eligible to serve as an Advisor for UConn Campuses:

Part-time employees
Special payroll employees
Student employees (except approved graduate students holding an assistantship)
Volunteers, alumni, contractors, or external affiliates

Only external affiliates may serve as Advisors for RSO’s at UConn Health as may be permitted by UConn Health’s specific policies or processes.

POLICY STATEMENT

Formation and Registration

The University recognizes the right of students to form voluntary organizations for any lawful purpose. Student organizations that wish to receive access to University resources and services must register with their campus-based Student Activities office. To register, a student organization must meet all minimum requirements established by the University’s Blueprints manual and, when applicable, their campus-based Student Activities office.

RSOs shall be designated into a Tier-system in accordance with University guidance and oversight from the Division of Student Life & Enrollment. TSOs shall be established in accordance with the Student Service and Activity Fee Advisory Committee (SASFAC) process.

University Oversight and Organizational Autonomy

RSOs at the University are independent entities. The University assumes no responsibility for an RSO’s decisions, operations, contracts, events, or activities, nor does it provide insurance coverage or liability protection. The actions, viewpoints, publications, invited speakers, or initiatives of RSOs are solely the responsibility of the organization and their members.

The University’s role is not to approve or disapprove of such views, but rather to uphold its educational obligation to support free expression and open discussion consistent with the constitutional rights of students and the regulations of the University.

The University does not regulate RSO’s use of independent and non-university funds raised or collected. RSOs may independently enter into contracts or agreements with external parties using these independent funds. The University does not review, approve, or assume responsibility for such agreements unless explicitly stated in University policy otherwise.

A TSO receives financial oversight and administrative support from the University. However, a TSO retains control over their internal governance, operations, and student-led initiatives, except where University intervention is required to ensure compliance with law or policy.

Advisors serve in a supportive role while TSOs and RSOs retain full authority over their organization’s actions and decisions. Advisors do not bear responsibility for the actions or conduct of organization members when fulfilling their role appropriately and in good faith.

All students remain subject to the Student Code, and thus, a TSO or RSO may be referred to the University’s Student Organization Conduct process when their activities violate University policies.

ENFORCEMENT

Violations of this policy and any related procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Code. If violated, individuals and/or Organizations may be personally liable.

PROCEDURES/FORMS

Blueprints Manual
Trustee Student Organization Manual

REFERENCES

Connecticut General Statute § 4-52 – 57a.
Conn. Gen. Stat. § 4-165
Conn. Gen. Stat. § 5-141d
The Student Code
Student Service and Activity Fee Advisory Committee (SASFAC) Guidelines for Student Activity Fee Creation, Elimination, and Change (2025)

POLICY HISTORY

Policy created: March 4, 2026 (Approved by the Senior Policy Council and President)

Revisions:

Tax Credit Incentive Program, Policy On

Posted on June 24, 2025October 15, 2025 by Kayla Hogrefe

Title:	Tax Credit Incentive Program, Policy On
Policy Owner:	Division of Athletics
Applies to:	University Workforce Members
Campus Applicability:	All UConn Campuses except UConn Health
Approval Date:	June 20, 2025
Effective Date:	July 1, 2025
For More Information, Contact:	Director of Athletics
Contact Information:	(860) 486-2725

PURPOSE

The University of Connecticut (“University”) administers a UConn Tax Credit Program (“Program”) to encourage the promotion and public recognition of the University and its programs, services, or mission. This policy sets forth the framework required to comply with Connecticut law.

APPLIES TO

All University workforce members.

DEFINITIONS

Credit: A Connecticut state tax credit equal to 50% of payments made under a qualified agreement for the applicable taxable or income year, not to exceed $500,000 per taxpayer, per taxable or income year, with an aggregate annual program cap of $5 million per calendar year.

Qualified Agreement: A written agreement to which (1) a Taxpayer and the University are parties, and (2) one which the University has determined, in accordance with written procedures, provides for payments that will encourage the promotion and public recognition of the University’s Division of Athletics program, services, or mission.

Reservation: A written acknowledgement issued by the University that it has reserved a tax credit equal to the amount of the expected tax credit to be awarded to the taxpayer pursuant to a qualified agreement, and issued on a first-come, first-served basis.

Taxpayer: Any person, as defined in section 12-1 of the general statutes, whether or not subject to any taxes levied by Connecticut, that executes a qualified agreement.

Voucher: A certificate issued by the University which authorizes the taxpayer to claim a tax credit on their Connecticut tax return.

POLICY STATEMENT

The Division of Athletics, in consultation with the Office of the Controller, is responsible for establishing and administering the Program.

The Director of Athletics ensures that all Qualified Agreements support the University’s athletic activities that promote or enhance public recognition of the University’s mission, program, or services. Acceptable activities include, but are not limited to, sponsorships, marketing partnerships, and other initiatives approved by the Director of Athletics.

The University may not issue Vouchers that, in aggregate, exceed $5 million in Credits for any calendar year. No Taxpayer may receive more than $500,000 in tax credits per income or taxable year.

University employees directly involved in negotiating or administering Qualified Agreements may not personally benefit from, or hold a financial interest in, any Taxpayer receiving Credit.

The Division of Athletics and the Tax and Compliance Office shall adopt procedures concerning the implementation of this policy. Such procedures must include:

Processes for application, Reservation, and Voucher;
Documentation requirements;
Record retention requirements;
Reporting requirements to the Commissioner of Revenue Services and General Assembly; and
Criteria for Qualified Agreement determinations.

ENFORCEMENT

Violations of this Policy or associated procedures may result in appropriate disciplinary measures in accordance with state law, University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, the University of Connecticut Student Code, and Division of Athletics Student Athlete Handbook.

PROCEDURES

Tax Credit Program Procedures

POLICY HISTORY

Policy Approved: June 20, 2025 (Approved by President’s Senior Policy Council)

Fitness for Duty Policy

Posted on August 21, 2024February 17, 2026 by Quiles, Anida

Title:	Fitness for Duty Policy
Policy Owner:	Human Resources
Applies to:	Employees
Campus Applicability:	Storrs and Regional Campuses
Approval Date:	August 20, 2024
Effective Date:	August 21, 2024
For More Information, Contact:	Human Resources
Contact Information:	(860) 486-3034 or hr@uconn.edu
Official Website:	https://hr.uconn.edu/

BACKGROUND

The University is committed to providing a workplace that is conducive to a safe and healthy environment, supportive of our educational mission. Employees must be able to perform their job duties in a safe, productive, and effective manner. Employees who are not Fit for Duty may present a safety risk for themselves or others.

PURPOSE

To ensure the health and safety of individuals in the University community and others with whom they have contact.

DEFINITIONS

Fit for Duty: An employee is physically, mentally, and emotionally capable of performing their job responsibilities effectively and safely.

Fit for Duty Evaluation: A professional assessment of an employee’s physical, mental, and/or emotional capacities carried out by a licensed Health Care Evaluator to determine whether the employee is physically, mentally, and emotionally capable of performing their duties. This may include a “functional capacity evaluation” (FCE), which is a set of tests, practices, and/or observations that are combined to determine the employee’s ability to safely perform the physical and other demands of their specific job.

Health Care Evaluator: An independent, licensed, health care provider with appropriate expertise to conduct a Fitness for Duty Evaluation.

POLICY STATEMENT

The University may conduct a Fit for Duty Evaluation with an independent, licensed Health Care Evaluator, where such an exam is job-related and consistent with business needs. This includes, but is not limited to, situations where an employee:

has observable difficulty performing their duties safely, which may include situations in which the employee appears to be impaired by drugs, alcohol, or other substances;
is returning from an intermittent or block medical leave, where there is a reasonable basis to verify the necessity of the leave or of the ability of the employee to return;
has observable difficulty performing the essential functions of their position; and/or
poses an imminent or serious safety threat to self or others.

This policy is not a substitute for the University’s policies and protocols regarding sick or medical leave requests, workers’ compensation claims, or reasonable accommodations and may be in addition to benefits processing, as legally and/or contractually permitted. It also is not a substitute for other University policies or procedures related to discipline, performance management, or prevention of violence in the workplace; nor is it a substitute for any requirements or regulations under the Connecticut Police Officer Standards and Training Council or Conn. Gen. Stat. § 7-291e, as may be amended from time to time, or other licensing boards.

Employee and Supervisor Responsibilities:

Employees:

Must come to work Fit for Duty and must perform their job responsibilities throughout their workday.
Must notify their supervisor as soon as possible if they feel they cannot safely perform their job. Employees are not required to disclose health-related information to their supervisor.
Should notify their supervisor as soon as possible when they observe a co-worker acting in a manner that suggests the co-worker may be impaired or otherwise not Fit for Duty. If the supervisor is the individual of concern, the employee may inform the next level supervisor or contact Labor Relations at (860) 486-5684 or laborrelations@uconn.edu.
Must provide relevant information or releases for medical records reasonably requested by the Health Care Evaluator conducting the Fit for Duty Evaluation.
Must comply with authorized requests to submit to a Fit for Duty Evaluation. Non-compliance may constitute insubordination and result in disciplinary action, up to and including termination.

Supervisors:

Are responsible for observing the attendance, performance, and behavior of employees under their supervision.
Must follow this policy when presented with circumstances or knowledge indicating an employee may be not Fit for Duty.
Must contact Employee Relations if they have a reasonable belief that an employee is unable to perform their job and may need a Fit for Duty Evaluation.
Should contact the UConn Police Department first if there is an immediate safety concern or threat and thereafter make a referral to the Employees of Concern (“EOC”) Team. When there is not an immediate safety concern, the employee may nonetheless present a threat to themselves or others, make a referral to EOC.

Fit for Duty Evaluation:

The Fit for Duty Evaluation will be conducted to determine whether the employee is physically, mentally, and emotionally capable of performing their job responsibilities effectively and safely. The Fit for Duty Evaluation is not for diagnosis or treatment.
The examination may include medical testing, psychological testing, physical examination, or an FCE that may involve performance of actual physical tasks and duties.
When the University requires a Fit for Duty Evaluation pursuant to this policy, the University shall select the Health Care Evaluator and bear the cost of the examination.
Results from the University’s selected Health Care Evaluator shall be presumed valid. In case of significant disagreement or contradiction by the employee’s physician, the University may request another opinion, for which it will bear the cost.

Return to Work:

The Health Care Evaluator will provide the appropriate University officials, including but not limited to Human Resources and Employee Relations, with a written report detailing the nature and extent of the employee’s functional limitations or restrictions concerning the employee’s ability to effectively safely perform the essential functions of their job, if any, and the expected duration of any such limitations.
The Health Care Evaluator will make the final determination of an employee’s fitness for duty status based on their assessment of the employee and review of the essential functions of the employee’s position, based on their University job description and duties.
The University must receive a written return to work/fitness for duty form from the Health Care Evaluator before the employee may return to work.
Where applicable, Human Resources shall be consulted to facilitate the reasonable accommodation process. Nothing contained in this policy is intended to create a right to light duty work.
If an employee is deemed unfit for duty, their employment status will be determined on a case-by-case basis in accordance with federal and state law, University policy and procedures, and any applicable collective bargaining agreement or employment contracts.

Confidentiality:

Records of Fit for Duty Evaluations will be treated as confidential and will only be shared or used as permitted by law.
Information concerning an employee’s fitness for duty will be shared only with those who need to know for legitimate business purposes. Typically, information available to the employee’s work unit after the Fit for Duty Evaluation will be limited to whether the employee is fit to resume their job duties and whether the employee needs specific reasonable accommodations, as determined by Human Resources.

ENFORCEMENT

Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Code.

RESOURCES

Employee Assistance Program (EAP)
EAP Phone: (860) 679-2877, CT toll-free: 800-852-4392
Web: https://hr.uconn.edu/employee-assistance-program/
Provides confidential assessment and referrals for employees seeking assistance in dealing with alcohol and substance misuse.

If there is no emergency or imminent threat, employee concerns should be reported to Human Resources via laborrelations@uconn.edu.

If there is an imminent threat or an emergency situation, the University of Connecticut Police Department (UCPD) should be contacted immediately by dialing 911.

POLICY HISTORY

Policy created: 08/20/2024 (Approved by Senior Policy Council and the President)

Posting Policy

Posted on June 28, 2024March 18, 2026 by Kayla Hogrefe

Title:	Posting Policy
Policy Owner:	Office of the Provost and Office of the Vice President for Student Life and Enrollment
Applies to:	Faculty, staff, students, visitors
Campus Applicability:	Storrs and regional campuses
Approval Date:	June 27, 2024
Effective Date:	June 28, 2024
For More Information, Contact	Office of the Provost or Office of the Vice President for Student Life and Enrollment
Contact Information:	provost@uconn.edu or VPSLE@uconn.edu
Official Website:	https://provost.uconn.edu or https://studentlife.uconn.edu

PURPOSE

This Policy is intended to ensure the responsible and effective use of bulletin boards and other areas designated for the posting of Flyers, prevent littering and the defacing of or damage to University property. This Policy is not meant to supersede other existing area specific posting policies, nor is it intended to inhibit free speech or expression. However, all Flyers must comply with established University Policies.

APPLIES TO

Storrs and Regional Campuses, not including UConn Health and UConn Law.

DEFINITIONS

Designated Posting Areas: Specific locations on campus authorized for the display of Flyers and similar materials. These areas are established to help ensure the responsible and orderly use of space for announcements and information dissemination. Designated Posting Areas are either Controlled Posting Spaces or Open Posting Spaces.

Controlled Posting Spaces: Designated posting areas managed by respective building managers and/or departmental owners. Prior approval is required to post a flyer in a controlled posting space.

Open Posting Spaces: Designated posting areas that do not require approval prior to posting.

Flyers: Posters, printed materials, and/or any other physical materials.

POLICY STATEMENT

Flyers may only be posted in Designated Posting Areas, such as bulletin boards and other designated spaces throughout the campus. Under no circumstance may Flyers be affixed in any manner on University signs, lampposts, trees, or any place that would impede ingress/egress. For safety reasons, Flyers may not be slipped under the doors of offices, classrooms, or other University spaces. Any postings in non-designated areas will be removed.

Flyers must be affixed in a manner that does not cause damage to University property. Only non-permanent methods may be used to display Flyers. Permanent or semi-permanent adhesion that may cause damage to University property must not be used. In general, only tacks on bulletin boards, and painter’s tape on non-tackable boards should be used. Individuals/organizations wishing to post Flyers should also ensure compliance with the departments/offices' policies, including those linked in the References section below.

PROCEDURES

Printed Flyers should be of a standard size (e.g. 8.5”x11”) not to exceed 11”x17”. Only one Flyer per event or notice should be posted in each Designated Posting Area. Excess Flyers and other posting materials may be removed.

Flyers should include the name of the organization/individual responsible for the posting and the date on which it was displayed.

Individuals or groups posting Flyers for events should remove them within 24 hours of the event's completion. Once the event date has passed, anyone may remove the posting.

Building managers may remove Flyers that do not have specific dated events periodically based on the date the posting is displayed (e.g. once per semester or on another schedule).

LOCATIONS

Building managers may designate Open Posting or Controlled Posting Spaces, in consultation with leadership of departments/units within the building, for the posting of Flyers that meet the standards outlined in this Policy. Classrooms are not considered Designated Posting Areas. Postings in classrooms can be used as part of instruction during class times and should be removed after the class is over.

Open Posting Spaces are areas designated for the posting of Flyers that meet the standards outlined in this Policy and do not require prior approval. Open Posting Spaces shall be clearly marked. A listing of known locations is available in the References section below. If a space is not clearly marked as an Open Posting Space, individuals are encouraged to seek permission before posting.

Flyers must be approved prior to posting in Controlled Posting Spaces, including materials that would be placed on or in the ground in outdoor spaces. Separate posting policies, procedures or guidelines in university buildings/departments/units may have other restrictions such as size, length of posting times, and methods for affixing materials, and will follow the standards provided by this Policy.

Refer to department/unit-specific Controlled Posting Spaces guidelines prior to posting in these spaces. Flyers that have not been approved for posting in Controlled Posting Spaces may be removed. Controlled Posting Spaces shall also be clearly marked. A listing of known locations is available in the References section. Faculty office areas (e.g. doors and bulletin boards outside of their offices) and administrative spaces are at the discretion of academic departments/building managers.

In University buildings/departments/units that have separate posting policies, procedures or guidelines, items must be posted in accordance with the standards provided by the specific department/unit/building and this Policy.

In University buildings/departments/units that do not have a separate policy or defined Open or Controlled Spaces, postings are not allowed.

ENFORCEMENT

Individuals and groups can be charged with violating the University Code of Conduct or the Student Code, specifically Part III, B. 17: “Damage or misuse of property, which includes, but is not limited to, attempted or actual damage to or misuse of University property or other personal or public property”.

Individuals, departments, units, student organizations, and off-campus businesses or groups that violate this Policy will be asked to remove Flyers immediately and will be billed for any damage to University property that occurs because of improper posting.

Flyers that do not meet the standards outlined in this Policy or posted in places not designated for display may be removed at any time.

Questions about this Policy may be directed to the Office of the Provost at provost@uconn.edu or the Office of the Vice President for Life and Enrollment at VPSLE@uconn.edu.

REFERENCES

The list of departments/units with specific posting policies includes but is not limited to the following:

POLICY HISTORY

Policy created: 06/27/2024 (Approved by the Senior Policy Council and the President)

Multi-Factor Authentication (MFA) Policy

Posted on March 29, 2023March 17, 2026 by Brandon Murray

Title:	Multi-Factor Authentication (MFA) Policy
Policy Owner:	Information Technology Services / Chief Information Security Officer
Applies to:	All Workforce Members, Students
Campus Applicability:	All UConn Campuses, except UConn Health
Approval Date:	March 4, 2026
Effective Date:	March 9, 2026
For More Information, Contact:	UConn Information Security Office
Contact Information:	techsupport@uconn.edu or security@uconn.edu
Official Website:	https://security.uconn.edu/

PURPOSE

To help prevent unauthorized access to University information systems.

DEFINITIONS

Hardware Token: A small hardware device that serves as a second authentication mechanism either in place of or in addition to the an MFA mobile app.

University Information System: Devices and/or components managed or contracted by the University for collecting, storing, and processing data and for providing information, knowledge, and/or digital products. For purposes of this policy, information technology devices and components managed exclusively by UConn Health are not considered University Information Systems.

Multi-Factor Authentication (MFA): MFA is a method of system access control in which a user is granted access only after successfully providing at least two pieces of authentication, usually including knowledge (something the user knows such as a password), possession (something the user has such as a token generator), or inherence (something the user is such as the use of biometrics).

POLICY STATEMENT

Users of University Information Systems must adhere to Multi-Factor Authentication (MFA) requirements, where available, to ensure authorized access to University Information Systems and protected or confidential data.

University Information Systems must include effective MFA protections for authentication unless granted an exception from this policy by the Information Security Office (ISO). The Information Security Office (ISO) may mandate implementation of MFA for any University Information System.

The Information Security Office is authorized to publish and maintain any necessary standards, procedures, and guidelines to effectuate and enforce this policy.

MULTI-FACTOR AUTHENTICATION PROCEDURES

User Requirements

Users must maintain a device that can receive MFA authentication requests in a secure manner via a University approved mobile app or another mechanism, such as SMS, phone, or Hardware Token.
When an attempt is made to access a MFA protected system or application, the system will challenge the user by requesting a second factor of authentication which may include an acknowledgement of a push notification via a University approved MFA mobile app, a code via SMS, or a Hardware Token.
If users receive an MFA notification when not conducting a recent authentication, the authentication shall be denied and immediately reported to the Technology Support Center. Users shall update their NetID password, or credential associated with the authentication, if they reasonably believe their password is compromised.
Users may not approve MFA requests for another user’s account or register a device for MFA which is not within their individual control.

Frequency or Type of User Challenges

The frequency with which a user may be challenged, or the type of challenge depends both on policy and use.

Policy based – depending on information being accessed, more frequent authentications may be required.
Usage based – While user challenges may be “remembered” for a period of time, use of other hardware, browsers, or other behaviors may trigger additional verification using a second factor.

Lost or Stolen Devices

If a user’s registered multi-factor device is lost, stolen, or the user has reason to suspect their UConn NetID has been compromised, the user must contact the Technology Support Center immediately. As a precaution, they should change their NetID password at netid.uconn.edu.

Off-Hours and Emergency Access to Systems and Applications

UConn Information Technology Services will maintain internal procedures for processing emergency access requests if issues arise with the multi-factor authentication process. Users should contact the Technology Support Center for additional information.

Use of Automated Systems

Automated systems that intend to interfere with the approval component of multi-factor authentication are hereby prohibited.

ENFORCEMENT

Users may not attempt to circumvent login procedures, including multi-factor authentication, on any computer system or otherwise attempt to gain unauthorized access. Attempts to circumvent login procedures may subject individuals to disciplinary action. Financial losses incurred due to the use of multi-factor circumvention techniques are the responsibility of the user, and the University may seek financial restitution from users who violate this policy.

EXCEPTIONS

ITS will review and document any requests for exceptions to this standard. ITS will also have available solutions for the intermittent failure of various second factors, which may include the allowance of temporary access codes upon verification of an individual’s identity.

PROCEDURES/FORMS

Questions about this policy or suspected violations may be reported to any of the following:

Information Technology Services Tech Support – https://techsupport.uconn.edu (860-486-4357)

Information Security Office – https://security.uconn.edu

POLICY HISTORY

Policy created: March 29, 2023 (Approved by Senior Policy Council)

Revisions: March 4, 2026 (Approved by the Senior Policy Council and President)

Student Athlete Name, Image, Likeness, Policy On

Posted on May 6, 2022April 1, 2025 by Fearney, Kimberly

Title:	Student-Athlete Name, Image, and Likeness, Policy On
Policy Owner:	Athletics
Applies to:	All Student-Athletes and University Employees
Campus Applicability:	All UConn campuses, except UConn Health
Approval Date:	March 18, 2025
Effective Date:	March 19, 2025
For More Information, Contact	Director of Athletics
Contact Information:	(860) 486-2725
Official Website:	https://uconnhuskies.com/sports/2021/7/14/uconn-nil-information

PURPOSE

To establish a policy pursuant to which University of Connecticut (“University”) Student-Athletes are permitted by the University to (1) earn Compensation through an Endorsement Contract, Revenue Sharing Agreements, or employment in an activity unrelated to an Intercollegiate Athletic Program; and (2) obtain legal or professional representation of an attorney or Sports Agent through a written agreement, provided that in each case, the Student-Athlete complies with the terms and conditions of this policy and applicable law.

DEFINITIONS

Athletics Booster: a person who directly contributes to a University athletic program.

Compensation: the receipt, whether directly or indirectly, of any cryptocurrency, money, goods, services, other items of value, in kind contributions and any other form of payment or remuneration.

Endorsement Contract: a written agreement under which a Student-Athlete is employed or receives Compensation for the use by another party of such Student-Athlete's person, name, image or likeness in the promotion of any product, service or event.

Intercollegiate Athletic Program: a program at the University for sports played at the collegiate level for which eligibility requirements for participation by a Student-Athlete are established by a national association for the promotion or regulation of college athletics.

NCAA: the National Collegiate Athletic Association or its successor.

Official Team Activities: all games, practices, exhibitions, scrimmages, team appearances, team photograph sessions, sports camps sponsored by the University and other team-organized activities, including, but not limited to, photograph sessions, news media interviews, and other related activities as specified by the University.

Prohibited Endorsements: receipt of Compensation by, or employment of, a Student-Athlete for use of the Student-Athlete's person, name, image or likeness (“NIL”) in association with any product, category of companies, brands, or types of Endorsement Contracts that are: (1) prohibited by law; (2) prohibited by this policy; or (3) prohibited under the applicable University procedures adopted in accordance with this policy.

Revenue Sharing Agreement: an agreement between the University or an entity acting on the University’s behalf, and a student athlete through which a student athlete shares a portion of the University’s revenue as Compensation.

Sports Agent: a duly licensed person who negotiates or solicits a contract on behalf of a Student-Athlete in accordance with the Sports Agent Responsibility and Trust Act, 15 USC 7801, et seq., as amended from time to time.

Student-Athlete: a student who attends or has agreed to attend the University and participates or has agreed to participate in a University Intercollegiate Athletic Program.

University Marks: the name, logo, trademarks, mascot, unique colors, copyrights and other intellectual property or defining insignia of the University.

POLICY STATEMENT

The University shall permit its Student-Athletes to (1) obtain legal or professional representation of an attorney or Sports Agent through a written agreement, provided that the Student-Athlete complies with this policy and applicable law; (2) earn Compensation through employment in an activity unrelated to an Intercollegiate Athletic Program; (3) earn Compensation through an Endorsement Contract with a third party; (4) earn Compensation through an Endorsement Contract with the University for the use of the Student-Athlete's person, name, image or likeness in the promotion of any product, service or event; and (5) earn Compensation through a Revenue Sharing Agreement with the University.

1. Agreements for Representation by a Sports Agent or an Attorney

A Student-Athlete may only enter into an agreement for representation with a Sports Agent if the Student-Athlete submits a copy of the agreement to the University.
A Student-Athlete may only enter into an agreement for representation with an attorney if the Student-Athlete submits a copy of the agreement to the University

2. Agreements for Employment Activities and Endorsement Contracts with Third Parties

A Student-Athlete may receive Compensation for employment in an activity unrelated to any Intercollegiate Athletic Program, provided the Student-Athlete signs a written agreement for the employment and submits a copy to the University before performing any employment activities or services.
A Student-Athlete may only enter into an Endorsement Contract with a third party if:
1. the Student-Athlete submits a copy of the contract to the University prior to the Student-Athlete performing any activity or service under the contract;
2. the contract, or any portion thereof, does not conflict with the provisions of any agreement to which the University is a party. If a potential conflict is identified, the University shall disclose to the Student-Athlete or the Student-Athlete's attorney or Sports Agent the provisions of the University agreement that are in conflict; and
3. the Student-Athlete is not required to participate or engage in any activity prohibited by Section IV of this policy.

3. Endorsement Contracts and Revenue Sharing Agreements with the University

A Student-Athlete may only enter a Revenue Sharing Agreement and/or Endorsement Contract with the University if:

the Endorsement Contract is limited to the use of the Student-Athlete's person, name, image or likeness in the promotion of any product, service or event;
the Student-Athlete is an independent contractor; and
the Student-Athlete is not required to participate or engage in any activity prohibited by Section IV of this policy.

4. Prohibitions

No state funds appropriated to the University may be used to compensate a student athlete for an Endorsement Contract or a Revenue Sharing Agreement.
Use of Marks. Student-Athletes are prohibited from using or consenting to the use of any University Marks when performing any services or activity associated with an Endorsement Contract or employment activity without prior written permission from the University or its authorized designee.
University Employees. University employees are prohibited, in their individual capacity, from entering into an Endorsement Contract or a Revenue Sharing Agreement with any Student-Athlete or otherwise providing Compensation to a Student-Athlete in connection with a Student-Athlete’s participation in an Intercollegiate Athletic Program.
Student-Athletes.
1. Student-Athletes are prohibited from performing any service or activity associated with an Endorsement Contract or employment activity that interferes with any official team activities or academic obligations.
2. Student-Athletes are prohibited from receiving Compensation from entering an Endorsement Contract with, and/or otherwise engaging in an employment activity with companies, brands, products, conduct, and/or entertainment prohibited under University procedures adopted in accordance with this policy.

PROCEDURES

The President or the President’s designee may adopt procedures concerning the implementation of this policy.

ENFORCEMENT
Violations of this Policy or associated procedures may result in appropriate disciplinary measures in accordance with state law, University Laws and By-Laws, and Division of Athletics Student Athlete Handbook.

POLICY HISTORY

Policy created effective June 30, 2021 [Approved by the Board of Trustees]

Revisions:
May 2, 2022
March 18, 2025 [Approved by the President’s Senior Policy Council]

Recruitment of Students, Policy On

Posted on September 22, 2021November 15, 2021 by Guralnick, Stephanie

Title:	Recruitment of Students, Policy On
Policy Owner:	The Division of Enrollment Planning & Management
Applies to:	University Employees, Volunteers, Trainees and Others
Campus Applicability:	All Campuses
Effective Date:	August 23, 2021
For More Information, Contact	Office of the Vice President for Enrollment Planning & Management
Contact Information:	(860) 486-1463
Official Website:	https://epm.uconn.edu/

PURPOSE

To ensure compliance with federal laws and regulations regarding ethical recruitment and enrollment activities conducted at the University. Specifically, Section 487(a)(20) of the Higher Education Act (HEA) and its implementing regulations at 34 C.F.R. 668.14, as well as the University’s Memorandum of Understanding with the Department of Defense.

APPLIES TO

Employees, volunteers, trainees, and other persons whose conduct, in the performance of work for UConn, is under the direct control of UConn, whether or not they are paid by UConn.

DEFINITIONS

Commission, Bonus, Incentives means a sum of money or something of value, other than a fixed salary or wages, paid to or given to a person or an entity for services rendered.

Securing enrollments or the award of financial aid means activities that a person or entity engages in at any point in time through completion of an educational program for the purpose of the admission or matriculation of students for any period of time or the award of financial aid to students.

These activities include contact in any form with a prospective student, such as, but not limited to – contact through preadmission or advising activities, scheduling an appointment to visit the enrollment office or any other office of the institution, attendance at such an appointment, or involvement in a prospective student’s signing of an enrollment agreement or financial aid application.

These activities do not include making a payment to a third party for the provision of student contact information for prospective students provided that such payment is not based on: (1) any additional conduct or action by the third party or the prospective students, such as participation in preadmission or advising activities, scheduling an appointment to visit the enrollment office or any other office of the institution or attendance at such an appointment, or the signing, or being involved in the signing, of a prospective student’s enrollment agreement or financial aid application; or (2) the number of students (calculated at any point in time of an educational program) who apply for enrollment, are awarded financial aid, or are enrolled for any period of time, including through completion of an educational program.

“Entity or person engaged in any student recruitment or admission activity or in making decisions about the award of financial aid” means (1) with respect to an entity engaged in any student recruitment or admission activity or in making decisions about the award of financial aid, any institution or organization that undertakes the recruiting or the admitting of students or that makes decisions about and awards Title IV, HEA program funds; and (2) with respect to a person engaged in any student recruitment or admission activity or in making decisions about the award of financial aid, any employee who undertakes recruiting or admitting of students or who makes decisions about and awards Title IV, HEA program funds, and any higher level employee with responsibility for recruitment or admission of students, or making decisions about awarding Title IV, HEA program funds.

Enrollment means the admission or matriculation of a student into an eligible institution.

Inducement means any gratuity, favor, discount, entertainment, hospitality, loan, transportation, lodging, meals, or other item have a monetary value or more than a de minimis amount to any individual, entity, or its agents including third party lead generators or marketing forms.

Service Member means a current or former member of the uniformed services which includes (a) the armed forces; (b) the commissioned corps of the National Oceanic and Atmospheric; and (c) the commissioned corps of the Public Health Service.

POLICY STATEMENT

The University of Connecticut prohibits the award of any commission, bonus or other incentive payment based in any part, directly or indirectly, upon success in securing enrollments or the awarding of financial aid, to any person or entity who is engaged in any student recruitment, admission activities, or making decisions regarding the awarding of financial assistance. In accordance with the HEA, this restriction does not apply to the recruitment of foreign students residing in foreign countries who are not eligible to receive Federal student assistance.

In addition, in accordance with the Department of Defense Memorandum of Understanding, the University will refrain from high-pressure recruitment tactics aimed at Service Members, which includes making multiple unsolicited contacts (3 or more) including contacts by phone, email, or in-person, and engaging in same-day recruitment and registration for the purpose of securing Service Member enrollments.

ENFORCEMENT
Violations of this policy or associated procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, and applicable collective bargaining agreements.

PROCEDURES/FORMS
Contact the Division of Enrollment Planning and Management with questions.

POLICY HISTORY

Policy created effective: August 23, 2021 [Approved by President’s Senior Team]

Revisions: November 11, 2021 [Approved by the President]

Endpoint Device Security Policy, Information Technology

Posted on August 30, 2021March 17, 2026 by Brandon Murray

Title:	Endpoint Device Security Policy, Information Technology
Policy Owner:	Information Technology Services / Chief Information Security Officer
Applies to:	All faculty, staff, student employees, affiliates, and volunteers
Campus Applicability:	All UConn Campuses, except UConn Health
Approval Date:	March 4, 2026
Effective Date:	March 9, 2026
For More Information, Contact:	UConn Information Security Office
Contact Information:	techsupport@uconn.edu or security@uconn.edu
Official Website:	https://security.uconn.edu

BACKGROUND

Endpoints are important tools for the University, and their use is supported to advance the mission of the university. Endpoints also represent a significant risk to information and data security. If appropriate security measures and procedures are not applied, endpoints can serve as a conduit for unauthorized access to University data and IT resources that can subsequently lead to data leakage and a path for compromise of other systems.

PURPOSE

To ensure data and information systems security by establishing requirements for endpoint devices.

APPLIES TO

This policy applies to all University faculty, staff, student employees, and volunteers who use endpoint devices to access any non-public IT resources owned or managed by the University.

DEFINITIONS

IT Resources: Includes systems and equipment, software, and networks. Systems and equipment include but are not limited to computers, hard drives, printers, scanners, video and audio recorders, cameras, photocopiers, and other related devices. Software includes but is not limited to computer software, including open-source and purchased software, and all cloud-based software, including infrastructure-based cloud computing and software as a service. Networks include but are not limited to all voice, video, and data systems, including both wired and wireless network access across the institution.

Endpoint: Physical device that connects to and exchanges information with a computer or telecommunications network, often acting as the interface between a human user and the network, including but not limited to, desktops, laptops, tablet computers, and smartphones. Endpoints do not host services for other endpoints.

Confidential Data: Institutional information protected by law, government regulations, statutes, industry regulations, contractual obligations, or specific university policies.

POLICY STATEMENT

University of Connecticut faculty, staff, student employees, affiliates, and volunteers who use endpoints, whether University-owned, externally owned, or personally owned, are responsible for any institutional data that is stored, processed, and/or transmitted via an, endpoint, mobile, or remote device and for following the security requirements set forth in this policy.

To adequately protect the data and information systems of the University, all individuals covered under this policy are expected to meet the following requirements:

Endpoint Security Requirements

Configure the device to require a password meeting the requirements set forth in the University Password Standard (https://security.uconn.edu/password-standards/), biometric identifier, PIN (minimum of 6 characters), or swipe gesture (minimum of 6 swipes) to be entered before access to the device is granted. Device must automatically lock and require one of the authentication methods after no more than 15 minutes of idle time.
Keep devices on currently supported versions of the operating system and remain current with all published operating system and software patches.
Enable and appropriately secure the device’s remote wipe feature to permit a lost or stolen device to be securely erased.
Securely store the device when not in use to minimize loss via theft or accidental misplacement.
Ensure internal hardware and external peripherals, including but not limited to USB devices, external storage, scanners, input devices, and displays, are manufacturer supported and compatible with the installed operating systems and other installed software.

Except when being actively used, confidential information on endpoint devices must at all times be encrypted through a mechanism approved by the University. Whole drive or whole device encryption may be deployed to meet this requirement.

Endpoints must have software enabled and running to identify, protect, and respond to any threats to the data or operating systems of the devices. University owned endpoints must be enrolled in the university-supported endpoint detection and response (EDR) platform.
University owned endpoints must have Mobile Device Management software installed and enabled to facilitate device protection, including remote wipe and, if possible, device location technology for recovery. Personal devices should be configured to enable these features where possible.

Wherever practical, elements of these requirements will be enforced via centrally administered technology controls.University owned devices that are unable to meet these requirements must go through a security assessment prior to their use.

STORAGE OF CONFIDENTIAL DATA

In general, Confidential Data should not be stored on endpoints. However, in certain instances and depending on job responsibilities, this may be unavoidable. In these instances, Confidential Data must be stored ONLY on university-owned devices configured in compliance with this policy.

DEVICE DECOMMISSION OR SEPARATION FROM THE UNIVERSITY

When endpoints, including personally owned devices that may have had access to University resources or data, are no longer used, and sold, donated, given, placed in the control of or otherwise transferred to anyone else, the device owner is responsible for ensuring that any University information is securely deleted from the device, including University-related e-mails/accounts, user ID and password, or other cached credentials used to access University systems.

In the event of separation from the University, it is the employee’s responsibility to delete any University-related e-mail accounts or University licensed software that may have been installed on personal endpoints, devices, or computers.

EXCEPTIONS

In certain instances, there may be a justifiable business need to operate a device that is not in compliance with this policy. In these instances, users must work with the Information Security Office to request evaluation of an exception to this policy. Exceptions are reviewed on a case-by-case basis and are approved at the discretion of the Chief Information Security Officer based on justifiable business need and assessed risk. Exceptions must be reviewed and approved prior to implementation of any solution that does not fully comply with this policy.

ENFORCEMENT

Violations of this policy and any related procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Code.
Questions about this policy or suspected violations may be reported to any of the following:

Office of University Compliance – https://compliance.uconn.edu (860-486-2530)

Information Technology Services Tech Support – https://techsupport.uconn.edu (860-486-4357)

Information Security Office – https://security.uconn.edu

REFERENCES

Data Classification Policy

POLICY HISTORY

Policy created: August 30, 2021 (Approved by President’s Senior Team)

Revisions: March 4, 2026 (Approved by the Senior Policy Council and President)

System and Application Security Policy

Posted on August 30, 2021March 17, 2026 by Brandon Murray

Title:	System and Application Security Policy
Policy Owner:	Information Technology Services / Chief Information Security Officer
Applies to:	University Workforce Members
Campus Applicability:	All UConn Campuses, except UConn Health
Approval Date:	March 4, 2026
Effective Date:	March 9, 2026
For More Information, Contact:	UConn Information Security Office
Contact Information:	techsupport@uconn.edu or security@uconn.edu
Official Website:	https://security.uconn.edu

PURPOSE

To ensure the security of university data and systems by establishing requirements for the proper maintenance and oversight of systems and applications used by university constituents.

APPLIES TO

This policy applies to all workforce members responsible for operating or overseeing any University system or application, whether on premise or in the cloud.

DEFINITIONS

Academic / Research System: A system whose primary responsibility relates to individual academic work or research.

Administrative System: Any system that is used in support of the operation of the university excluding individual Academic / Research Systems.

ISO: Information Security Office

ITS: Information Technology Services

IT Professional: An individual (staff) who is trained and skilled in using technology to solve business problems coupled with assigned job duties in support of technology at the university. This must be a defined responsibility within the position job description and may not fall under “other duties as assigned.” Appropriate training, support, and budget must also be available in support of the IT Professional role.

Local Network: Network of computers and devices logically located on the same subnet.

Software as a Service (SaaS): Cloud-based service that is delivered via the web based on either a monthly or annual subscription.

Platform as a Service (PaaS): Cloud-based service that provides a platform allowing for the development of software using an established framework to improve development time and management of cloud services.

Personally Identifiable Information (PII): Information that either singularly or in conjunction with other data elements could reasonably lead to the identification of specific individuals.

System Owner: The individual – such as a faculty member, department head, manager, or other employee – who is responsible for the planning and operation of the service. All systems must have a designated system owner.

Vendor Risk Management (VRM): The process of identifying, assessing, and mitigating risks associated with third-party suppliers and service providers. It ensures that vendors meet security, compliance, and operational standards before and during their engagement with the University.

POLICY STATEMENT

The proper management, maintenance, and support of systems and applications is critical to protecting the data they store or process from a confidentiality, integrity, and availability perspective.

System Ownership

All systems, including cloud-based systems, supporting any aspect of the University must have an identified owner and responsible party for ensuring the implementation and operation of the controls specified in this policy.

All software and services used to process University information are subject to an Information Security review and sign off prior to their purchase or development. Information security reviews will evaluate specific risks and controls available and necessary based on the information being processed. The System Owner will be responsible for the deployment of the agreed upon security controls prior to enabling the production capability of the system or application. Maintaining security best practices is an ongoing and evolving responsibility; the System Owner shall implement additional security controls consistent with best practice, regulatory requirements, or as directed by the Information Security Office during the lifecycle of the system, server, software, or service.

System Access

Access to information in the possession of or under the control of the University must be provided on a need-to-know basis. Information must be disclosed only to individuals who have a legitimate and approved need for the information. Access to functionality shall be configured on the basis of least privilege and granted only where approved for a legitimate business purpose.

Systems and applications shall employ best practices for authentication and authorization. System Owners are responsible for maintaining documentation of their system access controls. The use of University Single Sign On (SSO) is required unless impractical or impossible.

Information may only be used for its intended purpose, and other uses of University information without the approval of the data owner is prohibited.

System access shall be reviewed and altered (if applicable) as soon as possible when a relevant change in an individual’s status occurs, including but not limited to, change of role, transfer, promotion, termination, or separation.

When an individual requires continued access to an existing system following a change of status, any access that is no longer required must be removed.

Any shared/service accounts, encryption keys, or shared secrets that the individual had access to must have their passwords or private keys rotated following the status change unless the System Owner determines that continued access is required.

User Management

Information Technology Services (ITS) provides a centralized user identity and access management platform (IAM) that supports identity validation and access management using a NetID and password. UConn NetID provides for single sign on (SSO) across multiple systems. Systems and applications that rely on the University IAM platform to authenticate individuals may rely on UConn NetID for user management. System Owners are always responsible for assigning and managing roles within the system or application.

Owners of systems and applications that cannot use the central IAM solution shall develop a formal, written plan which, at minimum, defines or identifies the following:

The individual(s) responsible for creating, modifying, and deleting user accounts.
Process and responsibility for regularly reviewing system access. System access reviews must be performed when configured users separate from the University, and not less than annually.
Password/multi-factor authentication requirements and reset procedures. Multi-factor authentication is required for all systems.
Process for validating a person’s identity when password or multifactor reset or account changes are requested.

The authentication management plans and any plan revisions must be submitted to the Information Security Office for review and approval.

Software Maintenance

Only necessary software should be loaded on systems, and old versions of software removed. The use of web browsers and other individual productivity tools should be limited to the management of the system only.

Patching, Maintenance, and Vulnerability Management

System Owners must ensure the timely implementation of patches and required maintenance in accordance with the University’s vulnerability management standards and vendor provided guidance in order to provide for the confidentiality, integrity, and availability of the systems or data. Maintenance is considered required when the change is necessary to remediate a vulnerability, maintain the availability of a system, or align with updated industry best practices. The ongoing maintenance of systems and applications, including software and configuration maintenance, must be minimally scheduled on a quarterly basis. This includes on-premises, vendor-hosted, and cloud-hosted applications. It is the UConn System Owner’s responsibility to ensure that systems under their control remain in compliance with this policy, even when the system is managed or hosted externally.

System and Application Lifecycle Management

System Owners are responsible for the planning of and budgeting for system maintenance and obsolescence. Any system or application that is no longer supported by the vendor or is replaced by newer technology should be decommissioned as soon as possible. The decommissioning process must include the proper retirement of any physical hardware or virtual images and the proper destruction of any media (e.g., hard drives, tapes, etc.) that may have data. Cloud services that are decommissioned should ensure the proper handling of any data (return and/or destruction) in the cloud vendor’s possession as part of the contract cancellation.

Software as a Service (SaaS) / Platform as a Service (PaaS)

Patching and maintenance of cloud-based SaaS and PaaS systems is typically handled by the contracted vendor. System Owners are responsible for proper security configurations and user management associated with providing the service. A Vendor Risk Management review is necessary for all newly procured cloud-based services.

Infrastructure as a Service (IASS)

IaaS provides a significant amount of flexibility in the configuration and use of the platform. This requires specific expertise and management by an IT Professional. Where applicable, IaaS solutions must meet the same requirements as Administrative Systems.

Administrative System and Application Security

Administrative systems, due to their complexity, must be managed by an IT Professional. System Owners are responsible for ensuring they have the administrative and technical resource capacity to support this requirement.

Administrative Systems will be required to adhere to all regulatory requirements and meet security controls and standards as set forth by the Information Security Office based on institutional requirements.

Encryption

All systems housing administrative data shall be configured to provide encryption for all data in transit and all data at rest. Where possible, the encryption keys necessary to decrypt the data should reside outside of the system and/or application.

Auditing of Systems and Application Logs

System and application logs shall be reviewed for inappropriate access on a regular basis (at least monthly) or via automated systems capable of detecting misuse through the analysis of frequent password failures, geographic anomalies, or inappropriate access attempts. ITS maintains a centralized logging and reporting platform, which can assist in the analysis of large amounts of data often associated with system and application logs. All Administrative Systems (regardless of hosting platform) and all centrally hosted systems must be configured to log both application and security events to the centralized logging and reporting platform.

Mandatory Reporting

All suspected policy violations, system intrusions, and other conditions that might jeopardize University information or information systems must be immediately reported to the Information Security Office.

EXCEPTION MANAGEMENT

The Information Security Office shall maintain a risk-based exception management program and shall review and document any requests for exceptions to this policy. The Information Security Office shall, in its sole discretion, approve or deny requested exceptions and may require mitigating controls for any approved exception.

System and application owners shall contact the Information Security Office to initiate the exception review process when it is not possible to comply with this policy.

ENFORCEMENT

Systems and applications found to be non-compliant with this policy may be administratively shut down or have their access restricted. Systems maintained at the departmental or individual level may incur costs in association with enabling the proper protections or in the event of data exposure.

PROCEDURES/FORMS

Questions about this policy or suspected violations may be reported to any of the following:

Office of University Compliance – https://compliance.uconn.edu (860-486-2530) or UConn Reportline (1-888-685-2637)

Information Technology Services Tech Support – https://techsupport.uconn.edu (860-486-4357)

Information Security Office – https://security.uconn.edu

POLICY HISTORY

Policy created: August 30, 2021 (Approved by President’s Senior Team)

Revisions:
August 30, 2023 (Approved by the Senior Policy Council and the President)
March 4, 2026 (Approved by the Senior Policy Council and President)

BACKGROUND

PURPOSE

APPLIES TO

DEFINITIONS

POLICY STATEMENT

PRE-TRIP

Pre-Approval

Travel Advances

International Travel

ELIGIBLE BUSINESS EXPENSES

General Trip Requirements

Long-Term Business Travel

Accompanying Individuals

Combined Business and Personal Travel

Transportation

Lodging

Meals

Gratuities and Miscellaneous

Single-Day Travel

INTERNATIONAL TRAVEL

EXPENSE REPORTING

Prohibited Business Travel Expenses

Sponsored Program Expenses

EXCEPTIONS TO POLICY

ENFORCEMENT

PROCEDURES/APPENDICES

REFERENCES

POLICY HISTORY

BACKGROUND

PURPOSE

APPLIES TO

DEFINITIONS

POLICY STATEMENT

Formation and Registration

University Oversight and Organizational Autonomy

ENFORCEMENT

PROCEDURES/FORMS

REFERENCES

POLICY HISTORY

PURPOSE

APPLIES TO

DEFINITIONS

POLICY STATEMENT

ENFORCEMENT

PROCEDURES

POLICY HISTORY

BACKGROUND

PURPOSE

DEFINITIONS

POLICY STATEMENT

ENFORCEMENT

RESOURCES

POLICY HISTORY

PURPOSE

APPLIES TO

DEFINITIONS

POLICY STATEMENT

PROCEDURES

ENFORCEMENT

REFERENCES

POLICY HISTORY

PURPOSE

DEFINITIONS

POLICY STATEMENT

MULTI-FACTOR AUTHENTICATION PROCEDURES

User Requirements

Frequency or Type of User Challenges

Lost or Stolen Devices

Use of Automated Systems

ENFORCEMENT

EXCEPTIONS

PROCEDURES/FORMS

POLICY HISTORY

BACKGROUND

PURPOSE

APPLIES TO

DEFINITIONS

POLICY STATEMENT

Endpoint Security Requirements

STORAGE OF CONFIDENTIAL DATA