Staff

Working Alone Policy

Posted on by
Title: Working Alone Policy
Policy Owner: Division of Environmental Health and Safety
Applies to: University Students
Campus Applicability: Storrs, Regionals, Law School
Effective Date: January 2013
For More Information, Contact Environmental Health and Safety
Contact Information: (860) 486-3613
Official Website: http://www.ehs.uconn.edu/

POLICY STATEMENT

No student is permitted to Work Alone in an Immediately Hazardous Environment.

REASON FOR POLICY

This policy has been developed to minimize the risk of serious injury while Working Alone with materials, equipment or in areas that could result in serious injury or an immediate life-threatening hazard.

APPLIES TO

This policy applies to undergraduate, graduate, and post-doctoral students performing academic or research related work at the University of Connecticut Storrs, regional campuses and the Law School.

DEFINITIONS

Working Alone means an isolated student working with an immediately hazardous material, equipment or in an area that, if safety procedures fail, could reasonably result in incapacitation and serious life threatening injury for which immediate first aide assistance is not available.

Immediately Hazardous Environment describes any material, activity or circumstance that could cause instantaneous incapacitation rendering an individual unable to seek assistance.  Examples include but are not limited to: potential exposure to poisonous chemicals and gases at a level approaching the IDLH (Immediately Dangerous to Life & Health); work with pyrophoric and explosive chemicals; work with pressurized chemical systems; entering confined spaces; work near high voltage equipment; work with power equipment that could pinch or grab body parts and/or clothing; etc.

Unit Managers are managers, supervisors, principle investigators, faculty, Department Heads and others who are responsible for assigning work to students that involve potential exposure to immediately hazardous environments.

Safety Content Expert is a safety professional from the UConn Department of Environmental Health and Safety (EHS).  EHS provides guidance to Unit Managers and their designees regarding the proper classification of campus activities as Immediately Hazardous or not; and provides safety information regarding proper procedures and personal protective equipment needed.

Direct Observation means the assigned second person is in line of sight or close hearing range with the individual working in an Immediately Hazardous Environment.

ENFORCEMENT

Violations of this policy may result in appropriate disciplinary measures in accordance with University Laws and Bylaws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements and the University of Connecticut Student Conduct Code.

RESPONSIBILITIES

Unit Managers are responsible for identifying the risks and conditions that may place a student in an Immediately Hazardous Environment.  If unsure about a specific task or location, Unit Managers are advised to contact EHS to assist in recognizing/evaluating risks, and to help in developing appropriate hazard controls. The Unit Manager is also responsible to see that personnel are properly trained, proper procedures are in place, and that proper personal protective equipment is readily available and use is mandatory. This is documented by means of the Workplace Hazard Assessment form.

If the task/area is deemed a Working Alone situation, the Unit Manager must either:

a) Assign a second person for the duration of the immediately hazardous task or for work in immediately hazardous locations (confined spaces, elevated work area, etc.); or

b) Reschedule the work to a time when others are available to help monitor the welfare of the assigned student.

All personnel are responsible for notifying the Unit Managers of situations that present the possibility of a student Working Alone in an immediately hazardous environment.

Personnel assigned to keep watch must provide Direct Observation at all times while students are in an Immediately Hazardous Environment to prevent a Working Alone situation.

Students are directly responsible for adhering to all safety procedures, wearing appropriate personal protective equipment and to be current in training requirements.  Students shall not Work Alone in an area or on tasks that have been recognized as an Immediately Hazardous Environment.

Environmental Health & Safety (EHS) personnel shall, upon request, assist in identifying Immediately Hazardous Environments and Working Alone situations.  EHS shall assist in the anticipation, recognition and evaluation of hazards and provide expertise in developing controls to prevent injuries to personnel.  EHS will verify submitted area Workplace Hazard Assessment during routine inspections.

Recommended Safety Information Resources

Refer to the EH&S website for additional workplace safety requirements:

Policies, programs and procedures

Training

Forms

Secure Web Application Development, Information Technology

Posted on by
Title: Secure Web Application Development, Information Technology
Policy Owner: Information Security Office
Applies to: Students, Employees, Users
Campus Applicability:  Storrs and Regionals
Effective Date: May 16, 2012
For More Information, Contact Chief Information Security Officer
Contact Information: (860) 486-8255
Official Website: https://security.uconn.edu/

This policy is available in the Information Security Policy Manual.

Departments will ensure that development, test, and production environments are separated. Confidential Data must not be used in the development or test environments.

Production application code shall not be modified directly without following an emergency protocol that is developed by the department, approved by the Data Steward, and includes post-emergency testing procedures.

Web servers that host multiple sites may not contain Confidential Data.

All test data and accounts shall be removed prior to systems becoming active in production.

The use of industry-standard encryption for data in transit is required for applications that process, store, or transmit Confidential Data.

Authentication must always be done over encrypted connections. University enterprise Central Authentication Service (CAS), Shibboleth, or Active Directory services must perform authentication for all applications that process, store, or transmit Confidential or Protected Data.

Change sentence to “Web application and transaction logging for applications that process, store, or transmit Confidential Data or Regulated Data must submit system-generated logs to the ITS Information Security Office. For more information please view UConn’s Logging Standard.

Departments implementing applications must retain records of security testing performed in accordance with this policy.

Policy Created: May 16, 2012

Security Awareness Training Policy, Information Technology

Posted on by
Title: Security Awareness Training Policy, Information Technology
Policy Owner: Information Technology Services / Chief Information Security Officer 
Applies to: All faculty, staff, student employees, and volunteers   
Campus Applicability: All campuses except UConn Health 
Effective Date: August 30, 2021
For More Information, Contact UConn Information Security Office 
Contact Information: techsupport@uconn.edu or security@uconn.edu 
Official Website: https://security.uconn.edu/

PURPOSE 

The Information Security Office (ISO) maintains an active Security Awareness Training program available to all faculty, staff, and student employees. This policy establishes the authority of the ISO to mandate Security Awareness training as needed and outlines the expectations for individuals and departments in assisting with ensuring the confidentiality, integrity, and availability of university systems, services, and data. 

APPLIES TO 

This policy applies to all University faculty, staff, student employees, and volunteers who regularly interact with or have access to confidential or protected information within the university. 

POLICY STATEMENT  

While the Information Security Office maintains an active information security program, faculty and staff members’ knowledge of the threats and risks to the University’s systems and data is a critical component in helping to defend the University from attack.  

The ISO maintains an Information Security Awareness program that supports University employees’ and students’ needs for regular training. Training on important information security topics is available or communicated in multiple ways including: 

  • Online training systems with a variety of topics relevant to Information Security (available at https://security.uconn.edu/training) 
  • Communications to targeted groups by email of ongoing or imminent threats 
  • Postings on various web-based systems across the university (security.uconn.edu or techsupport.uconn.edu) 
  • Availability of ISO staff for in-person discussions on information security 

As part of their ongoing operations and employee development, all academic and administrative departments should identify opportunities to engage faculty, staff, and student employees in Security Awareness training annually. These opportunities may include those offerings from the ISO or a tailored program for specific threats against departments or systems, which may also be included in procedural manuals or scheduled as group training opportunities. 

The ISO is authorized to mandate Security Awareness training. In some areas, Security Awareness training may be mandatory based on federal or industry regulations. Training for these programs must be coordinated with the ISO to ensure regulatory requirements are met.  

ENFORCEMENT  

Failure to comply with mandatory Security Awareness training, or to coordinate training with the ISO, may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code. 

Questions about this policy or suspected violations may be reported to any of the following: 

Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

Information Security Office – https://security.uconn.edu 

REFERENCES 

Compliance Training Policy 

POLICY HISTORY 

Policy created:  May 16, 2012 

Revisions:  August 30, 2021 [Approved by President’s Senior Team]

Risk Management, Information Technology

Posted on by
Title: Risk Management, Information Technology
Policy Owner: Information Technology Services / Chief Information Security Officer 
Applies to: All department and school/college system owners and IT professionals   
Campus Applicability: All campuses except UConn Health 
Effective Date: August 30, 2021
For More Information, Contact UConn Information Security Office 
Contact Information: techsupport@uconn.edu or security@uconn.edu 
Official Website: https://security.uconn.edu/

PURPOSE 

As technology and capabilities change our University environment, threats against these technologies also evolve. To provide the highest level of protection for the University, department and system owners are responsible for regular assessments of risks to their technology platforms. The Information Security Office is responsible for overseeing the evaluation of IT risk across the organization. 

APPLIES TO 

This policy applies to all University department and school/college system owners and IT professionals.  

DEFINITIONS  

Confidential Data: Confidential data is institutional information protected by law, government regulations, statutes, industry regulations, contractual obligations, or specific university policies. Examples of confidential data may include Personally Identifiable Information (PII), Protected Health Information (PHI), Educational Records (FERPA), Credit Card Information (PCI-DSS). An extended list of Confidential Data can be found in Appendix A of the Data Classification Policy. 

Protected Data: Protected data is institutional information that must be guarded due to proprietary, ethical, privacy, or business process considerations. By default, most administrative data will fall into this classification or if data is not confidential or public, it will fall into the protected data category. 

Risk Assessment: Part of the ongoing risk management process that assigns relative priorities for mitigation plans and implementation.  

Risk Assessment Tool: Risk assessment tools are available to department and school/college system owners and IT professionals to collect information about systems, services, and data that will inform efforts to continuously strengthen UConn’s information security.  

POLICY STATEMENT  

The Information Security Office (ISO) is authorized to administer the University’s risk management process, which includes the delegation of responsibility for ensuring that information systems are assessed for risk. 

Due to the size and complexity of the UConn environment, each department and system owner is responsible for conducting a regular and ongoing risk assessment of the Information Technologies they are responsible for overseeing. 

In conducting a risk assessment, departments/individuals should evaluate risks to Information Technology based on a People, Process, Technology (PPT) methodology. Using this methodology and leveraging ISO policies, including the Acceptable Use Policy, Confidential Data Policy, Data Roles and Responsibilities Policy, Security Awareness Training Policy and System and Application Security Policy (available at https://security.uconn.edu), departments must evaluate opportunities to reduce risk to the confidentiality, integrity, and availability of information technology assets. 

Some University organizations will be required to do regular risk assessments as a regulatory or industry requirement. Organizations typically focusing on Personal Health Information or Credit Card Processing will have more formal risk assessments conducted by their leadership and review by Information Security Office on an annual basis.   

ENFORCEMENT 

Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code. 

Questions about this policy or suspected violations may be reported to any of the following: 

Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

Information Security Office – https://security.uconn.edu 

 

POLICY HISTORY 

Policy created:  May 16, 2012 

Revisions: August 30, 2021 [Approved by the President’s Senior Team]

 

Data Classification Policy

Posted on by
Title: Data Classification Policy
Policy Owner: Information Technology Services / Chief Information Security Officer 
Applies to: All students, faculty, staff, volunteers, and contractors  
Campus Applicability:  All Campuses except UConn Health
Effective Date: August 30, 2021
For More Information, Contact UConn Information Security Office 
Contact Information: techsupport@uconn.edu or security@uconn.edu 
Official Website: https://security.uconn.edu/

PURPOSE 

This policy defines the classifications of institutional data (i.e., the categories of data that the University is responsible for safeguarding) and the associated measures that are necessary to safeguard each classification. Institutional data commonly exists in many forms, including electronic, magnetic, optical, and traditional paper documents. Common types of electronic data include email messages, spreadsheets, word processing documents, PDF reports, and university managed databases and file storage systems. 

APPLIES TO 

This policy applies to all University faculty, staff, students, student employees, volunteers, and contractors who have access to protected or confidential information. This policy covers data that is stored, accessed, or transmitted in all formats, including electronic, magnetic, optical, paper, or other non-digital formats. 

DEFINITIONS  

Cloud: Any environment not operated by UConn. This includes cloud-based services that provide basic infrastructure including operating system and storage or services that provide a full software stack for an intended purpose or platform offering multiple services. 

Confidential Data: Institutional information protected by law, government regulations, statutes, industry regulations, contractual obligations, or specific university policies. Examples of confidential data may include Personally Identifiable Information (PII), Protected Health Information (PHI), Educational Records (FERPA), Credit Card Information (PCI-DSS). An extended list of Confidential Data can be found in Appendix A of this policy. 

Protected Data: Institutional information that must be guarded due to proprietary, ethical, privacy, or business process considerations. By default, most administrative data will fall into this classification or if data is not confidential or public. 

Public Data: Institutional information that may or must be freely available to the general public. Such information has no local, national, international, or contractual restrictions on access or usage. 

POLICY STATEMENT  

Through the normal course of business, many individuals at the University of Connecticut collect, maintain, transmit, and/or have access to personal information, financial data, and other information which is protected or confidential in nature. The protection of some types of data is governed by industry or governmental regulations. While other types of information may not be covered by specific legal requirements, it is in the University of Connecticut’s best interest to take steps to safeguard all university information reasonably and responsibly. 

Except for those classes of data expressly protected by statute, contract, or industry regulation, the data classification examples presented in this policy are guidelines. Ultimate responsibility for the classification in the university environment is determined by the Data Steward, as defined in the University’s Data Roles and Responsibilities Policy, and the Office of General Counsel for any given set of data. 

Data Protection 

The University of Connecticut has established the following requirements and guidelines in order to protect each classification of data. 

Public Data 

While there are few restrictions on public data, such data should be properly secured to prevent unauthorized modification, unintended use, or inadvertent/improper distribution. It should be understood that any information that is widely disseminated within the university community is potentially available to the public at large. 

The following guidelines are for information systems that are used to store and share the University’s public data. 

  • When practical, public data should only be shared via systems over which the University maintains full administrative control, which includes the ability to remove or modify the data in question. 
  • Information systems, such as web servers or cloud services that are used to share public data, must be properly secured to prevent the unauthorized modification of published public data. 
  • Interactive access to databases containing public data, such as online directories or library catalogs, should be properly secured using query rate limiting, CAPTCHA’s or similar technology to impede bulk downloads of entire collections. 

    Protected Data 

    Protected data requires additional levels of protection because its unauthorized disclosure, alteration, or destruction could cause damage to the University or its constituents.  

    In addition to the requirements outlined for public data, protected data must also meet these requirements: 

    • If stored in the cloud, stored only on cloud-based information systems managed or contracted by the University. 
    • Protected through the use of authenticated access in order to prevent loss, theft, or unauthorized access, disclosure or modification. 
    • Printed sensitive data including reports must be stored in a secure manner (file cabinet, closed office, or department where electronic/physical access control systems are in place) when not in use. 

    Confidential Data 

    Confidential data (see Appendix A) requires the highest level of protection due to the risk and magnitude of loss or harm that could result from disclosure, alteration, or destruction of the data. Certain types of information, such as health information, may have additional requirements for protection. Wherever possible, confidential information should remain in source systems and not propagated through saved files, spreadsheets, or other file formats. Whenever storage of confidential data is required outside the source system, it should be limited to the minimum amount, and for the minimum time, required to perform the business function, or as required by law and/or State of Connecticut Data Retention requirements. 

    In addition to the requirements for protected data, confidential data must be: 

    • Protected with strong passwords and should leverage Multi-Factor Authentication whenever such capabilities exist.  
    • Stored on devices that have appropriate protection, monitoring and encryption measures in order to protect against theft, unauthorized access and unauthorized disclosure. 
    • Transmitted using approved encryption methods. 
    • Accessed via approved remote access services such as VPN when accessed remotely.  
    • Stored on university-owned devices. Confidential data is not permitted to be stored on any personally owned devices including mobile phones, laptops, or home computers. 
    • Stored, if printed material, only in a locked drawer; a locked room; an area where access is controlled by a guard, cipher lock, and/or card reader; or an area that has sufficient physical access control measures to afford adequate protection and prevent unauthorized access by members of the public, visitors, or other individuals not on a need-to-know basis. 

      The University’s Confidential Data may not be accessed, transmitted, or stored using public computers or via email. 

      Encryption 

      To maintain its confidentiality, all data shall be encrypted while in transit across communication networks or when stored. Stored data may only be encrypted using current encryption methodologies. To ensure that data is available when needed, each department or user of encrypted University data will ensure that encryption keys are adequately protected and that procedures are in place to allow data to be recovered by another authorized University employee. In employing encryption as a privacy tool, users must be aware of, and are expected to comply with, Federal Export Control Regulations. 

      Service Providers  

      Departments shall take steps to ensure that third-party service providers understand the University’s Data Classification Policy and protection of the University’s Data. No user may give a third-party access to the University’s Protected or Confidential Data or to systems that store or process Protected or Confidential Data without permission from the Data Steward and a standard Confidentiality Agreement from University Procurement in place.  

      Disposal 

      Systems administrators will ensure that all data stored on electronic media is properly destroyed or wiped to current Department of Defense Data Wipe standards prior to the disposal or transfer of the equipment.  

      Confidential Data maintained in hard copy form will be properly disposed of when no longer required for business or legal purposes. 

      ENFORCEMENT 

      Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code.  

      Questions about this policy or suspected violations may be reported to any of the following: 

      Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

      Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

      Information Security Office – https://security.uconn.edu 

      REFERENCES 

      Data Roles and Responsibilities, Policy On 

      POLICY HISTORY 

      Policy created:  May 16, 2012 

      Revisions: August 30, 2021

       

      Data Roles and Responsibilities Policy

      Posted on by
      Title: Data Roles and Responsibilities Policy, Information Technology
      Policy Owner: Information Technology Services / Chief Information Security Officer 
      Applies to:  All students, faculty, and staff  
      Campus Applicability:  All campuses except UConn Health 
      Effective Date: August 30, 2021
      For More Information, Contact UConn Information Security Office 
      Contact Information: techsupport@uconn.edu or security@uconn.edu 
      Official Website: https://security.uconn.edu/

      PURPOSE 

      To define the responsibilities of individuals within the organization in protecting the University of Connecticut’s data assets. 

      APPLIES TO 

      This policy applies to all University faculty, staff, students, student employees, volunteers, and contractors who have access to or have been assigned one of the roles defined in this policy. 

      POLICY STATEMENT  

      Through the normal course of operations of the University, ever increasing amounts of data are created, processed, modified, and eventually disposed of as part of daily activities. To ensure the proper management of the various data sets, the University has defined the following roles and responsibilities to ensure data is properly protected, used, and managed throughout its lifecycle. 

      Data Stewards are employees of the university responsible for the overall use and proper handling of administrative, academic, public engagement, or research data. Data Stewards must classify data according to the University’s Data Classification Policy. Data Stewards ensure that appropriate steps are taken to protect data and implement policies and agreements that define appropriate use of data.  

      The Data Steward or their designated representatives are responsible for: 

      • Ensuring the information they are responsible for is accurate 
      • Authorizing the specific use of information across the organization 
      • Working with other Data Stewards to resolve conflicting data issues 
      • Specify appropriate controls, based on data classification, to protect the data from unauthorized modification, deletion, or disclosure 
      • Ensuring access rights are evaluated on a regular basis 

        Data Administrators are usually system administrators who are responsible for applying appropriate controls to data based on its classification level and required protection level. Data Administrators are also responsible for securely processing, storing, and recovering data. The Data Administrator is accountable for: 

        • Implementing the appropriate controls specified by the Data Stewards 
        • Removing access rights to specific data resources due to a job change or separation from the University 
        • Implementing the appropriate monitoring techniques and procedures for detecting, reporting, and investigating incidents 
        • Assisting Data Stewards in evaluating the overall effectiveness of controls and monitoring  

        Data Users are individuals who receive authorization from the Data Steward/Administrator to access, enter, or update information. Data Users  must use the resource only for the purpose specified by the Data Steward, complying with controls established by the Steward, and preventing disclosure or confidential or protected information. 

        ENFORCEMENT 

        Failure to properly fulfill the roles and responsibilities articulated in this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code. 

        Questions about this policy or suspected violations may be reported to any of the following: 

        Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

        Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

        Information Security Office – https://security.uconn.edu 

         

        POLICY HISTORY 

        Policy created:  May 16, 2012 

        Revisions: August 30, 2021 [Approved by President’s Senior Team]

        Acceptable Use, Information Technology

        Posted on by
        Title: Acceptable Use, Information Technology
        Policy Owner: Information Technology Services/Chief Information Security Officer
        Applies to: All University Information Technology Users
        Campus Applicability: All campuses except UConn Health
        Effective Date: August 30, 2021
        For More Information, Contact UConn Information Security Office
        Contact Information: techsupport@uconn.edu or security@uconn.edu
        Official Website: https://security.uconn.edu/

        BACKGROUND 

        The University’s IT resources support many systems to fulfill the academic, research and administrative needs of the University’s constituents, including students, faculty, staff, and guests. These resources must be used in a responsible manner consistent with Federal and State laws and University policies. 

        PURPOSE 

        To define expectations of appropriate use and inform all users of information technology (IT) resources at UConn of their obligation to comply with all existing laws and institutional policies in their use of IT resources. 

        APPLIES TO 

        This policy applies to all constituents (students, faculty, staff, affiliates and guests) who use UConn’s information technology resources, including but not limited to wired and wireless networks, computer-based systems and services, printers/copiers, and cloud-based services. 

        DEFINITIONS  

        Access Point (AP): A networking hardware device that allows other Wireless (Wi-Fi) devices to connect to the University network. 

        Information Technology (IT) Resources: Include but are not limited to: 

        • Systems and equipment such as computers, hard drives, printers, scanners, video and audio recorders, cameras, photocopiers and other related devices.  
        • Software such as computer software, including open-source and purchased software, and all cloud-based software including infrastructure-based cloud computing and software as a service.  
        • Networks such as all voice, video, and data systems, including both wired and wireless network access across the institution. 

          IoT: Internet of Things are devices that communicate across a network without direct human interaction. These include but are not limited to smart assistants, lightbulbs, appliances, and televisions. 

          POLICY STATEMENT  

          The appropriate use of UConn IT Resources focuses on three primary areas including: (1) the fair and equitable use of limited resources by all constituents; (2) individual responsibilities in the use of UConn IT resources; and (3) the appropriate use of IT resources in compliance with all applicable federal and state laws, university rules, regulations and policies. 

          All activities involving the use of UConn IT resources are not personal or private; therefore, users should have no expectation of privacy in the use of these resources.  Information stored, created, sent or received via UConn systems, including cloud-based systems, may be accessible when required by law, including requests made under the Freedom of Information Act (FOIA), the Family Educational Rights and Privacy Act (FERPA), subpoena, or other legal process, statute, or regulation. 

          ACCEPTABLE USE 

          • UConn provides IT resources to enable faculty, students, and staff to accomplish their university-related work and support the University’s mission. University equipment is to be used primarily in support of the University’s mission and may not be used to conduct commercial activities or any activity prohibited by state and federal law or University policy.  
          • UConn IT Resources may not be used for the illegal download, copying, or distribution of copyright materials without the copyright owner’s permission or where not permitted by fair use standards under the TEACH Act. 
          • Actions that negatively impact the ability of the University to operate or cause undue stress on IT resources are prohibited. These actions include but are not limited to interfering with the legitimate use of IT resources by others, introducing additional software or devices to any IT resource without appropriate authorization, or the mass mailing of unapproved email or other electronic communication. 
          • Do not intentionally seek or provide information or access to IT resources to which one is not authorized, nor assist others in doing so. Do not attempt to subvert or circumvent University systems’ security measures nor use University IT resources to subvert or circumvent other systems’ security measures for any purpose. 
          • Do not publish, post, transmit or otherwise make available content that is in violation of law or policy. The University cannot protect individuals against the existence or receipt of material that may be offensive to them. As such, those who make use of electronic communications are warned they may come across or be recipients of material they find offensive or objectionable. 
          • Do not violate the privacy of other individuals. This includes viewing, monitoring, copying, altering, or destroying any file, data, transmission or communication unless you have been given explicit permission by the owner. 
          • Do not forge, maliciously disguise or misrepresent your personal identity. This policy does not prohibit users from engaging in anonymous communications, providing that such communications do not otherwise violate the Acceptable Use Policy. University technology resources may not be used by employees of the University for partisan political purposes or presenting the impression the University has a particular political position except for those individuals authorized by the University as part of their formal responsibilities. 

            INDIVIDIUAL RESPONSIBILITIES 

            • Protect your data and the institution’s data 
            • Do not share your password with ANYONE or allow anyone else to use your account(s).  
            • Do not use anyone else’s account. 
            • Be vigilant in identifying and reporting various types of phishing attacks to gain access to your information. Store confidential and/or sensitive data on appropriate University approved services only. 
            • While UConn owned computers often are maintained by ITS and other University IT organizations, any personally owned devices connecting to the University network (including tablets, cell phones and IoT devices) are expected to be kept up to date with current operating system and software patches, as well as employing appropriate security measures which are automatically updated. 
            • Do not utilize UConn computing resources, including personally owned computers connected to UConn’s network for non-University related commercial activity.  
            • Users who connect personally owned computers to UConn’s network that are used as servers, or who permit others to use their computers, whether directly or through user accounts, have the additional responsibility to respond to any use of their server that is in violation of the Acceptable Use Policy. IT Resource administrators and those who permit the use of the computers by others are responsible for the security and actions of others on their systems. 

                  ENFORCEMENT 

                  Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code.  

                  Individual or system access may be revoked at any time based on the decision of the Chief Information Security Officer or the Chief Information Officer to protect the confidentiality, integrity, and/or availability of UConn IT Resources.  

                  PROCEDURES/FORMS 

                  Questions about this policy or suspected violations may be reported to any of the following: 

                  Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

                  Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

                  Information Security Office – https://security.uconn.edu 

                  POLICY HISTORY 

                  Policy created:  05/16/2012 

                  Revisions: 08/24/2015; 08/30/2021 [Approved by President’s Senior Team]  

                   

                  Accounts Payable Policies and Procedures Manual

                  Posted on by
                  Title: Accounts Payable Policies and Procedures Manual
                  Policy Owner: Accounts Payable
                  Applies to: Faculty, Staff, Students
                  Campus Applicability: All University departments at all campuses except UConn Health
                  Effective Date: March 28, 2012
                  For More Information, Contact Accounts Payable
                  Contact Information: (860) 486-4137
                  Official Website:  https://accountspayable.uconn.edu/

                  PURPOSE

                  The following Policies and Procedures ensure that the University pays claims in a timely and accurate manner, while safeguarding the University by adhering to Federal and State regulations. Moreover, these Policies and Procedures provide efficient, effective and professional service to our students, faculty, staff, and vendors.

                  APPLIES TO

                  These policies and procedures apply to faculty, staff, and students on all University of Connecticut campuses.

                  POLICIES AND PROCEDURES

                  • Payment of Personal Services

                  For services costing less than $2,500, please visit: http://accountspayable.uconn.edu/payment-for-personal-services/ .

                  • Payment of Meals

                  For meal expenses incurred while attending meetings held in connection with University Business, please visit: https://policy.uconn.edu/2011/05/24/payment-of-meals-policy/ (for Travel meal expense policies, please visit: https://policy.uconn.edu/2020/04/29/travel-and-entertainment-policies-and-procedures)

                    • Out of Pocket Purchases

                    University employees may make small out-of-pocket purchases of emergency allowable goods and services for official University use. Please visit: http://accountspayable.uconn.edu/out-of-pocket-purchases/

                      • Accreditation Expenses

                      Payment of the services of a team or an individual for the purpose of gaining or maintaining accreditation requires a Personal Services Agreement when the cost is $2,000 or more.

                      Please visit: http://accountspayable.uconn.edu/accreditatation-expenses/

                      • Memberships

                      Professional organization memberships may be processed through HuskyBuy or the departmental purchasing card. Please visit: http://accountspayable.uconn.edu/membership-in-professional-organizations/

                      • Recruitment Expenses

                      Please visit: https://policy.uconn.edu/2011/05/31/reimbursement-of-recruitment-and-moving-expenses/

                      • Subscriptions

                      Subscriptions to magazines, newspapers or periodicals may be processed through HuskyBuy or the departmental purchasing card. Please visit: http://accountspayable.uconn.edu/subscriptions-to-magazines-newspapers-or-periodicals/

                      ENFORCEMENT 

                      Violations of this policy or associated procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, and applicable collective bargaining agreements.

                          POLICY HISTORY

                          Policy Created Effective: March 28, 2012
                          Revised: May 1, 2020; editorial revisions January 24, 2022

                          Capital Improvement Plan (CIP) Policy

                          Posted on by
                          Title: Capital Improvement Plan (CIP) Policy
                          Policy Owner: Office of the Executive Vice President for Administration & Chief Financial Officer
                          Applies to: Faculty, Staff
                          Campus Applicability: Storrs, Regionals, and School of Law
                          Effective Date: May 11, 2012
                          For More Information, Contact Finance/Planning
                          Contact Information: (860) 486-2434
                          Official Website: http://finance.uconn.edu/

                          Capital Improvement Plan (CIP) Policy

                          REASON FOR POLICY

                          The University of Connecticut By-Laws indicate that the Executive Vice President for Administration and Chief Financial Officer (EVP Admin &CFO) is responsible for overseeing long-range financial planning and management of the operating and capital budgets for all units of the University.  Working closely with the Provost and the other Vice Presidents, the EVP Admin & CFO oversees capital and operating budget development, monitoring and reporting; and coordinates operating and capital budgets in conformity with policies set forth by the Board of Trustees.  The CIP policy ensures that these responsibilities may be accomplished.

                          APPLIES TO

                          The CIP policy applies to all faculty and staff at the Storrs, Law School and Regional Campuses.

                          POLICY STATEMENT

                          The CIP and budget for the Storrs, Law School and Regional Campuses must be developed annually.  It will identify the physical improvements necessary to maintain and upgrade the campuses, prioritize these investments, and provide a timeline for implementation.  The CIP will be managed jointly by the Executive Vice President for Administration and Chief Financial Officer and the Executive Vice President and Provost.

                          PROCEDURES/FORMS

                          Procedures and forms may be found at: http://finance.uconn.edu/wp-content/uploads/sites/1118/2015/08/CIP.pdf

                           

                          Space Heaters in University Buildings

                          Posted on by
                          Title: Space Heaters in University Buildings
                          Policy Owner: UConn Fire Marshal and Building Inspector
                          Applies to: University Workforce Members and Students
                          Campus Applicability: All UConn Campuses except UConn Health
                          Approval Date: December 24, 2024
                          Effective Date: January 1, 2025
                          For More Information, Contact: UConn Fire Marshal
                          Contact Information: firemarshal@uconn.edu
                          Official Website: https://firemarshal.universitysafety.uconn.edu/

                          PURPOSE

                          To protect employees, students, and visitors from fire, electrical, and other safety risks associated with space heaters. The policy is designed to comply with the Connecticut State Fire Prevention & Building Codes, regulations from the Connecticut Department of Public Health, and the Connecticut Occupational Safety and Health Administration.

                          APPLIES TO

                          This policy applies to University workforce members and students using space heaters in University-Property at the Storrs and Regional Campuses, extension centers, and the UConn School of Law.

                          DEFINITIONS

                          University Property: Any building, space, or area under the control of or leased by the University of Connecticut.

                          POLICY STATEMENT

                          The University of Connecticut is committed to providing a safe and healthful environment.

                          Improper usage of space heaters poses serious fire and safety risks to the UConn community. Space heaters must be selected from the UConn Fire Department/Fire Marshal Unit (FD/FMU) list of approved models and used only under conditions outlined in this policy. Unapproved or non-electric space heaters are strictly prohibited.

                          All space heaters require a permit for use. Space heaters are only permitted under the following conditions:

                          1. When heating systems fail within an occupied space.
                          2. To supplement existing heating systems for employee comfort, in spaces that are not restricted.
                          3. When temporary heating is required in unheated spaces.

                          In residential occupancies, space heaters may only be used temporarily, with restrictions on the duration of use, and must have a permit issued by the FD/FMU prior to use. Space heaters are prohibited in laboratories, workshops, art studios, storage areas, or any space where chemicals or combustible materials are present, as well as any space not actively occupied by people. In limited cases, space heaters may be allowed in laboratory offices if the UConn FD/FMU grants permission.

                          The UConn FD/FMU reserves the right to inspect and remove any space heater that is used inappropriately or presents a danger to life or property.

                          ENFORCEMENT

                          Violations of this policy or associated procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Code.

                          PROCEDURES

                          The following procedures to request a space heater must be followed:

                          1. Contact Facilities Operations to submit a work order to evaluate and adjust the temperatures in the affected area. Facilities Operations will determine whether repairs to the heating system can resolve the issue.
                          2. If Facilities Operations cannot resolve the heating issue, the affected individual must contact the UConn FD/FMU.
                          3. The UConn FD/FMU, in coordination with Facilities Operations as necessary, will determine whether the proposed location and electrical circuit can accommodate a space heater.
                          4. If the proposed location is approved, the UConn FD/FMU will issue a permit and provide a list of approved space heaters to the affected individual(s). Other space heaters that have not been approved by the UConn FD/FMU must be taken out of service and be removed from the building.
                          5. If the proposed location is not approved for a space heater (e.g., the proposed location is in a laboratory, the electrical circuit is inadequate, etc.), additional options will be evaluated.

                          Upon approval and receipt of a permit by the UConn FD/FMU, individuals must comply with the following procedures while using space heaters:

                          1. Read and follow the manufacturer’s operating instructions before using a space heater.
                          2. Inspect the space heater for dust before each use and clean if necessary.
                          3. Inspect the electrical cord and plug outlet for damage before each use. Remove the space heater from service if any damage to the cord or other parts are found.
                          4. Never leave a space heater operating unattended. Always turn off the device and unplug it when the area is vacant or when going to bed.
                          5. Plug space heaters into an electrical circuit that is rated for 15 amps or more to prevent overloading.
                          6. Always plug space heaters directly into a permanent wall outlet (receptacle). Do not use an extension cord or power strip.
                            1. Exception: Radiant panel heaters may be used with extension cords or power strips rated for 15 amps or more, if approved by the UConn FD/FMU.
                          7. Never run an electrical cord for a space heater under a carpet or floor mat.
                          8. Do not place space heaters under desks or in enclosed spaces.
                          9. Ensure space heaters are placed on a stable level surface to prevent tipping, unless otherwise specified by the manufacturer.
                          10. Never use a space heater where flammable materials or vapors are present.
                          11. Do not place a space heater near combustible materials such as papers, fabric, plastics, or furniture.
                          12. Do not use space heaters in or near wet areas.
                          13. Keep space heaters out of high traffic areas. Never block an exit.
                          14. Maintain the manufacturer’s recommended clearance around the space heater for safe operation.
                          15. Avoid placing space heaters near room thermostats.
                          16. Inspect space heaters at least annually and have them repaired, as needed, by a qualified electrician.
                          17. Discard any space heater that cannot be repaired, and, while unplugged, cut off the plug to prevent inadvertent use by others.

                          If space heaters are deemed unsafe and removed from service, they will be relocated to a designated storage area for owners to retrieve and remove from University property.

                          Department-owned space heaters may be removed through Surplus Operations.

                          POLICY HISTORY

                          Revisions:
                          01/24/2004
                          09/28/2011
                          02/06/2012
                          12/24/2024