Students

Mobile and Remote Device Security Policy

Title: Mobile and Remote Device Security, Information Technology 
Policy Owner: Information Technology Services / Chief Information Security Officer 
Applies to: All faculty, staff, student employees, and volunteers   
Campus Applicability: All campuses except UConn Health 
Effective Date: August 30, 2021
For More Information, Contact UConn Information Security Office 
Contact Information: techsupport@uconn.edu or security@uconn.edu 
Official Website: https://security.uconn.edu/

PURPOSE 

To ensure data and information systems security by establishing requirements for mobile and remote devices.  Mobile and remote devices are important tools for the University, and their use is supported to advance the mission of the university. Mobile and remote devices also represent a significant risk to information and data security. If appropriate security measures and procedures are not applied, mobile and remote devices can serve as a conduit for unauthorized access to University data and IT resources that can subsequently lead to data leakage and a path for compromise of other systems. 

APPLIES TO 

This policy applies to all University faculty, staff, student employees, and volunteers who use mobile or remote devices to access any non-public IT resources owned or managed by the University. 

DEFINITIONS 

IT Resources: Includes systems and equipment, software, and networks. Systems and equipment include but are not limited to computers, hard drives, printers, scanners, video and audio recorders, cameras, photocopiers, and other related devices. Software includes but is not limited to computer software, including open-source and purchased software, and all cloud-based software, including infrastructure-based cloud computing and software as a service. Networks include but are not limited to all voice, video, and data systems, including both wired and wireless network access across the institution. 

Mobile Electronic Device: Includes telecommunication and portable computing devices which can execute programs or store data, including but not limited to laptops, tablet computers, smartphones, and external storage devices. Generally, a device capable of using the services provided by a public/private cellular, wireless, or satellite network. 

Remote Device: Personal computer used off-site 

POLICY STATEMENT  

University of Connecticut faculty, staff, student employees, and volunteers who use mobile or remote devices are responsible for any institutional data that is stored, processed, and/or transmitted via a mobile or remote device and for following the security requirements set forth in this policy. 

To adequately protect the data and information systems of the University, all individuals covered under this policy are expected to meet the following requirements: 

All users of a mobile electronic device used to access non-public university systems must take the following measures to secure the device: 

  • Configure the device to require a password (minimum of 10 characters), biometric identifier, PIN (minimum of 6 characters), or swipe gesture (minimum of 6 swipes) to be entered before access to the device is granted. Device must automatically lock and require one of the authentication methods after no more than 5 minutes of idle time. 
  • Keep devices on currently supported versions of the operating system and remain current with published patches. 
  • Enable the device’s remote wipe feature to permit a lost or stolen device to be securely erased. 
  • Securely store electronic devices at all times to minimize loss via theft or accidental misplacement. 

    Wherever practical, elements of these requirements will be enforced via centrally administered technology controls.  

    STORAGE OF CONFIDENTIAL DATA 

    In general, confidential data should not be stored on mobile devices, including laptops. However, in certain instances and depending on job responsibilities, this may be unavoidable. In these instances, confidential data must be stored on university-owned devices ONLY with the following requirements: 

    • Except when being actively used, confidential information must at all times be encrypted on any device through a mechanism approved by the University. Alternatively, whole drive encryption software may be deployed to meet this requirement. 
    • Mobile devices must have university-supported software enabled and running to identify, protect, and respond to any threats to the data or operating systems of the devices. 
    • Devices must have Mobile Device Management software installed to facilitate device protection, including remote wipe and, if possible, device location technology for recovery. 

    DEVICE DECOMISSION OR SEPARATION FROM UNIVERSITY 

    When mobile devices, specifically personally owned devices that may have had access to University resources or data, are no longer used, and donated, or given to anyone, the device owner is responsible for ensuring that any University information is securely deleted from the device, including University-related e-mails/accounts, user ID and password, or other cached credentials used to access University systems. 

    In the event of separation from the University, it is the employee’s responsibility to delete any University-related e-mail accounts or University licensed software that may have been installed on personal devices or computers. 

    ENFORCEMENT 

    Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code. 

    Questions about this policy or suspected violations may be reported to any of the following: 

    Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

    Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

    Information Security Office – https://security.uconn.edu 

     

    POLICY HISTORY 

    Policy created:  August 30, 2021 [Approved by President’s Senior Team] 

    System and Application Security Policy

    Title: System and Application Security Policy 
    Policy Owner: Information Technology Services / Chief Information Security Officer 
    Applies to: All students, faculty, and staff  
    Campus Applicability: All campuses except UConn Health 
    Effective Date: August 30, 2021
    For More Information, Contact UConn Information Security Office 
    Contact Information: techsupport@uconn.edu or security@uconn.edu 
    Official Website: https://security.uconn.edu/

    PURPOSE 

    To ensure the security of university data by establishing requirements for the proper maintenance and oversight of systems and applications used by university constituents. 

    APPLIES TO 

    This policy applies to all individuals responsible for operating or overseeing any University system or application, whether on premise or in the cloud. 

    DEFINITIONS  

    ITS: Information Technology Services 

    SaaS: Cloud-based service that is delivered via the web based on either a monthly or annual subscription 

    PaaS:  Cloud-based service that provides a platform allowing for the development of software using an established framework to improve development time and management of cloud services 

    PII (Personally Identifiable Information):  Information that either singularly or in conjunction with other data elements could reasonably lead to the identification of specific individuals 

    POLICY STATEMENT  

    The proper maintenance and review of systems and applications is critical to protecting the data they store or process. While requirements may vary as to the administration and operation of any system or application, the following are required of any individual responsible for a system or application related to the University of Connecticut’s computing environment, whether on-premise or in the cloud. 

    System Ownership 

    All systems supporting any aspect of the University must have an identified owner and responsible party for ensuring the controls specified in this document. For a system that is fully cloud-based, a UConn faculty or staff member is responsible for overseeing that the following controls are appropriately applied and adhered to by the cloud provider.  

    System and Application Security 

    All software and services used to process University of Connecticut information are subject to an Information Security review and sign off prior to their purchase or development. Information Security reviews will evaluate specific risks and controls available and necessary based on the information being processed. The system owner will be responsible for the deployment of the agreed upon security controls prior to enabling the production capability of the system or application. 

    Only necessary software should be loaded on systems, and old versions of software removed. The use of web browsers should be limited to the management of the system only. 

    System Access 

    Access to information in the possession of or under the control of the University of Connecticut must be provided on a need-to-know basis. Information must be disclosed only to individuals who have a legitimate and approved business need for information. Information may only be used for its intended purpose, and other uses of university information without the approval of the data owner is not allowed.  

    Patching and Maintenance 

    All individuals, including faculty, staff, or students, who have taken on or been assigned the responsibility of managing any system or application attached to the University of Connecticut network or any cloud system that holds a relationship to the University of Connecticut or holds University of Connecticut data, must ensure the timely implementation of operating systems and application patches to provide for the confidentiality, integrity, and availability of said systems or data. The ongoing maintenance of applications and the application of software updates is an activity that must be regularly scheduled on a minimum quarterly basis. ITS and many other parts of the University maintain systems to simplify the patching of operating systems. 

    Cloud-based SaaS and PaaS systems typically remove the requirement for patching and maintenance, as the responsibility for this is handled by the vendor. 

    User Management 

    University of Connecticut Information Technology Services (ITS) provides centralized user identity and access management that supports identity validation and access management (IAM) using a NetID and password. Systems and applications that rely on the University IAM platform for authenticating individual access rights can forgo the need for user management outside that of assigning any roles within the system or application, as necessary. 

    Systems and applications that do not use the central IAM solution must have a written plan and designated individual responsible for the creation, modification, and deletion of user IDs. User IDs, including student accounts, must be reviewed when faculty, staff, or students separate from the University at least annually. This includes a process for ensuring the secure creation of passwords and a secure password reset process for validating an individual’s identity prior to resetting the password. 

    Systems where individuals have access to a significant amount of the PII of other constituents, including students, faculty, staff, alumni, and vendors, or significant amounts of regulated data should leverage multi-factor authentication wherever possible. 

    Auditing of Systems and Application Logs 

    System and application logs should be reviewed for inappropriate access on a regular basis (at least monthly) or via automated systems capable of detecting misuse through the analysis of frequent password failures, geographic anomalies, or inappropriate access attempts. ITS maintains a centralized logging and reporting platform, which can assist in the analysis of large amounts of data often associated with system and application logs. 

    System and Application Lifecycle Management 

    Any system or application that is no longer supported by the vendor or is replaced by newer technology should be decommissioned as soon as possible. The proper update of systems and applications is critical to protecting the confidentiality, integrity and availability of the system or application and its data. The decommissioning process must include the proper retirement of any physical hardware or virtual images and the proper destruction of any media (e.g., hard drives, tapes, etc.) that may have data. Cloud services that are decommissioned should ensure the proper handling of any data (return and/or destruction) in the cloud vendor’s possession as part of the contract cancellation. 

    Protection of Regulated Data 

    Certain classes of information stored within University of Connecticut systems and applications have additional regulatory requirements associated with their storage and/or transmission. This data includes but is not limited to: Personally Identifiable Information (PII), including certain combinations of data regarded as sensitive PII; Personal Health Information (PHI), Payment Card Industry (PCI) information, or any information subject to the Family Educational Rights and Privacy Act (FERPA).  The University must also comply with any additional protections of information or datasets contractually required by other agencies or organizations.  

    Mandatory Reporting 

    All suspected policy violations, system intrusions, and other conditions that might jeopardize University of Connecticut information or information systems must be immediately reported to the Information Security Office. 

    ENFORCEMENT 

    Systems and applications that do not follow the standards set forth in this policy may be administratively shut down or have access restricted to on-campus or individual personnel only. Systems maintained at the departmental or individual level may incur costs in association with enabling the proper protections or in the event of data exposure. 

    Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code.  

    PROCEDURES/FORMS 

    Questions about this policy or suspected violations may be reported to any of the following: 

    Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

    Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

    Information Security Office – https://security.uconn.edu 

     

    POLICY HISTORY 

    Policy created: August 30, 2021 [Approved by President’s Senior Team]

     

    Network Access Policy

    Title: Network Access Policy, Information Technology
    Policy Owner: Information Technology Services / Chief Information Security Officer 
    Applies to: All students, faculty, staff, volunteers, and contractors  
    Campus Applicability: All campuses except UConn Health 
    Effective Date: August 30, 2021
    For More Information, Contact UConn Information Security Office 
    Contact Information: techsupport@uconn.edu or security@uconn.edu 
    Official Website: https://security.uconn.edu

    PURPOSE 

    The University invests significantly in maintaining a secure network that meets the academic, research, residential, and administrative needs of the institution. To ensure compliance with applicable Federal and State laws and regulations, and to protect the campus network and the ability of the University community to use it, certain security, performance, and reliability requirements must govern the operation of these networks. 

    APPLIES TO 

    This policy applies to all University faculty, staff, students, student employees, volunteers, and contractors who have access to university networks. 

    DEFINITIONS  

    University Network: The university network is comprised of the network hardware and infrastructure and the services to support them, from the data jack or wireless access point to the University’s Internet Service Provider’s (ISP) connection. The university network begins at the connection to the network (wired or wireless) and ends where we connect to the Internet. 

    Wired Network:  The wired network consists of the physical cabling, infrastructure, and management systems that provide physical network access via an ethernet or fiber optic cable. 

    Wireless Network:  The wireless network consists of the access points (connected to the wired network), wireless spectrum, and management systems that provide services via the UConn provided wireless networks, including UConn Secure, Guest, EDUROAM, and other specialty networks. 

    POLICY STATEMENT  

    The University network (wired & wireless) is an essential resource for the University of Connecticut students, faculty, staff, and guests. The University network provides a variety of critical services that meet the academic, administrative, research and residential needs of the University. Due to the complex nature of the University’s network, Information Technology Services (ITS) is responsible for the overall design, installation, coordination and operation of the University’s network environment. 

    Wired Networks 

    • The wiring and electronic components of the network are deemed part of the basic infrastructure and utility services of the University. Installation and maintenance of that network are to be considered part of the “up front” basic required building and renovation costs and are not considered discretionary options in construction and renovation design. 
    • Standards for the network wiring, electrical components, and their enclosures are defined by Information Technology Services (ITS), subject to Building and Grounds (B&G) oversight and are considered part of the University’s “building code” to which installations must conform. 
    • Upgrades to our campus network will be done as part of a university-wide Network Master Plan.  This Network Master Plan will be coordinated with the University’s Building Master. 
    • Units that would like to use their own funding to install wired/wireless technology or change the programmatic function or use of a room to newly include a wired/wireless activity must work directly with ITS Network Engineering for design services and standards requirements. ITS Network Engineering will thereby ensure that all changes to the wired network conform to applicable standards. 
    • Units choosing to install and establish their own security using local firewalls and/or VPNs must give ITS Network Engineering and Information Security access to/through these devices into the active network segments. This will give Network Engineering the ability to see beyond the secure points of the network for diagnosing problems potentially affecting the overall network. 
    • Units wishing to design, install and maintain their own network must have their designs reviewed by ITS Network Engineering. All installations must conform to the standards set forth in the ITS Design Guide and Standards. Before equipment is purchased, the requesting entity must submit technical specifications of the equipment to be used in the project, along with the logical and physical design maps, for ITS approval to ensure network compatibility and service conformance. ITS Network Engineering will provide the department with an approval letter, which can be submitted to Purchasing with the purchase request. 

      Wireless Networks 

      • The addition of new wireless access points on the University network must be coordinated and approved by ITS.  Wireless performance is impacted by the architectural features, building materials, and furnishings of a contemporary workspace.  Construction and renovation projects must be coordinated with ITS and include funding for additions or adjustments required to optimize performance and serviceability of impacted wireless access points and systems. 
      • On an exception basis, departments and individual faculty may install and manage wireless access points for specific programmatic needs. These locally administered wireless access points must be registered and coordinated with ITS prior to deployment to prevent radio frequency (RF) interference on either wireless network.  At least one individual in the requesting department must be designated as the official contact for the access point.  The official contact is responsible for the data and network traffic that traverses through the access point and appropriate access control and security configurationas well as the regular maintenance, software updates, and replacement. 
      • Any devices either not part of or that cause significant RF interference with the University wireless network will be considered a “rogue” access point or device.  ITS will pursue all reasonable efforts to contact the owner of the rogue device, and if necessarymay disable or disconnect them from the University network. This includes devices and equipment that operate in the frequency ranges occupied by the University Wi-Fi network. 

      ENFORCEMENT 

      Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code.  

      Questions about this policy or suspected violations may be reported to any of the following: 

      Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

      Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

      Information Technology Services CIO – https://cio.uconn.edu  

       

      POLICY HISTORY 

      Policy created:  This policy replaces the Wireless Network Policy (05/15/2006) and Physical Network Access Policy (11/18/2008). Approved by President’s Senior Team 8/30/2021. 

       

      Firewall Policy

      Title: Firewall Policy 
      Policy Owner: Information Technology Services / Chief Information Security Officer 
      Applies to: All students, faculty, and staff responsible for configuring firewalls 
      Campus Applicability: All campuses except UConn Health 
      Effective Date: August 30, 2021
      For More Information, Contact UConn Information Security Office 
      Contact Information: techsupport@uconn.edu or security@uconn.edu 
      Official Website: https://security.uconn.edu/

      PURPOSE 

      To ensure a common set of firewall configurations across the organization to maximize their protection and detection capabilities in support of the security of the University. Firewalls provide a valuable protection and detection capability for the organization when properly configured, managed, and monitored.  

      APPLIES TO 

      This policy applies to all University faculty, staff, students, student employees, volunteers, and contractors who have responsibility for controlling or configuring firewalls. 

      DEFINITIONS 

      EOL: End of Life 

      EOS: End of Support 

      IANA: Internet Assigned Numbers Authority (iana.org)  

      POLICY STATEMENT  

      The University operates in a highly flexible and adaptive security environment to meet its academic, research, and administrative missions. While the ability to adapt to meet the ever-changing needs of the University is important, oversight and reporting of firewall activities are critical to the successful protection and operation of the University environment. The following firewall requirements must be met: 

      Firewall Configuration Standards 

      • All firewalls must be properly maintained from a hardware and software perspective. This includes proper lifecycle planning for EOL and EOS software/hardware and regular review (at least annually) of firewall rulesets. 
      • All dedicated firewalls used in production must follow the University firewall management standard, which includes the ability to review currently configured firewall rules across the organization, identification of shadow or redundant rules and rules in conflict, and standardization of device/object names.  
      • Firewall rulesets and configurations must be backed up frequently to alternate storage (not on the same device). Multiple generations must be captured and retained in order to preserve the integrity of the data, should restoration be required. Access to rulesets, configurations and backup media must be restricted to those responsible for administration and review. 

      Firewall Rules 

      Firewall rules specify (either allow or deny) the flow of traffic through the firewall device. Firewall rules are typically written based on a source object (IP address/range, DNS Name, or group), destination object (IP address/range, DNS Name, or group), Port/Protocol and action. 

      • All firewall implementations should adopt the principal of “least privilege” and deny all inbound traffic by default. The ruleset should be opened incrementally to only allow permissible traffic. 
      • Outbound traffic should be enumerated for data stores, applications, or services 
      • Overtly broad rules may be allowed for specific groups of individuals (not systems). Approval must be granted by the Chief Information Security Officer or their designee. 
      • The use of overly permissive firewall rules is prohibited (i.e., ANY/ANY/ALL rules). 
      • Protocols defined in services and in the firewall must utilize Service Name and Protocol/Port information as assigned by IANA, unless there is a technical reason to do otherwise other than “security through obscurity” and must be commented appropriately in the ruleset.  

        Firewall Logging 

        Firewall log integrity is paramount to understanding potential threats to the network. Firewall devices must log the following data to a system outside of the physical firewall itself and must be regularly reviewed at least monthly or programmatically through automated means. Firewall logs may be forwarded to the ISO SIEM for retention and analysis. 

        The following items must be logged as part of the operation of the firewall: 

        • All changes to firewall configuration parameters, enabled services, and permitted connectivity 
        • Any suspicious activity that might be an indicator of either unauthorized usage or an attempt to compromise security measures 

        ENFORCEMENT 

        Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code.  

        Questions about this policy or suspected violations may be reported to any of the following: 

        Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

        Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

        Information Security Office – https://security.uconn.edu 

         

        POLICY HISTORY 

        Policy created: August 30, 2021 [Approved by President’s Senior Team]

        COVID-19 Immunization Record Requirement for Students

        Title: COVID-19 Immunization Record Requirement for Students
        Policy Owner: Division of Student Affairs
        Applies to: All University Students on any UConn Campus
        Campus Applicability: All UConn campuses
        Effective Date: June 4, 2021
        For More Information, Contact Student Health and Wellness Services (SHaW)
        Contact Information: https://studenthealth.uconn.edu/
        Official Website: https://uconn.edu/

        PURPOSE 

        To promote the health and safety of the University community and to reduce the risk of transmission of COVID-19 among University students, consistent with federal, state and local efforts to minimize outbreaks of COVID-19.

        APPLIES TO

        All University students at the Storrs and regional campuses who participate in any on- campus activities in person for any reason.

        POLICY STATEMENT

        All UConn students are required to be fully vaccinated against COVID-19.  Students are required to report vaccination compliance to the University.

        International students shall be considered in compliance with the COVID-19 vaccine requirement if they have been vaccinated with a COVID-19 vaccine that has either been authorized for use in the United States by the Food and Drug Administration (FDA) or been authorized for use outside of the United States by the World Health Organization (WHO).  International students must  present proof of vaccination  in the form of a copy of the WHO Certificate of Vaccination (WHO Vaccine Booklet) or documentation to include a statement signed by a healthcare provider/organization authorized to administer the vaccination attesting to the dates and name of COVID-19 vaccination given.  All documentation must be submitted in English or accompanied by a certified translation at the student’s expense. International students who have received COVID-19 vaccines not authorized by the FDA or WHO will be managed on a case-by-case basis.

        Students who receive an exemption from the COVID-19 vaccination requirement or who are not fully vaccinated prior to the beginning of the Fall 2021 semester will be required to comply with preventative measures as deemed necessary by the University.  Such measures may include, but not be limited to, a period of modified quarantine, surveillance testing, and mask-wearing.

        Exemptions from this policy will be permitted under certain circumstances. To request an exemption, a student must complete the form found here for medical exemptions and here for non-medical exemptions.

        The University is authorized to enact rules and/or procedures necessary to effectuate this policy.

        ENFORCEMENT

        Failure to comply with this policy may result in loss of privileges and/or sanctions.

        This policy and any attendant procedures and/or rules may be amended as necessary based on factors such as the progress of the COVID-19 pandemic and guidance from governmental authorities.

        POLICY HISTORY

        Policy created:  06/04/2021 (Approved by the Board of Trustees)

        Information and Communication Technology (ICT) Accessibility Policy

        Title: Information and Communication Technology (ICT) Accessibility Policy
        Policy Owner: Information Technology Services
        Applies to: Faculty, Staff, Students
        Campus Applicability: Storrs and Regional Campuses
        Effective Date: July 24, 2019
        For More Information, Contact Information Technology Services-IT Accessibility Coordinator
        Contact Information: itaccessibility@uconn.edu; (860) 486-9193
        Official Website: accessibility.its.uconn.edu

        Background and Reason for the Policy: The University of Connecticut is committed to accessibility of its digital information, communication, content, and technology for people with disabilities, in accordance with federal and state laws including the Americans with Disabilities Act, Section 504 of the Rehabilitation Act of 1973, and the State of Connecticut’s Universal Website Accessibility Policy for State Websites.

        Policy Purpose: The purpose of this policy is to set expectations that digital information, communication, content, and technology be designed, developed, and procured to be accessible to people with disabilities.

        Policy Applicability: This policy extends to the procurement, development, implementation, and ongoing maintenance of the University’s information and communication technologies at Storrs and Regional Campuses.

        Policy Statement: The University of Connecticut is committed to achieving equal opportunity to its educational and administrative services, programs, and activities in accordance with federal and state law.  Providing an accessible information, communication, content, and technology experience for people with disabilities is the responsibility of all University administrators, faculty, staff, students and those who maintain externally facing University websites.

        Procedures: See Procedures (https://accessibility.its.uconn.edu/ict-policy-procedures/).  Any issues or questions should be addressed to ITAccessibility@uconn.edu.

        Exceptions: Requests for exceptions to this policy must be submitted to the IT Accessibility Coordinator. Individuals requesting an exception must provide a plan that would provide equally effective alternative access, unless such an alternative is not possible due to technological constraints or if the intended purpose of the technology (e.g., virtual reality goggles) at issue does not allow for an alternative

        Policy History:

        Adopted 07/24/2019 [Approved by the President’s Cabinet]

        Religious Accommodation Policy

        Title: Religious Accommodation Policy
        Policy Owner: Office of Institutional Equity
        Applies to: Faculty, Staff, Graduate Assistants, Students
        Campus Applicability: All Campuses
        Effective Date: August 1, 2018
        For More Information, Contact Office of Institutional Equity
        Contact Information: Storrs/Regionals: Office of Institutional Equity (OIE) (860) 486-2943 or equity@uconn.edu

        UConn Health: Office of Institutional Equity (OIE) (860) 679-3563 or equity@uconn.edu

        Official Website: http://www.equity.uconn.edu

        A printer friendly copy of this policy is available at: https://policy.uconn.edu/wp-content/uploads/sites/243/2018/09/2018-08-01-Religious-Accommodation-Policy-Printable-Copy.pdf

        Reason for Policy

        The purpose of this policy is to set forth the University’s processes for responding to requests from students and employees for religious accommodations.  This policy is in accordance with relevant laws and regulations regarding religious beliefs.

        Applies to

        All faculty, staff and students on all Campuses.

        Definitions

        Essential Function: A fundamental job duty of an employment position for staff and faculty, or a fundamental academic element of a course or program of study for a student.

        Religious Accommodation: A reasonable change in the work or academic environment that enables a student or employee to practice or otherwise observe a sincerely held religious practice or belief without undue hardship on the University. A religious accommodation may include, but is not limited to: time for prayer during a work day; the ability to attend religious events or observe a religious holiday; or any necessary modification to University policy, procedure or other requirement for a student’s or employee’s (or prospective employee’s) religious beliefs, observance or practice; provided such accommodation is reasonable and does not cause undue hardship.

        Religious Practice or Belief: A sincerely held practice or observance that includes moral or ethical beliefs as to what is right and wrong, most commonly in the context of the cause, nature and purpose of the universe. Religion includes not only traditional, organized religions, but also religious beliefs that are new, uncommon, not part of a formal religious institution or sect, or only subscribed to by a small number of people. Social, political, or economic philosophies, as well as mere personal preferences, are not considered to be religious beliefs.

        Undue Hardship: More than a minimal burden on the operation of the University. For example, an accommodation may be considered an undue hardship if it would interfere with the safe or efficient operation of the workplace or learning environment and/or would result in the inability of the employee or student to perform an essential function of the position or course of study. The University will not be required to violate a seniority system; cause a lack of necessary staffing; jeopardize security or health; or expend more than a minimal amount. The determination of undue hardship is dependent on the facts of each individual situation, and will be made on a case-by-case basis.

        Policy Statement

        The University of Connecticut is committed to providing welcoming and inclusive learning and workplace environments. As part of this commitment, the University will make good faith efforts to provide reasonable religious accommodations to faculty, staff and students whose sincerely held religious practices or beliefs conflict with a University policy, procedure, or other academic or employment requirement, unless such an accommodation would create an undue hardship.

        Consistent with state law, any student who is unable to attend classes on a particular day or days or at a particular time of day because of the tenets of a sincerely held religious practice or belief may be excused from any academic activities on such particular day or days or at such particular time of day.[1] Additionally, it shall be the responsibility of course instructors to make available to each student who is absent from academic activities because of a sincerely held religious practice or belief an equivalent opportunity to make up any examination, study or work requirements which has been missed because of such absence.

        In keeping with the University’s commitment to building and maintaining a welcoming and inclusive work environment, the University will consider religious accommodations requests by employees, including faculty and staff, based on the totality of the circumstances.

        The University of Connecticut prohibits discrimination, harassment, and retaliation on the basis of religion. For more information, refer to the University Policy Against Discrimination, Harassment and Related Interpersonal Violence.

        Enforcement

        Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Code.

        Policy History

        Revised 01/24/2019

        Adopted 08/01/2018 [Approved by the Board of Trustees]

         

        Procedures for Students

        The University grants students excused absences from class or other organized academic activities for observance of a sincerely held religious practice or belief as a religious accommodation, unless the accommodation would create an undue hardship.

        Students whose religious holidays are not recognized by the University’s calendar should provide the instructor or academic activity organizer with the dates they will be absent in advance of the absence.

        Students requesting a religious accommodation should make the request directly to their instructor with as much notice as possible. Students anticipating an absence or missed coursework due to a sincerely held religious practice or belief should use best efforts to inform their instructor in writing no later than the third week of class, or one week before the absence if a conflict occurs during the first three weeks of class. Being absent from class or other educational responsibilities does not excuse students from keeping up with any information shared or expectations set during the missed class(es). Students are responsible for obtaining the materials and information provided during any class(es) missed. The student can work with the instructor to determine a schedule for making up missed work.

        Procedures for Faculty / Course Instructors in Responding to Student Requests

        Course instructors are strongly encouraged to make reasonable accommodations in response to student requests to complete work missed by absence resulting from observation of religious holidays.  Such accommodations should be made in ways that do not dilute or preclude the requirements or learning outcomes for the course.

        Course instructors should bear in mind that religion is a deeply personal and private matter and should make every attempt to respect the privacy of the student when making accommodations (for example, it is not appropriate to announce to the class that a student is doing a presentation or making up an exam at a later date because of their religious observance). Course instructors should not ask a student for proof that their religious practices or beliefs are sincerely held or for determining a religious accommodation.

        Examples of religious accommodations include: rescheduling of an exam or giving a make-up exam for the student in question; altering the time of a student’s presentation; allowing extra-credit assignments to substitute for missed class work or arranging for an increased flexibility in assignment due dates; and releasing a graduate assistant from teaching or research responsibilities on a given day.

        The student should be given the opportunity to complete appropriate make-up work that is equivalent and intrinsically no more difficult than the original exam or assignment. Students who receive an exemption on religious grounds cannot be penalized for failing to attend class on the days exempted. The instructor may, however, appropriately respond if the student fails to satisfactorily complete any alternative assignment or examination.

        If there are concerns about the requested accommodation, the instructor should consult their department head (or dean in non-departmentalized schools) for assistance and determination of whether a reasonable accommodation can be provided. If an agreement cannot be reached after consulting with the department head (or dean in non-departmentalized schools), the department head will advise the dean and refer the matter to the provost or designee, who will make the final determination following consultation with the Office of the General Counsel.

        Procedures for Faculty and Staff Requesting Religious Accommodation

        Employees requesting a religious accommodation should make the request directly to their supervisor with as much notice as possible. Employees may be required to use accrued time (vacation or personal) as part of the religious accommodation. If the supervisor determines that the request may pose an undue hardship for the department and/or interfere with the employee’s essential job functions, or if the supervisor otherwise has questions or concerns about the accommodation request, the supervisor should contact the Department of Human Resources at 860-486-3034 or hr@uconn.edu (Storrs and Regionals); 860-679-2426 (UConn Health).

        Contacts:

        Students, Faculty and Staff who have questions or concerns regarding the University of Connecticut Religious Accommodations Policy may contact the Office of Institutional Equity (OIE):

        Storrs and Regionals: equity@uconn.edu or (860) 486-2943

        UConn Health: equity@uconn.edu or (860) 679-3563

        Related Policies and Guidance:

        Frequently Asked Questions Regarding Religious Accommodations

        Policy Against Discrimination, Harassment, and Related Interpersonal Violence

        Religious Holidays: Faculty and Staff Resource Guide

        [1] Connecticut General Statutes, section  10a-50 provides in relevant part:

        Absence of students due to religious beliefs. Any student in an institution of higher education who is unable [due to religious beliefs] to attend classes on a particular day or days or at a particular time of day shall be excused from any examination or any study or work assignments on such particular day or days or at such particular time of day. It shall be the responsibility of the faculty and of the administrative officials of each institution of higher education to make available to each student who is absent from school because of such reason an equivalent opportunity to make up any examination, study or work requirements which he has missed because of such absence on any particular day or days or at any particular time of day. No special fees of any kind shall be charged to the student for making available to such student such equivalent opportunity. No adverse or prejudicial effects shall result to any student because of his availing himself of the provisions of this section.

        ClinicalTrials.gov

        Title: ClinicalTrials.gov
        Policy Owner: Research Compliance Services, Office of the Vice President for Research
        Applies to: Employees, Faculty, Students, Other
        Campus Applicability:  All Campuses
        Effective Date: May 25, 2018
        For More Information, Contact Office of the Vice President for Research
        Contact Information: (860) 486-3001
        Official Website: http://research.uchc.edu/

         

        REASON FOR POLICY

        The purpose of this policy is to ensure investigators at the University comply with the requirements for registering and reporting results of clinical trials at ClinicalTrials.gov.

        The University is committed to the mission of public availability of clinical trial information and to complying with the related requirements of the Food and Drug Administration (FDA), National Institutes of Health (NIH), the Centers for Medicare and Medicaid Services (CMS) and other federal agencies and departments for using ClinicalTrials.gov.  Investigators for certain clinical trials are required to register and report results at ClinicalTrials.gov for certain clinical trials, including those involving the FDA, NIH, and CMS.  The International Committee of Medical Journal Editors (ICMJE) also imposes a similar requirement as a condition for seeking publication in participating journals.

        APPLIES TO

        All University faculty, employees, students, postdoctoral fellows, residents and other trainees, and agents who supervise or conduct clinical trials needing to be registered at ClinicalTrials.gov.

        POLICY STATEMENT

        It is the responsibility of the Principal Investigator (or other equivalent individual) supervising or conducting a clinical trial that must be registered at ClinicalTrials.gov to ensure that the registration, results reporting, related consent form and other applicable requirements are met with the required timeframes.  Any failure to fulfill these requirements may result in limitations on publications or grant submissions or other sanctions.

        The University’s Protocol Registration and Results System (PRS) Administrator within Research Compliance Services is available to provide assistance in navigating the PRS system, administering requests by ClinicalTrials.gov, and with compliance questions related to these requirements.

        ENFORCEMENT

        Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, the University of Connecticut Student Code, and other applicable University Policies.

        Authority

        42 CFR part 11 (FDA)

        NIH Policy on the Dissemination of NIH-Funded Clinical Trial Information (NIH)

        Medicare Clinical Trial Policies (CMS)

        Clinical Trials (ICMJE)

        Policy History:

        Adopted: 5/25/2018 (Approved by President’s Cabinet)

        Academic Adjustments for General Education Competencies, Policy on

        Title: Policy on Academic Adjustments for General Education Competencies: Qualitative Reasoning And/Or Second Language
        Policy Owner: University Senate
        Applies to: Undergraduate Students
        Campus Applicability: All Undergraduate Programs at all Campuses
        Effective Date: December 2017
        For More Information, Contact:  University Senate
        Contact Information:  (860) 486-2236
        Official Website:  https://senate.uconn.edu/

        Introduction

        The University Senate enacted General Education requirements to ensure that all University of Connecticut undergraduate students become articulate and acquire intellectual breadth and versatility, critical judgment, moral sensitivity, awareness of their era and society, consciousness of the diversity of human culture and experience, and a working understanding of the processes by which they can continue to acquire and use knowledge. A critical element of General Education is demonstrated competency in four fundamental areas –information literacy, quantitative skills, second language proficiency, and writing. The development of these competencies involves two thresholds: establishing entry-level expectations and meeting graduation expectations. In cases involving a significant disability, the graduation expectations for the quantitative skills and/or second language competency may be a barrier to degree completion. The University has established a policy for considering academic adjustments to the University General Education Requirements and individual school/college requirements in an effort to respond to the extraordinary circumstances of students while maintaining academic integrity. In all cases, justification of an academic adjustment requires evidence of the disability’s impact upon the student’s ability to learn the course material.

        Policy

        The vast majority of students who experience difficulty in fulfilling the Quantitative Reasoning and/or Second Language Competency will experience success by employing any number of academic support and/or advising strategies. Academic adjustments are only considered for students with disabilities whose documentation and/or educational history provide compelling evidence of an inability to complete graduation expectations so that an academic adjustment is warranted. Each academic adjustment will be based on an individualized, case-by-case assessment and should not compromise the academic integrity of the requirements for a specific major or degree. Academic adjustments may include an exception to an academic rule, such as allowing a student to complete a required course(s) on a pass/fail basis or substituting an alternative course(s) for a required course(s).

        The following rules will apply:

        • If quantitative or second language competency is deemed an essential element of a program or
          course of study, then a substitution is not permitted. The question of “essential element” will be
          decided by the Dean or designee of each school or college.
        • Academic adjustments will not reduce the number of courses/credits required to complete General
          Education requirements. Waivers of General Education requirements are never granted.
        • If the student changes his or her school or college of enrollment, academic adjustments will be
          reviewed by the appropriate Dean’s office in the new school or college of enrollment.
        • Academic adjustments will be subject to the eight-year rule.

        Students who plan to continue their studies beyond the baccalaureate degree should be advised that approved adjustments may not meet the requirements for admission to a graduate/professional school (e.g., law, medicine, etc.).

        The Academic Adjustments Committee will convene to review requests and make final decisions. The committee will include the following individuals:

        1. Designee from the Vice Provost for Academic Affairs (Committee Chair)
        2. Designee from the Center for Students with Disabilities
        3. Designees from the Dean’s office in the petitioning student’s school or college, the Bachelor of
          General Studies Program, or the Academic Center for Exploratory Students (ACES) as appropriate
        4. Designee from the Department of Mathematics (in the case of a quantitative request)
        5. Designee from the Department of Literature, Cultures and Languages (in the case of a second
          language request)
        6. Designee from the General Education Oversight Committee

        Students may appeal the decision of the Committee to the Vice Provost for Academic Affairs within 30 days of the date of the decision. This appeal is a review of the record furnished by the Committee for the purpose of determining whether all applicable procedures have been followed. It does not include an opportunity to submit additional evidence or documentation. If, at a later date, students wish to furnish additional evidence or documentation to support their adjustment requests, they may resubmit a petition for committee review.

        At the end of each academic year, the AAC will submit a report on its activities to GEOC. The report will contain the number of cases reviewed in each category, and the outcome of each review.

        Policy History:

        Effective: December 11, 2006
        Revisions proposed by the Senate Scholastic Standards Committee November 2017 and by the Senate Curricula and Courses Committee October 2017
        Approved by University Senate December 2017

        Alcoholic Beverage Sales and Service Policy

        Title: Alcoholic Beverage Sales and Service, Policy on
        Policy Owner: Department of Dining Services
        Applies to: Students, Employees, Others
        Campus Applicability: All Campuses
        Effective Date: October 23, 2017
        For More Information, Contact Department of Dining Services or
        UConn Health
        Contact Information: (860) 486-3128 (Storrs/Regional Campuses)
        (860) 679-4177 (UConn Health)
        Official Website: http://www.dining.uconn.edu

        Purpose

        To provide specific requirements for the sale and/or service of alcoholic beverages at University sponsored events.

        Scope

        This policy does not apply to non-University on-campus entities (such as the University of Connecticut Foundation and the Nathan Hale Inn) or off campus Athletic venues.

        Definitions

        University Sponsored Events: An official activity, function or meeting operated and/or financially supported by the University of Connecticut, whether on- or off-campus.

        Permanent Installation: A permanent foodservice operated by the Department of Dining Services on a Regional Campus.

        POLICY STATEMENT

        Alcohol Service on University Campuses: The Department of Dining Services is the sole liquor permit-holder on University campuses with a Permanent Installation, and is solely responsible for ensuring the proper service of alcohol at any on-campus University Sponsored Event where a Permanent Installation exists. Campuses with a Permanent Installation must use the Department of Dining Services to serve alcohol. At campuses without a Permanent Installation (except UConn Health) departments must seek approval from the Department of Dining Services to use an alternate service. Requests must be approved in writing by the Department of Dining Services. At UConn Health, requests must be approved in writing by the Dean of the School of Medicine, the Dean of the School of Dental Medicine, or the Chief Administrative Officer, as appropriate.

        Alcohol Service at Off-Campus University Sponsored Events:  If alcohol is to be served at an off-campus University Sponsored Event, the individuals responsible for event planning must ensure that the sale and/or service of alcohol complies with this policy.

        Sales and Service of Alcoholic Beverages

        Alcoholic beverages may be possessed, served, sold or consumed at a University Sponsored Event or Permanent Installation only under the following conditions:

        • In no circumstances may alcohol be purchased with University funds or Trustee student organization fees, either directly or indirectly. For example, funds used to purchase food or cover facility fees may never subsidize the purchase of alcohol.
        • Service and sale of alcoholic beverages is covered by an appropriate liquor permit. At campuses with a Permanent Installation, this is the Department of Dining Services’ liquor permit. At campuses without a Permanent Installation, including UConn Health, this is an approved vendor or caterer’s liquor permit.
        • Alcohol servers are TIPS (Training for Intervention Procedures) certified.
        • Alcoholic beverages are served as a complement to a planned program or event with a legitimate University business purpose.
        • Alcoholic beverage service is accompanied by food service and non-alcoholic beverage alternatives in amounts sufficient for all attendees.

        Additional restrictions include:

        • Alcohol service is prohibited in academic buildings while classes are in session in that building. At UConn Health, exceptions must be approved in writing by the appropriate Dean or the Chief Administrative Officer.
        • University employees may not host department meetings or gatherings on campus and supply their own alcohol.
        • At campuses with a Permanent Installation, all alcohol service must be arranged, purchased, and served by the Department of Dining Services. External caterers may not provide alcohol on these campuses.
        • No alcoholic beverages may be served for any group of students of the University, or for any function, where it is reasonable to expect consumption by persons under the age of twenty-one years.

        Campuses without the Presence of the Department of Dining Services

        If alcohol is to be served at a University Sponsored Event at a campus without a Permanent Installation (except UConn Health), the individuals responsible for event planning must first submit a request for approval to the Department of Dining Services. This form is located at https://dining.uconn.edu/alcohol-request-form/. At UConn Health, requests must be submitted using this form and approved by the Dean of the School of Medicine, the Dean of the School of Dental Medicine, or the Chief Administrative Officer, as appropriate.

        Exceptions to this policy may be granted by the Office of the President. At all times, any entity serving alcohol on campus must have the appropriate liquor permit.

        Enforcement

        This policy is intended to complement existing University policy regarding alcohol, including but not limited to, the General Rules of Conduct, Student Code, and the University Policy on Alcohol and Other Drugs.

        Violations of these policies may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Code.  Depending on the nature and severity of the violations, additional sanctions may be enacted.