Students

Working Alone Policy

Title: Working Alone Policy
Policy Owner: Division of Environmental Health and Safety
Applies to: University Students
Campus Applicability: Storrs, Regionals, Law School
Effective Date: January 2013
For More Information, Contact Environmental Health and Safety
Contact Information: (860) 486-3613
Official Website: http://www.ehs.uconn.edu/

POLICY STATEMENT

No student is permitted to Work Alone in an Immediately Hazardous Environment.

REASON FOR POLICY

This policy has been developed to minimize the risk of serious injury while Working Alone with materials, equipment or in areas that could result in serious injury or an immediate life-threatening hazard.

APPLIES TO

This policy applies to undergraduate, graduate, and post-doctoral students performing academic or research related work at the University of Connecticut Storrs, regional campuses and the Law School.

DEFINITIONS

Working Alone means an isolated student working with an immediately hazardous material, equipment or in an area that, if safety procedures fail, could reasonably result in incapacitation and serious life threatening injury for which immediate first aide assistance is not available.

Immediately Hazardous Environment describes any material, activity or circumstance that could cause instantaneous incapacitation rendering an individual unable to seek assistance.  Examples include but are not limited to: potential exposure to poisonous chemicals and gases at a level approaching the IDLH (Immediately Dangerous to Life & Health); work with pyrophoric and explosive chemicals; work with pressurized chemical systems; entering confined spaces; work near high voltage equipment; work with power equipment that could pinch or grab body parts and/or clothing; etc.

Unit Managers are managers, supervisors, principle investigators, faculty, Department Heads and others who are responsible for assigning work to students that involve potential exposure to immediately hazardous environments.

Safety Content Expert is a safety professional from the UConn Department of Environmental Health and Safety (EHS).  EHS provides guidance to Unit Managers and their designees regarding the proper classification of campus activities as Immediately Hazardous or not; and provides safety information regarding proper procedures and personal protective equipment needed.

Direct Observation means the assigned second person is in line of sight or close hearing range with the individual working in an Immediately Hazardous Environment.

ENFORCEMENT

Violations of this policy may result in appropriate disciplinary measures in accordance with University Laws and Bylaws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements and the University of Connecticut Student Conduct Code.

RESPONSIBILITIES

Unit Managers are responsible for identifying the risks and conditions that may place a student in an Immediately Hazardous Environment.  If unsure about a specific task or location, Unit Managers are advised to contact EHS to assist in recognizing/evaluating risks, and to help in developing appropriate hazard controls. The Unit Manager is also responsible to see that personnel are properly trained, proper procedures are in place, and that proper personal protective equipment is readily available and use is mandatory. This is documented by means of the Workplace Hazard Assessment form.

If the task/area is deemed a Working Alone situation, the Unit Manager must either:

a) Assign a second person for the duration of the immediately hazardous task or for work in immediately hazardous locations (confined spaces, elevated work area, etc.); or

b) Reschedule the work to a time when others are available to help monitor the welfare of the assigned student.

All personnel are responsible for notifying the Unit Managers of situations that present the possibility of a student Working Alone in an immediately hazardous environment.

Personnel assigned to keep watch must provide Direct Observation at all times while students are in an Immediately Hazardous Environment to prevent a Working Alone situation.

Students are directly responsible for adhering to all safety procedures, wearing appropriate personal protective equipment and to be current in training requirements.  Students shall not Work Alone in an area or on tasks that have been recognized as an Immediately Hazardous Environment.

Environmental Health & Safety (EHS) personnel shall, upon request, assist in identifying Immediately Hazardous Environments and Working Alone situations.  EHS shall assist in the anticipation, recognition and evaluation of hazards and provide expertise in developing controls to prevent injuries to personnel.  EHS will verify submitted area Workplace Hazard Assessment during routine inspections.

Recommended Safety Information Resources

Refer to the EH&S website for additional workplace safety requirements:

Policies, programs and procedures

Training

Forms

Secure Web Application Development, Information Technology

Title: Secure Web Application Development, Information Technology
Policy Owner: Information Security Office
Applies to: Students, Employees, Users
Campus Applicability:  Storrs and Regionals
Effective Date: May 16, 2012
For More Information, Contact Chief Information Security Officer
Contact Information: (860) 486-8255
Official Website: https://security.uconn.edu/

This policy is available in the Information Security Policy Manual.

Departments will ensure that development, test, and production environments are separated. Confidential Data must not be used in the development or test environments.

Production application code shall not be modified directly without following an emergency protocol that is developed by the department, approved by the Data Steward, and includes post-emergency testing procedures.

Web servers that host multiple sites may not contain Confidential Data.

All test data and accounts shall be removed prior to systems becoming active in production.

The use of industry-standard encryption for data in transit is required for applications that process, store, or transmit Confidential Data.

Authentication must always be done over encrypted connections. University enterprise Central Authentication Service (CAS), Shibboleth, or Active Directory services must perform authentication for all applications that process, store, or transmit Confidential or Protected Data.

Change sentence to “Web application and transaction logging for applications that process, store, or transmit Confidential Data or Regulated Data must submit system-generated logs to the ITS Information Security Office. For more information please view UConn’s Logging Standard.

Departments implementing applications must retain records of security testing performed in accordance with this policy.

Policy Created: May 16, 2012

Security Awareness Training Policy, Information Technology

Title: Security Awareness Training Policy, Information Technology
Policy Owner: Information Technology Services / Chief Information Security Officer 
Applies to: All faculty, staff, student employees, and volunteers   
Campus Applicability: All campuses except UConn Health 
Effective Date: August 30, 2021
For More Information, Contact UConn Information Security Office 
Contact Information: techsupport@uconn.edu or security@uconn.edu 
Official Website: https://security.uconn.edu/

PURPOSE 

The Information Security Office (ISO) maintains an active Security Awareness Training program available to all faculty, staff, and student employees. This policy establishes the authority of the ISO to mandate Security Awareness training as needed and outlines the expectations for individuals and departments in assisting with ensuring the confidentiality, integrity, and availability of university systems, services, and data. 

APPLIES TO 

This policy applies to all University faculty, staff, student employees, and volunteers who regularly interact with or have access to confidential or protected information within the university. 

POLICY STATEMENT  

While the Information Security Office maintains an active information security program, faculty and staff members’ knowledge of the threats and risks to the University’s systems and data is a critical component in helping to defend the University from attack.  

The ISO maintains an Information Security Awareness program that supports University employees’ and students’ needs for regular training. Training on important information security topics is available or communicated in multiple ways including: 

  • Online training systems with a variety of topics relevant to Information Security (available at https://security.uconn.edu/training) 
  • Communications to targeted groups by email of ongoing or imminent threats 
  • Postings on various web-based systems across the university (security.uconn.edu or techsupport.uconn.edu) 
  • Availability of ISO staff for in-person discussions on information security 

As part of their ongoing operations and employee development, all academic and administrative departments should identify opportunities to engage faculty, staff, and student employees in Security Awareness training annually. These opportunities may include those offerings from the ISO or a tailored program for specific threats against departments or systems, which may also be included in procedural manuals or scheduled as group training opportunities. 

The ISO is authorized to mandate Security Awareness training. In some areas, Security Awareness training may be mandatory based on federal or industry regulations. Training for these programs must be coordinated with the ISO to ensure regulatory requirements are met.  

ENFORCEMENT  

Failure to comply with mandatory Security Awareness training, or to coordinate training with the ISO, may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code. 

Questions about this policy or suspected violations may be reported to any of the following: 

Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

Information Security Office – https://security.uconn.edu 

REFERENCES 

Compliance Training Policy 

POLICY HISTORY 

Policy created:  May 16, 2012 

Revisions:  August 30, 2021 [Approved by President’s Senior Team]

Risk Management, Information Technology

Title: Risk Management, Information Technology
Policy Owner: Information Technology Services / Chief Information Security Officer 
Applies to: All department and school/college system owners and IT professionals   
Campus Applicability: All campuses except UConn Health 
Effective Date: August 30, 2021
For More Information, Contact UConn Information Security Office 
Contact Information: techsupport@uconn.edu or security@uconn.edu 
Official Website: https://security.uconn.edu/

PURPOSE 

As technology and capabilities change our University environment, threats against these technologies also evolve. To provide the highest level of protection for the University, department and system owners are responsible for regular assessments of risks to their technology platforms. The Information Security Office is responsible for overseeing the evaluation of IT risk across the organization. 

APPLIES TO 

This policy applies to all University department and school/college system owners and IT professionals.  

DEFINITIONS  

Confidential Data: Confidential data is institutional information protected by law, government regulations, statutes, industry regulations, contractual obligations, or specific university policies. Examples of confidential data may include Personally Identifiable Information (PII), Protected Health Information (PHI), Educational Records (FERPA), Credit Card Information (PCI-DSS). An extended list of Confidential Data can be found in Appendix A of the Data Classification Policy. 

Protected Data: Protected data is institutional information that must be guarded due to proprietary, ethical, privacy, or business process considerations. By default, most administrative data will fall into this classification or if data is not confidential or public, it will fall into the protected data category. 

Risk Assessment: Part of the ongoing risk management process that assigns relative priorities for mitigation plans and implementation.  

Risk Assessment Tool: Risk assessment tools are available to department and school/college system owners and IT professionals to collect information about systems, services, and data that will inform efforts to continuously strengthen UConn’s information security.  

POLICY STATEMENT  

The Information Security Office (ISO) is authorized to administer the University’s risk management process, which includes the delegation of responsibility for ensuring that information systems are assessed for risk. 

Due to the size and complexity of the UConn environment, each department and system owner is responsible for conducting a regular and ongoing risk assessment of the Information Technologies they are responsible for overseeing. 

In conducting a risk assessment, departments/individuals should evaluate risks to Information Technology based on a People, Process, Technology (PPT) methodology. Using this methodology and leveraging ISO policies, including the Acceptable Use Policy, Confidential Data Policy, Data Roles and Responsibilities Policy, Security Awareness Training Policy and System and Application Security Policy (available at https://security.uconn.edu), departments must evaluate opportunities to reduce risk to the confidentiality, integrity, and availability of information technology assets. 

Some University organizations will be required to do regular risk assessments as a regulatory or industry requirement. Organizations typically focusing on Personal Health Information or Credit Card Processing will have more formal risk assessments conducted by their leadership and review by Information Security Office on an annual basis.   

ENFORCEMENT 

Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code. 

Questions about this policy or suspected violations may be reported to any of the following: 

Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

Information Security Office – https://security.uconn.edu 

 

POLICY HISTORY 

Policy created:  May 16, 2012 

Revisions: August 30, 2021 [Approved by the President’s Senior Team]

 

Data Classification Policy

Title: Data Classification Policy
Policy Owner: Information Technology Services / Chief Information Security Officer 
Applies to: All students, faculty, staff, volunteers, and contractors  
Campus Applicability:  All Campuses except UConn Health
Effective Date: August 30, 2021
For More Information, Contact UConn Information Security Office 
Contact Information: techsupport@uconn.edu or security@uconn.edu 
Official Website: https://security.uconn.edu/

PURPOSE 

This policy defines the classifications of institutional data (i.e., the categories of data that the University is responsible for safeguarding) and the associated measures that are necessary to safeguard each classification. Institutional data commonly exists in many forms, including electronic, magnetic, optical, and traditional paper documents. Common types of electronic data include email messages, spreadsheets, word processing documents, PDF reports, and university managed databases and file storage systems. 

APPLIES TO 

This policy applies to all University faculty, staff, students, student employees, volunteers, and contractors who have access to protected or confidential information. This policy covers data that is stored, accessed, or transmitted in all formats, including electronic, magnetic, optical, paper, or other non-digital formats. 

DEFINITIONS  

Cloud: Any environment not operated by UConn. This includes cloud-based services that provide basic infrastructure including operating system and storage or services that provide a full software stack for an intended purpose or platform offering multiple services. 

Confidential Data: Institutional information protected by law, government regulations, statutes, industry regulations, contractual obligations, or specific university policies. Examples of confidential data may include Personally Identifiable Information (PII), Protected Health Information (PHI), Educational Records (FERPA), Credit Card Information (PCI-DSS). An extended list of Confidential Data can be found in Appendix A of this policy. 

Protected Data: Institutional information that must be guarded due to proprietary, ethical, privacy, or business process considerations. By default, most administrative data will fall into this classification or if data is not confidential or public. 

Public Data: Institutional information that may or must be freely available to the general public. Such information has no local, national, international, or contractual restrictions on access or usage. 

POLICY STATEMENT  

Through the normal course of business, many individuals at the University of Connecticut collect, maintain, transmit, and/or have access to personal information, financial data, and other information which is protected or confidential in nature. The protection of some types of data is governed by industry or governmental regulations. While other types of information may not be covered by specific legal requirements, it is in the University of Connecticut’s best interest to take steps to safeguard all university information reasonably and responsibly. 

Except for those classes of data expressly protected by statute, contract, or industry regulation, the data classification examples presented in this policy are guidelines. Ultimate responsibility for the classification in the university environment is determined by the Data Steward, as defined in the University’s Data Roles and Responsibilities Policy, and the Office of General Counsel for any given set of data. 

Data Protection 

The University of Connecticut has established the following requirements and guidelines in order to protect each classification of data. 

Public Data 

While there are few restrictions on public data, such data should be properly secured to prevent unauthorized modification, unintended use, or inadvertent/improper distribution. It should be understood that any information that is widely disseminated within the university community is potentially available to the public at large. 

The following guidelines are for information systems that are used to store and share the University’s public data. 

  • When practical, public data should only be shared via systems over which the University maintains full administrative control, which includes the ability to remove or modify the data in question. 
  • Information systems, such as web servers or cloud services that are used to share public data, must be properly secured to prevent the unauthorized modification of published public data. 
  • Interactive access to databases containing public data, such as online directories or library catalogs, should be properly secured using query rate limiting, CAPTCHA’s or similar technology to impede bulk downloads of entire collections. 

    Protected Data 

    Protected data requires additional levels of protection because its unauthorized disclosure, alteration, or destruction could cause damage to the University or its constituents.  

    In addition to the requirements outlined for public data, protected data must also meet these requirements: 

    • If stored in the cloud, stored only on cloud-based information systems managed or contracted by the University. 
    • Protected through the use of authenticated access in order to prevent loss, theft, or unauthorized access, disclosure or modification. 
    • Printed sensitive data including reports must be stored in a secure manner (file cabinet, closed office, or department where electronic/physical access control systems are in place) when not in use. 

    Confidential Data 

    Confidential data (see Appendix A) requires the highest level of protection due to the risk and magnitude of loss or harm that could result from disclosure, alteration, or destruction of the data. Certain types of information, such as health information, may have additional requirements for protection. Wherever possible, confidential information should remain in source systems and not propagated through saved files, spreadsheets, or other file formats. Whenever storage of confidential data is required outside the source system, it should be limited to the minimum amount, and for the minimum time, required to perform the business function, or as required by law and/or State of Connecticut Data Retention requirements. 

    In addition to the requirements for protected data, confidential data must be: 

    • Protected with strong passwords and should leverage Multi-Factor Authentication whenever such capabilities exist.  
    • Stored on devices that have appropriate protection, monitoring and encryption measures in order to protect against theft, unauthorized access and unauthorized disclosure. 
    • Transmitted using approved encryption methods. 
    • Accessed via approved remote access services such as VPN when accessed remotely.  
    • Stored on university-owned devices. Confidential data is not permitted to be stored on any personally owned devices including mobile phones, laptops, or home computers. 
    • Stored, if printed material, only in a locked drawer; a locked room; an area where access is controlled by a guard, cipher lock, and/or card reader; or an area that has sufficient physical access control measures to afford adequate protection and prevent unauthorized access by members of the public, visitors, or other individuals not on a need-to-know basis. 

      The University’s Confidential Data may not be accessed, transmitted, or stored using public computers or via email. 

      Encryption 

      To maintain its confidentiality, all data shall be encrypted while in transit across communication networks or when stored. Stored data may only be encrypted using current encryption methodologies. To ensure that data is available when needed, each department or user of encrypted University data will ensure that encryption keys are adequately protected and that procedures are in place to allow data to be recovered by another authorized University employee. In employing encryption as a privacy tool, users must be aware of, and are expected to comply with, Federal Export Control Regulations. 

      Service Providers  

      Departments shall take steps to ensure that third-party service providers understand the University’s Data Classification Policy and protection of the University’s Data. No user may give a third-party access to the University’s Protected or Confidential Data or to systems that store or process Protected or Confidential Data without permission from the Data Steward and a standard Confidentiality Agreement from University Procurement in place.  

      Disposal 

      Systems administrators will ensure that all data stored on electronic media is properly destroyed or wiped to current Department of Defense Data Wipe standards prior to the disposal or transfer of the equipment.  

      Confidential Data maintained in hard copy form will be properly disposed of when no longer required for business or legal purposes. 

      ENFORCEMENT 

      Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code.  

      Questions about this policy or suspected violations may be reported to any of the following: 

      Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

      Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

      Information Security Office – https://security.uconn.edu 

      REFERENCES 

      Data Roles and Responsibilities, Policy On 

      POLICY HISTORY 

      Policy created:  May 16, 2012 

      Revisions: August 30, 2021

       

      Data Roles and Responsibilities Policy

      Title: Data Roles and Responsibilities Policy, Information Technology
      Policy Owner: Information Technology Services / Chief Information Security Officer 
      Applies to:  All students, faculty, and staff  
      Campus Applicability:  All campuses except UConn Health 
      Effective Date: August 30, 2021
      For More Information, Contact UConn Information Security Office 
      Contact Information: techsupport@uconn.edu or security@uconn.edu 
      Official Website: https://security.uconn.edu/

      PURPOSE 

      To define the responsibilities of individuals within the organization in protecting the University of Connecticut’s data assets. 

      APPLIES TO 

      This policy applies to all University faculty, staff, students, student employees, volunteers, and contractors who have access to or have been assigned one of the roles defined in this policy. 

      POLICY STATEMENT  

      Through the normal course of operations of the University, ever increasing amounts of data are created, processed, modified, and eventually disposed of as part of daily activities. To ensure the proper management of the various data sets, the University has defined the following roles and responsibilities to ensure data is properly protected, used, and managed throughout its lifecycle. 

      Data Stewards are employees of the university responsible for the overall use and proper handling of administrative, academic, public engagement, or research data. Data Stewards must classify data according to the University’s Data Classification Policy. Data Stewards ensure that appropriate steps are taken to protect data and implement policies and agreements that define appropriate use of data.  

      The Data Steward or their designated representatives are responsible for: 

      • Ensuring the information they are responsible for is accurate 
      • Authorizing the specific use of information across the organization 
      • Working with other Data Stewards to resolve conflicting data issues 
      • Specify appropriate controls, based on data classification, to protect the data from unauthorized modification, deletion, or disclosure 
      • Ensuring access rights are evaluated on a regular basis 

        Data Administrators are usually system administrators who are responsible for applying appropriate controls to data based on its classification level and required protection level. Data Administrators are also responsible for securely processing, storing, and recovering data. The Data Administrator is accountable for: 

        • Implementing the appropriate controls specified by the Data Stewards 
        • Removing access rights to specific data resources due to a job change or separation from the University 
        • Implementing the appropriate monitoring techniques and procedures for detecting, reporting, and investigating incidents 
        • Assisting Data Stewards in evaluating the overall effectiveness of controls and monitoring  

        Data Users are individuals who receive authorization from the Data Steward/Administrator to access, enter, or update information. Data Users  must use the resource only for the purpose specified by the Data Steward, complying with controls established by the Steward, and preventing disclosure or confidential or protected information. 

        ENFORCEMENT 

        Failure to properly fulfill the roles and responsibilities articulated in this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code. 

        Questions about this policy or suspected violations may be reported to any of the following: 

        Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

        Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

        Information Security Office – https://security.uconn.edu 

         

        POLICY HISTORY 

        Policy created:  May 16, 2012 

        Revisions: August 30, 2021 [Approved by President’s Senior Team]

        Acceptable Use, Information Technology

        Title: Acceptable Use, Information Technology
        Policy Owner: Information Technology Services/Chief Information Security Officer
        Applies to: All University Information Technology Users
        Campus Applicability: All campuses except UConn Health
        Effective Date: August 30, 2021
        For More Information, Contact UConn Information Security Office
        Contact Information: techsupport@uconn.edu or security@uconn.edu
        Official Website: https://security.uconn.edu/

        BACKGROUND 

        The University’s IT resources support many systems to fulfill the academic, research and administrative needs of the University’s constituents, including students, faculty, staff, and guests. These resources must be used in a responsible manner consistent with Federal and State laws and University policies. 

        PURPOSE 

        To define expectations of appropriate use and inform all users of information technology (IT) resources at UConn of their obligation to comply with all existing laws and institutional policies in their use of IT resources. 

        APPLIES TO 

        This policy applies to all constituents (students, faculty, staff, affiliates and guests) who use UConn’s information technology resources, including but not limited to wired and wireless networks, computer-based systems and services, printers/copiers, and cloud-based services. 

        DEFINITIONS  

        Access Point (AP): A networking hardware device that allows other Wireless (Wi-Fi) devices to connect to the University network. 

        Information Technology (IT) Resources: Include but are not limited to: 

        • Systems and equipment such as computers, hard drives, printers, scanners, video and audio recorders, cameras, photocopiers and other related devices.  
        • Software such as computer software, including open-source and purchased software, and all cloud-based software including infrastructure-based cloud computing and software as a service.  
        • Networks such as all voice, video, and data systems, including both wired and wireless network access across the institution. 

          IoT: Internet of Things are devices that communicate across a network without direct human interaction. These include but are not limited to smart assistants, lightbulbs, appliances, and televisions. 

          POLICY STATEMENT  

          The appropriate use of UConn IT Resources focuses on three primary areas including: (1) the fair and equitable use of limited resources by all constituents; (2) individual responsibilities in the use of UConn IT resources; and (3) the appropriate use of IT resources in compliance with all applicable federal and state laws, university rules, regulations and policies. 

          All activities involving the use of UConn IT resources are not personal or private; therefore, users should have no expectation of privacy in the use of these resources.  Information stored, created, sent or received via UConn systems, including cloud-based systems, may be accessible when required by law, including requests made under the Freedom of Information Act (FOIA), the Family Educational Rights and Privacy Act (FERPA), subpoena, or other legal process, statute, or regulation. 

          ACCEPTABLE USE 

          • UConn provides IT resources to enable faculty, students, and staff to accomplish their university-related work and support the University’s mission. University equipment is to be used primarily in support of the University’s mission and may not be used to conduct commercial activities or any activity prohibited by state and federal law or University policy.  
          • UConn IT Resources may not be used for the illegal download, copying, or distribution of copyright materials without the copyright owner’s permission or where not permitted by fair use standards under the TEACH Act. 
          • Actions that negatively impact the ability of the University to operate or cause undue stress on IT resources are prohibited. These actions include but are not limited to interfering with the legitimate use of IT resources by others, introducing additional software or devices to any IT resource without appropriate authorization, or the mass mailing of unapproved email or other electronic communication. 
          • Do not intentionally seek or provide information or access to IT resources to which one is not authorized, nor assist others in doing so. Do not attempt to subvert or circumvent University systems’ security measures nor use University IT resources to subvert or circumvent other systems’ security measures for any purpose. 
          • Do not publish, post, transmit or otherwise make available content that is in violation of law or policy. The University cannot protect individuals against the existence or receipt of material that may be offensive to them. As such, those who make use of electronic communications are warned they may come across or be recipients of material they find offensive or objectionable. 
          • Do not violate the privacy of other individuals. This includes viewing, monitoring, copying, altering, or destroying any file, data, transmission or communication unless you have been given explicit permission by the owner. 
          • Do not forge, maliciously disguise or misrepresent your personal identity. This policy does not prohibit users from engaging in anonymous communications, providing that such communications do not otherwise violate the Acceptable Use Policy. University technology resources may not be used by employees of the University for partisan political purposes or presenting the impression the University has a particular political position except for those individuals authorized by the University as part of their formal responsibilities. 

            INDIVIDIUAL RESPONSIBILITIES 

            • Protect your data and the institution’s data 
            • Do not share your password with ANYONE or allow anyone else to use your account(s).  
            • Do not use anyone else’s account. 
            • Be vigilant in identifying and reporting various types of phishing attacks to gain access to your information. Store confidential and/or sensitive data on appropriate University approved services only. 
            • While UConn owned computers often are maintained by ITS and other University IT organizations, any personally owned devices connecting to the University network (including tablets, cell phones and IoT devices) are expected to be kept up to date with current operating system and software patches, as well as employing appropriate security measures which are automatically updated. 
            • Do not utilize UConn computing resources, including personally owned computers connected to UConn’s network for non-University related commercial activity.  
            • Users who connect personally owned computers to UConn’s network that are used as servers, or who permit others to use their computers, whether directly or through user accounts, have the additional responsibility to respond to any use of their server that is in violation of the Acceptable Use Policy. IT Resource administrators and those who permit the use of the computers by others are responsible for the security and actions of others on their systems. 

                  ENFORCEMENT 

                  Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code.  

                  Individual or system access may be revoked at any time based on the decision of the Chief Information Security Officer or the Chief Information Officer to protect the confidentiality, integrity, and/or availability of UConn IT Resources.  

                  PROCEDURES/FORMS 

                  Questions about this policy or suspected violations may be reported to any of the following: 

                  Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) 

                  Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357) 

                  Information Security Office – https://security.uconn.edu 

                  POLICY HISTORY 

                  Policy created:  05/16/2012 

                  Revisions: 08/24/2015; 08/30/2021 [Approved by President’s Senior Team]  

                   

                  Accounts Payable Policies and Procedures Manual

                  Title: Accounts Payable Policies and Procedures Manual
                  Policy Owner: Accounts Payable
                  Applies to: Faculty, Staff, Students
                  Campus Applicability: All University departments at all campuses except UConn Health
                  Effective Date: March 28, 2012
                  For More Information, Contact Accounts Payable
                  Contact Information: (860) 486-4137
                  Official Website:  https://accountspayable.uconn.edu/

                  PURPOSE

                  The following Policies and Procedures ensure that the University pays claims in a timely and accurate manner, while safeguarding the University by adhering to Federal and State regulations. Moreover, these Policies and Procedures provide efficient, effective and professional service to our students, faculty, staff, and vendors.

                  APPLIES TO

                  These policies and procedures apply to faculty, staff, and students on all University of Connecticut campuses.

                  POLICIES AND PROCEDURES

                  • Payment of Personal Services

                  For services costing less than $2,500, please visit: http://accountspayable.uconn.edu/payment-for-personal-services/ .

                  • Payment of Meals

                  For meal expenses incurred while attending meetings held in connection with University Business, please visit: https://policy.uconn.edu/2011/05/24/payment-of-meals-policy/ (for Travel meal expense policies, please visit: https://policy.uconn.edu/2020/04/29/travel-and-entertainment-policies-and-procedures)

                    • Out of Pocket Purchases

                    University employees may make small out-of-pocket purchases of emergency allowable goods and services for official University use. Please visit: http://accountspayable.uconn.edu/out-of-pocket-purchases/

                      • Accreditation Expenses

                      Payment of the services of a team or an individual for the purpose of gaining or maintaining accreditation requires a Personal Services Agreement when the cost is $2,000 or more.

                      Please visit: http://accountspayable.uconn.edu/accreditatation-expenses/

                      • Memberships

                      Professional organization memberships may be processed through HuskyBuy or the departmental purchasing card. Please visit: http://accountspayable.uconn.edu/membership-in-professional-organizations/

                      • Recruitment Expenses

                      Please visit: https://policy.uconn.edu/2011/05/31/reimbursement-of-recruitment-and-moving-expenses/

                      • Subscriptions

                      Subscriptions to magazines, newspapers or periodicals may be processed through HuskyBuy or the departmental purchasing card. Please visit: http://accountspayable.uconn.edu/subscriptions-to-magazines-newspapers-or-periodicals/

                      ENFORCEMENT 

                      Violations of this policy or associated procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, and applicable collective bargaining agreements.

                          POLICY HISTORY

                          Policy Created Effective: March 28, 2012
                          Revised: May 1, 2020; editorial revisions January 24, 2022

                          Use Of Space Heaters in University Buildings

                          Title: Use Of Space Heaters in University Buildings
                          Policy Owner: Environmental Health & Safety/UConn Fire Department
                          Applies to: Faculty, Staff, Students, Others
                          Campus Applicability: Storrs and Regional Campuses, and the Law School
                          Effective Date: February 6, 2012
                          For More Information, Contact Division of Environmental Health and Safety
                          Contact Information: (860) 486-3613
                          Official Website: http://www.ehs.uconn.edu/

                          PURPOSE

                          As stated in the University’s Health and Safety Policy, the University of Connecticut is committed to providing a healthful and safe environment for all activities under its jurisdiction. In keeping with this commitment, the University has developed this policy to protect the University community and its visitors from the significant fire and workplace safety risks posed by the use of space heaters.  This policy is in keeping with the requirements of the Connecticut Life Safety and Building codes and ConnOSHA and CT Department of Public Health regulations.

                          SCOPE

                          This policy applies to the use of space heaters by faculty, staff, students, and others in University-owned buildings at the Storrs and regional campuses and at the Law School.

                          POLICY STATEMENT

                          Space heaters pose serious fire and electrical hazards, and are not efficient from an energy use standpoint; therefore, the use of space heaters at the University is strongly discouraged. Their use should be reserved for times of heating system failures rather than as a means for supplementing an existing heating system.

                          University building occupants should first contact Facilities Operations Work Order Control (6-3113) to request assistance in adjusting the temperature of an area.  If Facilities Operations personnel determine that the work area cannot be heated to the satisfaction of the occupant(s), the temporary use of space heaters will be allowed with the following exceptions:
                          Space heaters are not permitted in residential occupancies unless issued by permit through the UConn Fire Department in emergencies.  Space heaters are not permitted, under any circumstances, in laboratories, inpatient units, storage areas, or areas not actively occupied by people.  However, space heaters will be permitted in laboratory office spaces.

                          ENFORCEMENT

                          The University Fire Department and the Department of Environmental Health and Safety reserve the right to inspect and declare “unapproved” any space heater that creates a safety hazard or is inappropriate to a particular location, based on specific circumstances or legal requirements.  If warranted, space heaters may be removed from service and taken to a designated storage area for later collection by its owner and subsequent removal from the University.

                          Violations of this policy may result in appropriate disciplinary measures in accordance with University Laws and By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Conduct Code.

                          PROCEDURES

                          Approved Heaters

                          In order to ensure that all space heaters meet current safety guidelines, the University Fire Department and the Department of Environmental Health and Safety have approved a limited selection of space heaters for use within the University, which are available at Central Stores.

                          See approved space heaters here.

                          Effective Fall Semester 2003, all other space heaters currently in use must be taken out of service.  Department-owned heaters must be turned in as surplus to Central Storrs.  Privately owned heaters must be removed from the University.

                          Safe Use and Care

                          • BEFORE OPERATING A HEATER, ALWAYS READ AND FOLLOW THE MANUFACTURER’S OPERATING INSTRUCTIONS.
                          • To prevent overloading an electrical circuit, a space heater must be plugged into a circuit that is rated for 15 amps or more.
                          • Always turn off a heater and unplug it when you leave the office.  NEVER leave an operating heater unattended.
                          • Before use, ensure that the heater is clean and not covered with dust.  The cord must be in good condition and not frayed.
                          • NEVER use an extension cord or power strip with a space heater.  It should be plugged directly into a permanent wall outlet (receptacle). Exception: Radiant Panel heaters may be used with extension cords or power strips rated for 15 amps or more.
                          • Never run a power cord under a carpet or floor mat.
                          • NEVER use a heater where flammable materials or vapors may be present.
                          • Do not use space heaters under desks or in other enclosed spaces.
                          • Do not place a heater near combustible materials such as papers, fabric, plastics, or office furniture.
                          • Do not place a heater in or near wet areas or in high traffic areas such as exit ways.
                          • ALWAYS maintain safe distance clearances around space heaters, as directed by the manufacturers’ instructions.
                          • Inspect space heaters at least annually and have them repaired, as needed, by a qualified electrician.
                          • Heaters that cannot be repaired must be discarded with the plug cut off to prevent inadvertent use by others.
                          • Avoid placing space heaters near room thermostats.

                          University of Connecticut Age Act Committee: Policy and Procedures

                          Title: University of Connecticut Age Act Committee: Policy and Procedures
                          Policy Owner: University of Connecticut Age Act Committee
                          Applies to: Students, Faculty, Staff, Graduate Assistants
                          Campus Applicability: Storrs and Regional Campuses
                          Effective Date: November 1, 2019
                          For More Information, Contact Office of Institutional Equity
                          Contact Information: (860) 486-2943
                          Official Website: https://www.equity.uconn.edu
                          Click here to view a PDF, Printer Friendly copy of this policy.

                          University of Connecticut Age Act Committee: Policy and Procedures

                             

                            I. Purpose and Scope: The University of Connecticut has established an “Age Act Committee” to evaluate a student’s request for access to or participation in any University program when that student’s age may impair the University program’s ability to meet its objectives as carried out under its normal operation. This document sets forth the operational framework for that Committee. These Policy and Procedures apply to all programs, services and activities that fall under the purview of the University of Connecticut at the Storrs and Regional campuses.

                            II. Definitions:
                            A. “The Age Act” means The Age Discrimination Act of 1975, codified at 42 U.S.C. §6101, et seq. along with its implementing regulations, found at 34 C.F.R. §110, et seq.
                            B. “The Age Act Coordinator” means the University Official responsible for overseeing compliance with the Age Act and for investigating allegations of age discrimination. The University’s Age Act Coordinator is:

                            Sarah Chipman
                            Office of Institutional Equity
                            Storrs: Wood Hall, First Floor
                            UConn Health: Munson Road, Third Floor
                            sarah.chipman@uconn.edu
                            (860) 486-2943

                            C. “The Age Act Committee Submission Form” is the form to be used by University Officials to submit a concern about a student’s access to or participation in any University program or activity based on that student’s age.
                            D. “The Committee” means the Age Act Committee, as designated by the Office of the Provost.
                            E. “Age Act Committee Chair” means a member of the Committee designated by the Provost as Chair.
                            F. “Normal Operation” means the operation of a program or activity without significant changes that would impair its ability to meet its objectives.
                            G. “Student(s)” means a student admitted by or enrolled at the University of Connecticut, as defined in UConn’s Responsibilities of Community Life: The Student Code.
                            H. “University” means the University of Connecticut.
                            I. “University Official” means any person employed by the University of Connecticut in an administrative, supervisory, academic, research or outreach, or support staff position (including law enforcement unit personnel and health staff).

                            III. Policy Statement: The University By-Laws provide, in pertinent part, that “No organization or group shall discriminate against or exclude a person because of race, religion, national origin or other protected class recognized by state or federal antidiscrimination laws, on that land owned or operated by the University of Connecticut…”. By-Laws of the University of Connecticut, Article XV, § A. Similarly, in accordance with the provisions of the Age Discrimination Act and other Federal and State laws and executive orders pertaining to civil rights, the University prohibits discrimination on the basis of age (see Policy Against Discrimination, Harassment and Related Interpersonal Violence).

                            This policy is intended to provide the same protection against discrimination afforded under the parallel anti-discrimination laws. Therefore, analysis of a student’s age discrimination claim under them thus mirrors the analysis of a claim under the Age Discrimination Act of 1975, 42 U.S.C. §§ 6101-6107, and its corresponding regulations, 34 C.F.R., Part 110. Subject to certain limited exceptions, the Age Discrimination Act mandates that “no person in the United States shall, on the basis of age, be excluded from participation in, be denied the benefits of, or be subjected to discrimination under, any program or activity receiving [f]ederal financial assistance.” 42 U.S.C. § 6102. Exceptions to the Age Act’s general prohibition against age discrimination include: a) age distinctions contained in federal, state or local statute or ordinances (34 C.F.R. § 110.2); b) reasonable actions “based on a factor other than age” (34 C.F.R. § 110.13); and c) actions that reasonably take into account age as a factor necessary to the normal operation or the achievement of any statutory objective of such program or activity (34 C.F.R. 110.12).

                            Charged by the Office of the Provost, the Age Act Committee is responsible for addressing concerns about students’ access to or participation in any University program, service or activity based on age.

                            IV. Age Act Committee Procedures
                            A. Establishment of Committee:
                            i. Members of the Age Act Committee, including its chairs, shall be designated by the Office of the Provost and serve three (3) year terms. Members may be reappointed upon the end of their term.
                            ii. The Committee shall include one representative from each of the following units: Division of Enrollment Management, Honors Program, Division of Student Affairs, and Office of Institutional Equity as well as a member of the faculty with expertise in human development or a related field. Members from additional offices may be appointed at the discretion of the Office of the Provost.
                            iii. This Policy and Procedures and the Age Act Committee Submission Form shall be available on the Office of Institutional Equity’s website.

                            B. Deliberative Process for Assessing Role of Age in University Activity, Program or Service:
                            i. Quorum Required: All Committee members share responsibility for the Committee’s decisions and are expected to fully participate in its decision-making processes. In order for the decision of the Committee to be valid, a majority of Committee members must take part in the deliberative process. The Committee shall attempt to reach its decision by consensus. In the event the participating Committee members cannot reach consensus, the outcome will be decided by a simple majority. Committee members should recuse themselves from a particular inquiry in the event they feel they may be unreasonably biased for any reason. The Provost may designate an alternate member in the event that a member elects to be recused from a case.
                            ii. Timeline: The Committee should complete its investigation and issue a decision no later than forty-five (45) calendar days from the original date of submission. Should the need arise, the Committee shall expedite its process as necessary to allow the student’s full participation in the program, service or activity, if approved, provided the Committee determines meeting the expedited timeframe does not unreasonably impair its deliberative process.

                            iii. Submission of Inquiry:
                            1. Any University Official may raise a concern about a student’s access to or participation in any University program, service, or activity based on that student’s age. In order to do so, the University Official may submit an Age Act Committee Submission Form, available on the Office of Institutional Equity’s website, to the Office of Institutional Equity.
                            2. Upon receipt, an Age Act Committee Chair will schedule a preliminary phone conference with the individual submitting the form to gain a better understanding of the circumstances giving rise to the inquiry. The objective of the conference is to collect enough information to address concerns about a student’s access to or participation in the subject University program, service, or activity based on age. Therefore, during the phone conference, the Age Act Committee Chair will seek to obtain as much information about the situation, including but not limited to the following:
                            a. A list of all other individuals (including University Officials) involved and the scope of their involvement;
                            b. The location and relevant dates and time;
                            c. The purpose and nature of the program, service, or activity;
                            d. A general understanding of the day-to-day workings of the program, service, or activity;
                            e. The deadline by which an answer from the Committee is required and the circumstances necessitating that deadline;
                            f. A list of third-party contractors that might be involved, their role and contact information; and
                            g. Any other information the Committee may need to carry out its inquiry.

                            3. The Age Act Committee Chair shall forward a copy of the Age Act Committee Submission Form to the Department Head/Program Director listed to provide them notice of the ongoing review and to solicit any additional relevant information this individual may have.

                            4. The Age Act Committee Chair shall work with the Committee to designate the Committee member who will serve as the “Recorder” for this particular inquiry. The Recorder is the individual responsible for taking and maintaining all documentation related to the particular request. All information maintained by the Recorder shall be considered in draft form until reviewed and approved by the other Committee members, at which point it becomes a final, official record of the Committee (“Final Record”).

                            iv. Fact-Gathering:
                            1. After the preliminary phone conference, the Committee shall identify the list of individuals with whom to speak (“Knowledgeable Parties”) and the appropriate order in which to meet with them to gain the best understanding of the relevant circumstances and, using the list, schedule a meeting with each Knowledgeable Party accordingly (“Consultation”).
                            2. In addition, the Committee shall also identify and obtain any additional documentation that might further its understanding of the situation, which may include but not necessarily be limited to third-party contracts, program regulations, mission statements, information from previous years, etc. The Committee may also identify and carry out any additional interviews that might further its understanding of the situation, including but not limited to interviews with the student and University faculty and staff.
                            3. Each Consultation shall include, but not be limited to, the following questions to the extent relevant to that Knowledgeable Party’s role:
                            a. What is the nature of the “normal operation” of the program, service, or activity?
                            b. What are the stated objectives of the program, service, or activity?
                            c. Can the student be admitted to the program, service, or activity without significant changes? Changes are significant if they impair the objectives identified in (iv)3b, above.
                            d. What characteristics must participants possess in order to ensure the normal operations of the program, service, or activity and why?
                            e. Can the presence of these characteristics be reasonably approximated by the use of age? Is it impractical to measure these characteristics on an individual basis?

                            v. Individualized Deliberation: Taking into account the information collected from all available sources, and considering the goals/objectives of the program, service, or activity at issue, the characteristics participants must possess in order to ensure preservation of the Normal Operation of the program, service, or activity, whether the presence of these characteristics can be reasonably approximated by the use of age and/or whether it is impractical to measure these characteristics on an individual basis, the Committee shall make a final, reasoned and deliberative determination with respect to the use of age as a proxy for other characteristics necessary to the normal operation of the program or activity at issue.

                            Limiting access or participation will only be appropriate in those circumstances where the student’s age would require changes to the normal operation of the program, service, or activity and such changes would impair the program, service or activity’s ability to meet its stated objectives (as defined by the Knowledgeable Parties, or where other age-based distinctions and/or factors to be considered, other than age, are permitted by the Age Act. If the student’s age necessitates reasonable modifications that would not significantly impair the program, service or activity’s ability to meet its objectives, age will not be a reasonable basis upon which to exclude the student.

                            The Committee shall use the following analysis:
                            a. The Committee will gain an understanding of the Normal Operation of the program, service, or activity. In doing so, it will identify the goals/objectives of the program, service, or activity.
                            b. The Committee will gain an understanding of and identify the characteristics participants must possess in order to ensure preservation of the Normal Operation of the program, service, or activity and why these characteristics are needed.
                            c. The Committee will identify whether the presence of these characteristics can be reasonably approximated by the use of age and/or whether it is impractical to measure these characteristics on an individual basis.
                            vi. Decision: Following its investigation and deliberations, the Committee shall make one of the following determinations:
                            1. The student’s age would impair the University program, service, or activity’s ability to carry out its Normal Operation, in which case the student may be denied participation;
                            2. Age-based concerns could be alleviated with changes that would not impair the ability of the program, service, or activity to meet its objectives, in which case the student will not be denied participation; or
                            3. The student’s age will not impair the ability of the program, service or activity to meet its objectives, in which case the student will not be denied participation.

                            vii. Response: The Committee must provide a response no later than forty-five (45) days after the original request. If the Committee determines that the student’s age would not impact the University program, service, or activity’s ability to carry out its Normal Operation, it will inform the University official who submitted the request via email, copying in the supervisor and Age Act Coordinator (or designee).
                            If the Committee determines that the student’s age would impact the University program, service, or activity’s ability to carry out its Normal Operation and no reasonable modifications can be made without altering its objectives, it shall inform the student via email of the decision, copying in the original requestor, supervisor, and Age Act Coordinator (or designee). This notification shall also provide the student with notice of the University’s grievance procedures for prompt and equitable resolution of complaints alleging violations of the Age Act, as well as external reporting options.

                            V. Additional Standards
                            A. Documents created during or as a result of these meetings that directly identify a student are “education records” as defined by FERPA and thus, are subject to review by the student to whom they pertain, and protected from unauthorized disclosure.
                            B. Documents created during or as a result of these meetings that do not directly identify any students may be “public records” under the Connecticut Freedom of Information Act, and thus may be subject to public disclosure.
                            C. Upon conclusion of an inquiry, the Committee shall retain Final Records for 5 years after the original inquiry, in compliance with Connecticut State Record Retention Schedule S1-330 (Planning Studies).
                            D. The Committee shall review these policies and procedures every five years to ensure compliance with federal and state laws and institutional needs.

                            VI. Grievance Procedures:
                            A. Complaints of Age Discrimination may be filed internally, at the Office of Institutional Equity (OIE), by calling (860) 486-2943, by writing to OIE at the University of Connecticut; Wood Hall, 1st Floor, Unit 4175; 241 Glenbrook Road; Storrs, CT 06269-4175 or by emailing OIE at equity@uconn.edu.
                            B. Students also have the right to file a complaint with the Office of Civil Rights, within 180 days from the time the incident occurred at Office for Civil Rights, U.S. Department of Education; 8th Floor, 5 Post Office Square; Boston, MA 02109-3921.

                            Policy Created: December 7, 2011
                            Revised: July 7, 2014; November 1, 2019