Code Compliance for University Events and Projects, Policy on

April 7, 2022

Title:  Code Compliance for University Events and Projects, Policy on
Policy Owner: Division of University Safety
Applies to: The University workforce, students, others
Campus Applicability: All Campuses 
Effective Date: April 6, 2022
For More Information, Contact Fire Marshal and Building Inspector’s Office
Contact Information: buildinginspector@uconn.edu
Official Website: https://firemarshal.universitysafety.uconn.edu/ 

BACKGROUND

The Fire Marshal and Building Inspector’s Office (FMBIO) provides regular inspection, incident investigation, construction and/or event permitting, as well as consultation on matters relevant to design, construction, renovation, maintenance, and use of structures, systems, and related assets. CGS 29-252a (h) and State Building Code (SBC) 105.2.4 exempt a state agency from being required to obtain a building permit from the local building official, however, the University of Connecticut and the State Building Inspector have determined that any University of Connecticut work which is subject to building permit by the SBC shall be permitted through the Fire Marshal and Building Inspector’s Office.

PURPOSE

To provide a safe environment through the enforcement of building and fire safety codes in compliance with the University’s Memoranda of Understanding (MOU) with the Department of Administrative Services (DAS), Connecticut General Statutes and State Building Code.

DEFINITIONS

Workforce: Employees, volunteers, trainees, and other persons whose conduct, in the performance of work for the University, is under the direct control of the University, whether or not they are paid by the University.

POLICY STATEMENT

Members of the workforce, including contractors or subcontractors, who intend to perform any of the following must contact the FMBIO to determine if code compliance is applicable and if a permit is required:

  • construct, enlarge, alter, repair, move, demolish, or change the occupancy of a building or structure;
  • perform any work related to electrical, gas, mechanical or plumbing systems;
  • organize an indoor or outdoor event, activity, or assembly attended by fifty (50) or more people in a space outside the scope of its intended use[1], or that involves tents, pyrotechnics, amusement rides, open flames, cooking and/or heating food, or alcohol.

In addition to the above-listed instances in which FMBIO review is required, it is recommended that the University and its agents contact the building inspector regarding all work to buildings and structures before that work commences.

ENFORCEMENT

Violations of this policy may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the Student Code.

PROCEDURES

Contact the FMBIO prior to initiating work or organizing events, activities or assemblies attended by fifty (50) or more people.

The building inspector may make a determination as to whether proposed work is subject to a building permit based on submission of a brief description of the work. If a review of the State Building Code determines that a building permit is not required for the proposed work, a letter indicating such will be returned with the submitted documents.

The Fire Marshal may make a determination regarding whether indoor or outdoor events, activities, or assemblies of 50 or more people require a permit based on submission of a brief description of the activity.

REFERENCES

CGS Chapter 541 Part II

CGS 29-252a

POLICY HISTORY

Policy created: April 06, 2022 [Approved by President’s Senior Policy Council

Revisions:

[1] Existing spaces are permitted and approved for specific capacity and intended use during construction. Therefore, when any space of an existing building is used as it was originally intended, a new permit is not required (e.g., holding a class in a classroom). If an activity is planned in a space that requires increased capacity or added features such as enhanced technology, lighting, installation of a stage, amplification of sound, use of displays, etc., then a permit is required.

Recruitment of Students, Policy On

September 22, 2021

Title:  Recruitment of Students, Policy On 
Policy Owner: The Division of Enrollment Planning & Management 
Applies to: University Employees, Volunteers, Trainees and Others 
Campus Applicability: All Campuses 
Effective Date: August 23, 2021
For More Information, Contact Office of the Vice President for Enrollment Planning & Management 
Contact Information: (860) 486-1463 
Official Website: https://epm.uconn.edu/

PURPOSE

To ensure compliance with federal laws and regulations regarding ethical recruitment and enrollment activities conducted at the University. Specifically, Section 487(a)(20) of the Higher Education Act (HEA) and its implementing regulations at 34 C.F.R. 668.14, as well as the University’s Memorandum of Understanding with the Department of Defense.

APPLIES TO

Employees, volunteers, trainees, and other persons whose conduct, in the performance of work for UConn, is under the direct control of UConn, whether or not they are paid by UConn. 

DEFINITIONS

Commission, Bonus, Incentives means a sum of money or something of value, other than a fixed salary or wages, paid to or given to a person or an entity for services rendered.  

Securing enrollments or the award of financial aid means activities that a person or entity engages in at any point in time through completion of an educational program for the purpose of the admission or matriculation of students for any period of time or the award of financial aid to students.

These activities include contact in any form with a prospective student, such as, but not limited to – contact through preadmission or advising activities, scheduling an appointment to visit the enrollment office or any other office of the institution, attendance at such an appointment, or involvement in a prospective student’s signing of an enrollment agreement or financial aid application.

These activities do not include making a payment to a third party for the provision of student contact information for prospective students provided that such payment is not based on: (1) any additional conduct or action by the third party or the prospective students, such as participation in preadmission or advising activities, scheduling an appointment to visit the enrollment office or any other office of the institution or attendance at such an appointment, or the signing, or being involved in the signing, of a prospective student’s enrollment agreement or financial aid application; or (2) the number of students (calculated at any point in time of an educational program) who apply for enrollment, are awarded financial aid, or are enrolled for any period of time, including through completion of an educational program. 

“Entity or person engaged in any student recruitment or admission activity or in making decisions about the award of financial aid” means (1) with respect to an entity engaged in any student recruitment or admission activity or in making decisions about the award of financial aid, any institution or organization that undertakes the recruiting or the admitting of students or that makes decisions about and awards Title IV, HEA program funds; and (2) with respect to a person engaged in any student recruitment or admission activity or in making decisions about the award of financial aid, any employee who undertakes recruiting or admitting of students or who makes decisions about and awards Title IV, HEA program funds, and any higher level employee with responsibility for recruitment or admission of students, or making decisions about awarding Title IV, HEA program funds. 

Enrollment means the admission or matriculation of a student into an eligible institution. 

Inducement means any gratuity, favor, discount, entertainment, hospitality, loan, transportation, lodging, meals, or other item have a monetary value or more than a de minimis amount to any individual, entity, or its agents including third party lead generators or marketing forms. 

Service Member means a current or former member of the uniformed services which includes (a) the armed forces; (b) the commissioned corps of the National Oceanic and Atmospheric; and (c) the commissioned corps of the Public Health Service. 

POLICY STATEMENT

The University of Connecticut prohibits the award of any commission, bonus or other incentive payment based in any part, directly or indirectly, upon success in securing enrollments or the awarding of financial aid, to any person or entity who is engaged in any student recruitment, admission activities, or making decisions regarding the awarding of financial assistance.   In accordance with the HEA, this restriction does not apply to the recruitment of foreign students residing in foreign countries who are not eligible to receive Federal student assistance. 

In addition, in accordance with the Department of Defense Memorandum of Understanding, the University will refrain from high-pressure recruitment tactics aimed at Service Members, which includes making multiple unsolicited contacts (3 or more) including contacts by phone, email, or in-person, and engaging in same-day recruitment and registration for the purpose of securing Service Member enrollments. 

ENFORCEMENT
Violations of this policy or associated procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, and applicable collective bargaining agreements.

PROCEDURES/FORMS
Contact the Division of Enrollment Planning and Management with questions 

POLICY HISTORY

Policy created effective: August 23, 2021 [Approved by President’s Senior Team]

Revisions:  November 11, 2021 [Approved by the President]

 

Endpoint Device Security Policy, Information Technology

August 30, 2021

Title: Endpoint Device Security Policy, Information Technology
Policy Owner: Information Technology Services / Chief Information Security Officer
Applies to: All faculty, staff, student employees, affiliates, and volunteers
Campus Applicability: All UConn Campuses, except UConn Health
Approval Date: March 4, 2026
Effective Date: March 9, 2026
For More Information, Contact: UConn Information Security Office
Contact Information: techsupport@uconn.edu or security@uconn.edu
Official Website: https://security.uconn.edu

BACKGROUND

Endpoints are important tools for the University, and their use is supported to advance the mission of the university. Endpoints also represent a significant risk to information and data security. If appropriate security measures and procedures are not applied, endpoints can serve as a conduit for unauthorized access to University data and IT resources that can subsequently lead to data leakage and a path for compromise of other systems.

PURPOSE

To ensure data and information systems security by establishing requirements for endpoint devices.

APPLIES TO

This policy applies to all University faculty, staff, student employees, and volunteers who use endpoint devices to access any non-public IT resources owned or managed by the University.

DEFINITIONS

IT Resources: Includes systems and equipment, software, and networks. Systems and equipment include but are not limited to computers, hard drives, printers, scanners, video and audio recorders, cameras, photocopiers, and other related devices. Software includes but is not limited to computer software, including open-source and purchased software, and all cloud-based software, including infrastructure-based cloud computing and software as a service. Networks include but are not limited to all voice, video, and data systems, including both wired and wireless network access across the institution.

Endpoint: Physical device that connects to and exchanges information with a computer or telecommunications network, often acting as the interface between a human user and the network, including but not limited to, desktops, laptops, tablet computers, and smartphones. Endpoints do not host services for other endpoints.

Confidential Data: Institutional information protected by law, government regulations, statutes, industry regulations, contractual obligations, or specific university policies.

POLICY STATEMENT

University of Connecticut faculty, staff, student employees, affiliates, and volunteers who use endpoints, whether University-owned, externally owned, or personally owned, are responsible for any institutional data that is stored, processed, and/or transmitted via an, endpoint, mobile, or remote device and for following the security requirements set forth in this policy.

To adequately protect the data and information systems of the University, all individuals covered under this policy are expected to meet the following requirements:

Endpoint Security Requirements

  • Configure the device to require a password meeting the requirements set forth in the University Password Standard (https://security.uconn.edu/password-standards/), biometric identifier, PIN (minimum of 6 characters), or swipe gesture (minimum of 6 swipes) to be entered before access to the device is granted. Device must automatically lock and require one of the authentication methods after no more than 15 minutes of idle time.
  • Keep devices on currently supported versions of the operating system and remain current with all published operating system and software patches.
  • Enable and appropriately secure the device’s remote wipe feature to permit a lost or stolen device to be securely erased.
  • Securely store the device when not in use to minimize loss via theft or accidental misplacement.
  • Ensure internal hardware and external peripherals, including but not limited to USB devices, external storage, scanners, input devices, and displays, are manufacturer supported and compatible with the installed operating systems and other installed software.
  • Except when being actively used, confidential information on endpoint devices must at all times be encrypted through a mechanism approved by the University. Whole drive or whole device encryption may be deployed to meet this requirement.
  • Endpoints must have software enabled and running to identify, protect, and respond to any threats to the data or operating systems of the devices. University owned endpoints must be enrolled in the university-supported endpoint detection and response (EDR) platform.
  • University owned endpoints must have Mobile Device Management software installed and enabled to facilitate device protection, including remote wipe and, if possible, device location technology for recovery. Personal devices should be configured to enable these features where possible.

Wherever practical, elements of these requirements will be enforced via centrally administered technology controls.University owned devices that are unable to meet these requirements must go through a security assessment prior to their use.

STORAGE OF CONFIDENTIAL DATA

In general, Confidential Data should not be stored on endpoints. However, in certain instances and depending on job responsibilities, this may be unavoidable. In these instances, Confidential Data must be stored ONLY on university-owned devices configured in compliance with this policy.

DEVICE DECOMMISSION OR SEPARATION FROM THE UNIVERSITY

When endpoints, including personally owned devices that may have had access to University resources or data, are no longer used, and sold, donated, given, placed in the control of or otherwise transferred to anyone else, the device owner is responsible for ensuring that any University information is securely deleted from the device, including University-related e-mails/accounts, user ID and password, or other cached credentials used to access University systems.

In the event of separation from the University, it is the employee’s responsibility to delete any University-related e-mail accounts or University licensed software that may have been installed on personal endpoints, devices, or computers.

EXCEPTIONS

In certain instances, there may be a justifiable business need to operate a device that is not in compliance with this policy. In these instances, users must work with the Information Security Office to request evaluation of an exception to this policy. Exceptions are reviewed on a case-by-case basis and are approved at the discretion of the Chief Information Security Officer based on justifiable business need and assessed risk. Exceptions must be reviewed and approved prior to implementation of any solution that does not fully comply with this policy.

ENFORCEMENT

Violations of this policy and any related procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Code.
Questions about this policy or suspected violations may be reported to any of the following:

Office of University Compliance –  https://compliance.uconn.edu (860-486-2530)

Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357)

Information Security Office – https://security.uconn.edu

REFERENCES

Data Classification Policy

POLICY HISTORY

Policy created: August 30, 2021 (Approved by President’s Senior Team)

Revisions: March 4, 2026 (Approved by the Senior Policy Council and President)

System and Application Security Policy

Title: System and Application Security Policy
Policy Owner: Information Technology Services / Chief Information Security Officer
Applies to: University Workforce Members
Campus Applicability: All UConn Campuses, except UConn Health
Approval Date: March 4, 2026
Effective Date: March 9, 2026
For More Information, Contact: UConn Information Security Office
Contact Information: techsupport@uconn.edu or security@uconn.edu
Official Website: https://security.uconn.edu

PURPOSE

To ensure the security of university data and systems by establishing requirements for the proper maintenance and oversight of systems and applications used by university constituents.

APPLIES TO

This policy applies to all workforce members responsible for operating or overseeing any University system or application, whether on premise or in the cloud.

DEFINITIONS

Academic / Research System: A system whose primary responsibility relates to individual academic work or research.

Administrative System: Any system that is used in support of the operation of the university excluding individual Academic / Research Systems.

ISO: Information Security Office

ITS: Information Technology Services

IT Professional: An individual (staff) who is trained and skilled in using technology to solve business problems coupled with assigned job duties in support of technology at the university. This must be a defined responsibility within the position job description and may not fall under “other duties as assigned.” Appropriate training, support, and budget must also be available in support of the IT Professional role.

Local Network: Network of computers and devices logically located on the same subnet.

Software as a Service (SaaS): Cloud-based service that is delivered via the web based on either a monthly or annual subscription.

Platform as a Service (PaaS): Cloud-based service that provides a platform allowing for the development of software using an established framework to improve development time and management of cloud services.

Personally Identifiable Information (PII): Information that either singularly or in conjunction with other data elements could reasonably lead to the identification of specific individuals.

System Owner: The individual – such as a faculty member, department head, manager, or other employee – who is responsible for the planning and operation of the service. All systems must have a designated system owner.

Vendor Risk Management (VRM): The process of identifying, assessing, and mitigating risks associated with third-party suppliers and service providers. It ensures that vendors meet security, compliance, and operational standards before and during their engagement with the University.

POLICY STATEMENT

The proper management, maintenance, and support of systems and applications is critical to protecting the data they store or process from a confidentiality, integrity, and availability perspective.

System Ownership

All systems, including cloud-based systems, supporting any aspect of the University must have an identified owner and responsible party for ensuring the implementation and operation of the controls specified in this policy.

All software and services used to process University information are subject to an Information Security review and sign off prior to their purchase or development. Information security reviews will evaluate specific risks and controls available and necessary based on the information being processed. The System Owner will be responsible for the deployment of the agreed upon security controls prior to enabling the production capability of the system or application. Maintaining security best practices is an ongoing and evolving responsibility; the System Owner shall implement additional security controls consistent with best practice, regulatory requirements, or as directed by the Information Security Office during the lifecycle of the system, server, software, or service.

System Access

Access to information in the possession of or under the control of the University must be provided on a need-to-know basis. Information must be disclosed only to individuals who have a legitimate and approved need for the information. Access to functionality shall be configured on the basis of least privilege and granted only where approved for a legitimate business purpose.

Systems and applications shall employ best practices for authentication and authorization. System Owners are responsible for maintaining documentation of their system access controls. The use of University Single Sign On (SSO) is required unless impractical or impossible.

Information may only be used for its intended purpose, and other uses of University information without the approval of the data owner is prohibited.

System access shall be reviewed and altered (if applicable) as soon as possible when a relevant change in an individual’s status occurs, including but not limited to, change of role, transfer, promotion, termination, or separation.

When an individual requires continued access to an existing system following a change of status, any access that is no longer required must be removed.

Any shared/service accounts, encryption keys, or shared secrets that the individual had access to must have their passwords or private keys rotated following the status change unless the System Owner determines that continued access is required.

User Management

Information Technology Services (ITS) provides a centralized user identity and access management platform (IAM) that supports identity validation and access management using a NetID and password. UConn NetID provides for single sign on (SSO) across multiple systems. Systems and applications that rely on the University IAM platform to authenticate individuals may rely on UConn NetID for user management. System Owners are always responsible for assigning and managing roles within the system or application.

Owners of systems and applications that cannot use the central IAM solution shall develop a formal, written plan which, at minimum, defines or identifies the following:

  • The individual(s) responsible for creating, modifying, and deleting user accounts.
  • Process and responsibility for regularly reviewing system access. System access reviews must be performed when configured users separate from the University, and not less than annually.
  • Password/multi-factor authentication requirements and reset procedures. Multi-factor authentication is required for all systems.
  • Process for validating a person’s identity when password or multifactor reset or account changes are requested.

The authentication management plans and any plan revisions must be submitted to the Information Security Office for review and approval.

Software Maintenance

Only necessary software should be loaded on systems, and old versions of software removed. The use of web browsers and other individual productivity tools should be limited to the management of the system only.

Patching, Maintenance, and Vulnerability Management

System Owners must ensure the timely implementation of patches and required maintenance in accordance with the University’s vulnerability management standards and vendor provided guidance in order to provide for the confidentiality, integrity, and availability of the systems or data. Maintenance is considered required when the change is necessary to remediate a vulnerability, maintain the availability of a system, or align with updated industry best practices. The ongoing maintenance of systems and applications, including software and configuration maintenance, must be minimally scheduled on a quarterly basis. This includes on-premises, vendor-hosted, and cloud-hosted applications. It is the UConn System Owner’s responsibility to ensure that systems under their control remain in compliance with this policy, even when the system is managed or hosted externally.

System and Application Lifecycle Management

System Owners are responsible for the planning of and budgeting for system maintenance and obsolescence. Any system or application that is no longer supported by the vendor or is replaced by newer technology should be decommissioned as soon as possible.  The decommissioning process must include the proper retirement of any physical hardware or virtual images and the proper destruction of any media (e.g., hard drives, tapes, etc.) that may have data. Cloud services that are decommissioned should ensure the proper handling of any data (return and/or destruction) in the cloud vendor’s possession as part of the contract cancellation.

Software as a Service (SaaS) / Platform as a Service (PaaS)

Patching and maintenance of cloud-based SaaS and PaaS systems is typically handled by the contracted vendor. System Owners are responsible for proper security configurations and user management associated with providing the service. A Vendor Risk Management review is necessary for all newly procured cloud-based services.

Infrastructure as a Service (IASS)

IaaS provides a significant amount of flexibility in the configuration and use of the platform. This requires specific expertise and management by an IT Professional. Where applicable, IaaS solutions must meet the same requirements as Administrative Systems.

Administrative System and Application Security

Administrative systems, due to their complexity, must be managed by an IT Professional. System Owners are responsible for ensuring they have the administrative and technical resource capacity to support this requirement.

Administrative Systems will be required to adhere to all regulatory requirements and meet security controls and  standards as set forth by the Information Security Office based on institutional requirements.

Encryption

All systems housing administrative data shall be configured to provide encryption for all data in transit and all data at rest. Where possible, the encryption keys necessary to decrypt the data should reside outside of the system and/or application.

Auditing of Systems and Application Logs

System and application logs shall be reviewed for inappropriate access on a regular basis (at least monthly) or via automated systems capable of detecting misuse through the analysis of frequent password failures, geographic anomalies, or inappropriate access attempts. ITS maintains a centralized logging and reporting platform, which can assist in the analysis of large amounts of data often associated with system and application logs. All Administrative Systems (regardless of hosting platform) and all centrally hosted systems must be configured to log both application and security events to the centralized logging and reporting platform.

Mandatory Reporting

All suspected policy violations, system intrusions, and other conditions that might jeopardize University information or information systems must be immediately reported to the Information Security Office.

EXCEPTION MANAGEMENT

The Information Security Office shall maintain a risk-based exception management program and shall review and document any requests for exceptions to this policy. The Information Security Office shall, in its sole discretion, approve or deny requested exceptions and may require mitigating controls for any approved exception.

System and application owners shall contact the Information Security Office to initiate the exception review process when it is not possible to comply with this policy.

ENFORCEMENT

Systems and applications found to be non-compliant with this policy may be administratively shut down or have their access restricted. Systems maintained at the departmental or individual level may incur costs in association with enabling the proper protections or in the event of data exposure.

Violations of this policy and any related procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Code.

PROCEDURES/FORMS

Questions about this policy or suspected violations may be reported to any of the following:

Office of University Compliance –  https://compliance.uconn.edu (860-486-2530) or UConn Reportline (1-888-685-2637)

Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357)

Information Security Office – https://security.uconn.edu

POLICY HISTORY

Policy created: August 30, 2021 (Approved by President’s Senior Team)

Revisions:
August 30, 2023 (Approved by the Senior Policy Council and the President)
March 4, 2026 (Approved by the Senior Policy Council and President)

Network Access Policy, Information Technology

Title: Network Access Policy, Information Technology
Policy Owner: Information Technology Services / Chief Information Security Officer
Applies to: Workforce Members, Students, and Guests
Campus Applicability: All UConn Campuses, except UConn Health
Approval Date: March 4, 2026
Effective Date: March 9, 2026
For More Information, Contact: UConn Information Security Office
Contact Information: techsupport@uconn.edu or security@uconn.edu
Official Website: https://security.uconn.edu

PURPOSE

The University invests significantly in maintaining a secure network that meets the academic, research, residential, and administrative needs of the institution. To ensure compliance with applicable Federal and State laws and regulations and  protect the campus network , certain security, performance, and reliability requirements must govern the operation of these networks.

APPLIES TO

This policy applies to all University workforce members,  students, and guests who have access to University Networks.

DEFINITIONS

University Network: The university network is comprised of the network hardware and infrastructure and the services to support them, from the data jack or wireless access point to the University’s Internet Service Provider’s (ISP) connection. The university network begins at the connection to the network (wired or wireless) and ends where we connect to the Internet.

Wired Network: The wired network consists of the physical cabling, infrastructure, and management systems that provide physical network access via an ethernet or fiber optic cable.

Wireless Network:  The wireless network consists of access points (connected to the wired network), wireless spectrum, and management systems that provide services via the UConn provided wireless networks, including UConn Secure, Guest, EDUROAM, and other specialty networks.

POLICY STATEMENT

The University Network (wired & wireless) is an essential resource for the University of Connecticut students, faculty, staff, and guests. The University Network provides a variety of critical services that meet the academic, administrative, research and residential needs of the University. Due to the complex nature of the University’s network, Information Technology Services (ITS) is responsible for the overall design, installation, coordination and operation of the University’s network environment.

Wired Networks

  • The wiring and electronic components of the network are deemed part of the basic infrastructure and utility services of the University. Installation and maintenance of that network are to be considered part of the “up front” basic required building and renovation costs and are not considered discretionary options in construction and renovation design.
  • Standards for the network wiring, electrical components, and their enclosures are defined by Information Technology Services (ITS), subject to Building and Grounds (B&G) oversight and are considered part of the University’s “building code” to which installations must conform.
  • Upgrades to our campus network will be done as part of a university-wide Network Master Plan.  This Network Master Plan will be coordinated with the University’s Building Master.
  • UConn Information Security and ITS Network Engineering operate the network security layer through firewalls, VPNs and other technologies. Units are required to work with these groups when implementing solutions involving secured networks or network segments. Units operating local firewalls and/or VPNs must give UConn Information Security and ITS Network Engineering administrative access to these devices and access into protected networks for visibility, security and diagnostic purposes. Information Security and ITS Network Engineering retain discretionary disconnect authority over all network connections.
  • Units proposing to design, install, maintain, or extend data or telecommunications networks must give ITS Network Engineering and Information Security access to/through these devices into the active network segments. This will give Network Engineering the ability to see beyond the secure points of the network for diagnosing problems potentially affecting the overall network.
  • Units wishing to design, install and maintain their own network must have their designs reviewed by ITS Network Engineering. All installations must conform to the standards set forth in the Telecommunications Design Standards published on the University Planning, Design and Construction Resources and Information page (https://updc.uconn.edu/contractors-working-at-uconn/). The requesting entity must submit technical specifications of the equipment to be used in the project, along with the logical and physical design maps, for ITS approval to ensure network compatibility and service conformance. ITS Network Engineering will provide the department with an approval letter, which can be submitted to Purchasing with the purchase request.  This requirement extends to all data and telecommunications networks operated or to be operated on any UConn campus or property (except those under the oversight of the Health Center), or operated or to be operated for any UConn purpose, whether or not the proposal includes connecting to or interconnecting with the main UConn networks or telecommunications systems

Wireless Networks 

  • The addition of new wireless access points on the University Network must be coordinated and approved by ITS.  Wireless performance is impacted by the architectural features, building materials, and furnishings of a contemporary workspace.  Construction and renovation projects must be coordinated with ITS and include funding for additions or adjustments required to optimize performance and serviceability of impacted wireless access points and systems.
  • On an exception basis, departments and individual faculty may install and manage wireless access points for specific programmatic needs. These locally administered wireless access points must be registered and coordinated with ITS prior to deployment to prevent radio frequency (RF) interference on either wireless network.  At least one individual in the requesting department must be designated as the official contact for the access point.  The official contact is responsible for the data and network traffic that traverses through the access point and appropriate access control and security configuration, as well as the regular maintenance, software updates, and replacement.
  • Any devices either not part of or that cause significant RF interference with the University wireless network will be considered a “rogue” access point or device.  ITS will pursue all reasonable efforts to contact the owner of the rogue device, and if necessary, may disable or disconnect them from the University Network. This includes devices and equipment that operate in the frequency ranges occupied by the University Wi-Fi network.

ENFORCEMENT

Violations of this policy and any related procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Code.

PROCEDURES/FORMS

Questions about this policy or suspected violations may be reported to any of the following:

Office of University Compliance –  https://compliance.uconn.edu (860-486-2530)

Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357)

Information Technology Services CIO – https://cio.uconn.edu

POLICY HISTORY

This policy replaced the Wireless Network Policy (05/15/2006) and Physical Network Access Policy (11/18/2008).

Policy created: August 30, 2021 (Approved by President’s Senior Team)

Revisions: March 4, 2026 (Approved by the Senior Policy Council and President)

Firewall Policy

Title: Firewall Policy
Policy Owner: Information Technology Services / Chief Information Security Officer
Applies to: All students, faculty, and staff responsible for configuring firewalls
Campus Applicability: All UConn Campuses, except UConn Health
Approval Date: February 20, 2026
Effective Date: March 9, 2026
For More Information, Contact: UConn Information Security Office
Contact Information: techsupport@uconn.edu or security@uconn.edu
Official Website: https://security.uconn.edu

PURPOSE

To ensure a common set of firewall configurations across the organization to maximize their protection and detection capabilities in support of the University’s information security. Firewalls provide a valuable protection and detection capability for the organization when properly configured, managed, and monitored.

APPLIES TO

This policy applies to all University faculty, staff, students, student employees, volunteers, and contractors who have responsibility for controlling or configuring firewalls.

DEFINITIONS

EOL: End of Life

EOS: End of Support

IANA: Internet Assigned Numbers Authority

POLICY STATEMENT

The University operates in a highly flexible and adaptive security environment to meet its academic, research, and administrative missions. While the ability to adapt to meet the ever-changing needs of the University is important, oversight and reporting of firewall activities are critical to the successful protection and operation of the University environment. The following firewall requirements must be satisfied:

Firewall Configuration Standards

  • All firewalls must be properly maintained from a hardware and software perspective. This includes proper lifecycle planning for EOL and EOS software/hardware and regular review (at least annually) of firewall rulesets.
  • All dedicated firewalls used in production must follow the University firewall management standard, which includes the ability to review currently configured firewall rules across the organization, identification of shadow or redundant rules and rules in conflict, and standardization of device/object names.
  • Firewall rulesets and configurations must be backed up frequently to alternate storage (not on the same device). Multiple generations must be captured and retained in order to preserve the integrity of the data, should restoration be required. Access to rulesets, configurations and backup media must be restricted to those responsible for administration and review.

Firewall Rules

Firewall rules specify (either allow or deny) the flow of traffic through the firewall device. Firewall rules are typically written based on a source object (IP address/range, DNS Name, or group), destination object (IP address/range, DNS Name, or group), Port/Protocol and action.

  • All firewall implementations should adopt the principal of “least privilege” and deny all inbound traffic by default. The ruleset should be opened incrementally to only allow permissible traffic.
  • Outbound traffic should be enumerated for data stores, applications, or services
  • Overtly broad rules may be allowed for specific groups of individuals (not systems). Approval must be granted by the Chief Information Security Officer or their designee.
  • The use of overly permissive firewall rules is prohibited (i.e., ANY/ANY/ALL rules).
  • Protocols defined in services and in the firewall must utilize Service Name and Protocol/Port information as assigned by IANA, unless there is a technical reason to do otherwise other than “security through obscurity” and must be commented appropriately in the ruleset.

Firewall Logging

Firewall log integrity is paramount to understanding potential threats to the network. Firewall devices must log the following data to a system outside of the physical firewall itself and must be regularly reviewed at least monthly or programmatically through automated means. Firewall logs may be forwarded to the ISO SIEM for retention and analysis.

The following items must be logged as part of the operation of the firewall:

  • All changes to firewall configuration parameters, enabled services, and permitted connectivity
  • Any suspicious activity that might be an indicator of either unauthorized usage or an attempt to compromise security measures

ENFORCEMENT

Violations of this policy and any related procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Code.

PROCEDURES/FORMS

Questions about this policy or suspected violations may be reported to any of the following:

Office of University Compliance –  https://compliance.uconn.edu (860-486-2530)

Information Technology Services Tech Support –  https://techsupport.uconn.edu (860-486-4357)

Information Security Office – https://security.uconn.edu

REFERENCES

Internet Assigned Numbers Authority

POLICY HISTORY

Policy created: August 30, 2021 (Approved by President’s Senior Team)

Revisions: February 20, 2026 (Approved by the Senior Policy Council)

Effort on Sponsored Program Activities, Policy on

January 29, 2020

Title: Effort on Sponsored Program Activities
Policy Owner: Office of the Vice President for Research, Sponsored Program Services
Applies to: All Faculty, Staff, and Students
Campus Applicability: All campuses
Effective Date: January 24, 2020
For More Information, Contact Office of the Vice President for Research, Sponsored Program Services
Contact Information: 860-486-3622 (Storrs and regional campuses)

860-679-4040 (UConn Health)
Official Website: https://ovpr.uconn.edu (Storrs and regional campuses)

https://ovpr.uchc.edu (UConn Health)

REASON FOR POLICY

Effective January 5, 2001 by Presidential Review Directive and clarification memo issued by the Office of Management and Budget (OMB) to 2 CFR Part 220 (as codified from Circular A-21) and most recently OMB Uniform Guidance 2 CFR Part 200, it is expected that “most Federally-funded research programs should have some level of committed faculty (or senior researchers) effort, paid or unpaid by the Federal government. This effort can be provided at any time within the fiscal year (summer months, academic year, or both).” The clarification memo also states that, “…Some types of research programs…do not require committed faculty effort, paid or unpaid by the Federal government…

The National Institutes of Health (NIH) Grants Policy Statement asserts that “‘zero percent’ effort or ‘as needed effort’ is not an acceptable level of involvement for ‘key personnel.’

The National Science Foundation revised its policy effective January 18, 2011 stating that except when required in an NSF solicitation, inclusion of voluntary committed effort cost sharing is prohibited.

APPLIES TO

All faculty, staff, and students at the University of Connecticut and all regional campuses, and UConn Health (“University”).

DEFINITIONS

University Effort: The portion of ‘total professional effort’ that comprises one’s professional/professorial workload at UConn for which the employee is compensated.  This includes activities such as research, instruction, other sponsored activities, administration, non-sponsored/departmental research, university service, competitive proposal preparation and clinical activities.

Committed Effort: Any part of ‘University effort’ that is quantified and included in a sponsored program proposal and/or the subsequent award (e.g., two summer months, 12% time, one half of a year, three person-months, etc.).  This quantified effort/time is associated with the specific dollar amount of the employee’s compensation and may be in the form of:

Direct Charged Effort:  Any portion of ‘committed effort’ toward a sponsored activity for which the sponsor pays salary/benefits.

Cost Shared Effort:  Any portion of ‘committed effort’ toward a sponsored activity for which the sponsor does not pay salary/benefits, which instead are paid using other, non-federal, or UConn sources.

Uncommitted Effort: Any portion of ‘University effort’ devoted to a sponsored activity that is above the amount committed in the proposal and/or the subsequent award.  This ‘extra’ effort is neither pledged explicitly in the proposal, progress report or any other communication to the sponsor nor included in the award documentation as a formal commitment. This effort must be paid by non-sponsored University sources.

POLICY STATEMENT

This policy establishes the effort requirements for sponsored programs.

Federal Sponsored Awards:

Investigators are expected to propose some level of sponsor supported effort or the minimum required by the program on proposals on which they are listed as Principal Investigator, Co-Principal Investigator, Co-Investigator or other roles as required by the sponsor unless specifically exempted by the sponsor.  (Examples of exceptions to the minimum proposed effort requirement would possibly include doctoral dissertations, equipment and instrumentation grants, travel grants, and conference awards.)  If an award is accepted, these personnel are committed to providing this level of effort, either through direct charge or cost shared effort, over the annual budget period of the award unless sponsor policies permit otherwise.

The minimum amount of effort committed to a specific federally sponsored research activity may be no less than 1% of the employee’s ‘University effort’ during some portion of the sponsored award or the minimum amount required by the sponsor.  Notwithstanding the foregoing and in accordance with OMB Clarification Memo, at least 1% of a senior faculty (or researcher) effort must be devoted to the project throughout the life of the award.

Non-Federal Sponsored Awards: 

University of Connecticut and Regional Campuses: The University does not require a minimum amount of effort except in cases required by the sponsor. However, Principal Investigators must ensure they have time available to complete the project that does not overlap or conflict with their effort commitments to other sponsors or their University responsibilities.

UConn Health Campus:  The minimum amount of effort committed to a specific non-federal sponsored activity may be no less than 1% of the employee’s ‘University effort’ during some portion of the sponsored award or the minimum amount required by the sponsor.

All Sponsored Awards:

Beyond the minimum amounts specified above, the specific amount of effort committed to a particular sponsored activity is left to the judgement of the individual devoting effort to the project and the Principal Investigator/Project Director, based on his or her estimate of the effort necessary to conduct the project.

Prior sponsor approval for a decrease in effort must be obtained prior to a reduction in effort if and when sponsor approval is required as determined by the sponsor’s terms and conditions.

ROLES AND RESPONSIBILITIES

Principal Investigator:

  1. The Principal Investigator is responsible for ensuring that the minimum level of effort required by this policy, 2 C.F.R. Part 200 (federal awards) and the requirements of the sponsor are met.

All Faculty and Investigators:

  1. Devote time commensurate with effort on each project, ensure that the effort does not conflict with commitments to other sponsors or University responsibilities and is in accordance with University policy.

Department Administrators/Fiscal Officers:

  1. Regularly review faculty/investigator effort on sponsored awards to ensure it meets with the requirements of this policy.
  2. Inform Sponsored Program Services if effort commitments may not be met.

Sponsored Program Services:

  1. Provide guidance and assistance to faculty, investigators and department administrators on this policy.
  2. Review changes to payroll allocations (UConn Health Campus) and effort reports (University of Connecticut and Regional Campuses).

 
ENFORCEMENT

Violations of this policy or associated procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, the University of Connecticut Student Code, other applicable University Policies, or as outlined in any procedures document related to this policy.

PROCEDURES/FORMS

Related Information:

See NSF Cost Sharing Policy Guidance

POLICY HISTORY

Policy created:

Approved by the President’s Cabinet on 09/12/2019. This new policy combines two previous policies at Storrs and UConn Health.

History: 

Storrs Policy, “Minimum Effort on Sponsored Program Activities”, created on 3/1/2013 and revised on 7/7/2015, as approved by the Vice President for Research

UCH Policy 2008-05, “Senior/Key Personnel & Committed Effort”, created on 12/16/08 and revised on 10/8/13

Cost Sharing Policy

Title: Cost Sharing
Policy Owner: Office of the Vice President for Research, Sponsored Program Services
Applies to: All Faculty, Staff, and Students
Campus Applicability: All campuses
Effective Date: January 24, 2020
For More Information, Contact Office of the Vice President for Research, Sponsored Program Services
Contact Information: 860-486-3622 (Storrs and regional campuses)

860-679-4040 (UConn Health)
Official Website: https://ovpr.uconn.edu (Storrs and regional campuses)

https://ovpr.uchc.edu (UConn Health)

REASON FOR POLICY

This policy is to meet the requirements of the Office of Management and Budget (OMB) Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (“Uniform Guidance”) and federal agency policies and procedures. Non-federal sponsor cost share requires similar diligence to recognize the commitment and maintain appropriate documentation of its performance. Therefore, all committed cost sharing is subject to this policy.

APPLIES TO

All faculty, staff, and students involved in the administration of sponsored programs at the University of Connecticut and all regional campuses, and UConn Health (“University”).

DEFINITIONS

Cost sharing – the specific portion of project costs that are funded by the University rather than the sponsor in support of a sponsored program. Cost sharing represents payroll and other project costs that University and/or other project participants contribute to or match through the expenditure of funds or through in-kind contributions.

Cash contributions – a type of cost sharing that requires additional funding that can be documented in the accounting system. Examples include the purchase of a piece of equipment, or the allocation of compensated faculty or staff time, paid for by University funds.

In-kind contributions – non-cash contributions donated to the project.

Mandatory Cost Share – cost sharing required by the sponsor in order for an award to be made. Such requirements are generally incorporated in the funding opportunity announcements or solicitations, or required by federal statute and included as part of the proposal.

Voluntary Committed Cost Share – represents a cost sharing commitment made in the budget, budget justification, or identified elsewhere in the proposal that is not required by the sponsor. This type of cost sharing must be tracked and may need to be reported. Examples of this include a percentage of effort of faculty in a proposal for which compensation was not requested, or the purchase of equipment for the project for which sponsor funds have not been requested.

Voluntary Uncommitted Cost Share – represents a cost or contribution made to the project and not funded by the sponsor, which has not been identified in the proposal or in any other communication with the sponsor. This type of cost sharing does not have to be tracked or reported to a sponsor. An example is academic year effort on a project for which only summer salary was proposed.

Salary Limitation/Salary Cap – limitation imposed by the sponsor (e.g., DHHS salary cap) on the amount or rate of salary and/or of fringe benefits that can be charged to the project. Although the University may cover the difference between the limitation and the actual cost, this is not considered cost sharing and it is not tracked as cost sharing by the University.

POLICY STATEMENT

Expenditures must meet the standard terms and conditions of the award to be cost share. The costs are allowable in accordance with Uniform Guidance when they are:

  • Verifiable from the recipient’s records;
  • Not included as contributions for any other federally-assisted sponsored project or program;
  • Necessary and reasonable for proper and efficient accomplishment of project objectives;
  • Not paid by the Federal Government under another award, except where authorized by federal statute to be used for cost sharing or matching; and
  • Provided in the approved budget when required by the federal awarding agency.

The review and approval of all cost sharing is the responsibility of the unit providing the cost sharing and Sponsored Program Services. Mandatory and Voluntary Committed cost sharing must be approved prior to submission of the proposal to the sponsor, and must be in conformance with the award terms and conditions, the Uniform Guidance in the case of federally sponsored projects, federal and state law and University policy. Mandatory and Voluntary Committed cost sharing must be tracked by the University and reported to the sponsor (if required by the terms of the award).

The funding of cash cost sharing is the responsibility of the unit that has made the commitment. The PI or designee is required to report and confirm cost shared effort on Effort Reports. Records related to cost sharing must be retained for the period of time prescribed under relevant record retention policies.

Cost sharing, including the re-budgeting of direct-charged salary from a sponsored project to cost share account at UConn Health is permitted only with approval of the Department Chair, Dean, and the Office of Sponsored Program Services, or designees. When necessary, prior approval from the sponsor must also be obtained.

ROLES AND RESPONSIBILITIES

Principal Investigator:

1. Obtain approval for any mandatory and/or voluntary committed cost sharing prior to proposal submission.
2. Ensure cost sharing commitments are met.

Fiscal Officer/Department Administrator:

1. Track and monitor cost sharing commitments.

Sponsored Program Services:

1. Monitor cost sharing commitments.
2. Report on cost sharing when required by the sponsor.

ENFORCEMENT

Violations of this policy or associated procedures may result in appropriate disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, the University of Connecticut Student Code, other applicable University Policies, or as outlined in any procedures document related to this policy.

PROCEDURES/FORMS

Storrs and Regional Campuses:
Effort Reporting and Certification Policy

UConn Health:
Guidance – Cost Sharing (UCH)
NIH Salary Cap Guidelines
Budget Preparation Guidelines (UCH)
Budget Templates/Calculators (UCH)

POLICY HISTORY

Policy created:
Approved by the President’s Cabinet on 09/12/2019.  This is a new policy at Storrs and replaces a previous policy at UConn Health.

History:
UCH Policy 2002-14, “Cost Sharing/Matching Requirements”, created on 4/10/2002 and revised on 5/9/17.

Availability and Use of Opioid Antagonists, Policy on

December 12, 2019

Title: Availability and Use of Opioid Antagonists, Policy on
Policy Owner: Division of University Safety
Applies to: All Faculty, Staff, and Students
Campus Applicability: All campuses, including UConn Health
Approval Date: July 11, 2023
Effective Date: July 11, 2023
For More Information, Contact Division of University Safety
Contact Information: UConn Fire Department

860-486-4925
Official Website: https://universitysafety.uconn.edu/  

PURPOSE

To ensure compliance with Connecticut state law which requires all institutions of higher education in the state of Connecticut to develop and implement a policy concerning the availability and use of opioid antagonists by students and employees of the institution.

APPLIES TO

All faculty, staff, and students at the University of Connecticut and all regional campuses, including UConn Health (“UConn”).

DEFINITIONS

Opioid Antagonist: As used in this policy, and consistent with state law, “opioid antagonist” means naloxone hydrochloride or any other similarly acting and equally safe drug approved by the federal Food and Drug Administration for the treatment of drug overdose.

POLICY STATEMENT

UConn is committed to maintaining a safe and substance-free environment on all its campuses. All uniformed police and fire personnel on UConn’s campuses carry and are trained to administer opioid antagonists. In addition, clinical staff in Student Health and Wellness-Medical Services, located on the Storrs campus, store, and are trained to administer opioid antagonists. Opioid antagonists are available and accessible to students and employees on all of UConn’s campuses as noted below. When an opioid antagonist is administered on any of UConn’s campuses, notification to law enforcement or a local emergency medical provider must be made by a UConn representative. Such notification is satisfied if the opioid antagonist is administered by police, fire, or other medical personnel. In all other cases, notification should be made by calling 911 prior to, during or as soon as practical after each use. It is recommended that any individual administered an opioid antagonist be transported to an emergency department for further evaluation.

The Chief of the UConn Fire Department, or the designee(s), has been designated to oversee the purchase, storage, and distribution of opioid antagonists on each of UConn’s campuses and in observance with these procedures. The supply of opioid antagonists is maintained in accordance with manufacturer’s guidelines. Faculty, staff, and students may access opioid antagonists by calling 911.

Opioid antagonists are accessible to students and employees in the following locations:

Storrs Campus

University Safety Headquarters
126 North Eagleville Road
Storrs, CT 06269
Phone Number: 860-486-4800
Storrs, CT 06269-4011

Arjona Building
337 Mansfield Road, 4th Floor
Storrs, CT 06269

Wilson Hall
626 Gilbert Road, 1st Floor
Storrs, CT 06269

UConn Student Health and Wellness
Medical Care (Students only)
Hilda May Williams Building
234 Glenbrook Road, Unit 4011
Storrs, CT 06269-4011

Cordial House
1332 Storrs Road
Storrs, CT 06269

Avery Point

Police Department
1084 Shennecossett Road
Groton, CT 06340

School of Law

Police Department
39 Elizabeth Street
Hartford, CT  06103

UConn Health

Firehouse/Police Dept
263 Farmington Avenue
Farmington, CT  06030

Hartford Campus

Police Department
10 Prospect Street
Hartford, CT  06103

Stamford Campus

Police Department
1 University Place
Stamford, CT  06901

Waterbury Campus

Police Department
99 East Main Street
Waterbury, CT  06702

To ensure that the UConn community is aware of the availability and location of opioid antagonists on campus, this policy shall be sent via the University’s Daily Digest and UConn Health Lifeline to all faculty, staff and students prior to the start of each academic semester, and posted on the websites of the Division of University Safety, Department of Human Resources and Student Health and Wellness.

PROTECTION FROM LIABILITY AND PROSECUTION

State law provides substantial protections from civil and criminal liability for individuals acting in good faith to assist persons experiencing an opioid-related drug overdose. Individuals “may, if acting with reasonable care, administer an opioid antagonist to such other person. [Such] person . . . shall not be liable for damages in a civil action or subject to criminal prosecution with respect to the administration of such opioid antagonist.” See Connecticut General Statutes § 17a-714a.

In addition, state law prohibits the prosecution of any person who seeks or receives medical assistance in “good faith” when sought for someone else based on a reasonable belief that the person needs medical attention; when a person seeks medical attention based on a reasonable belief that he or she is experiencing an overdose, and when another person reasonably believes that he or she needs medical attention. “Good faith” does not include seeking medical assistance while law enforcement officers are executing an arrest or search warrant or conducting a lawful search. See Connecticut General Statutes 21a-279, 21a-267.

PROCEDURES

1. ADMINISTRATION OF AN OPIATE ANTAGONIST

University of Connecticut uniformed firefighters and police officers, and staff at Student Health and Wellness (Shaw) will administer an opiate antagonist per the current Connecticut Statewide EMS Protocols approved and disseminated by the Connecticut Department of Public Health (CT DPH).

2. LICENSING AND CERTIFICATION

A. All uniformed firefighters and police officers are licensed or certified at the Paramedic, Emergency Medical Technician, or Emergency Medical Responder levels, and are trained in the use intranasal administration of an opiate antagonist. Firefighter/Paramedics are additionally trained in the use of intravenous and intermuscular administration of an opiate antagonist.

B. All staff at ShaW Medical Services are trained in the use of intranasal administration of an opiate antagonist.

C. Re-training and recertification are required per CT DPH guidelines.

3. ISSUANCE OF OPIATE ANTAGONIST

A. All uniformed firefighters and police officers are issued opiate antagonists that are carried while on duty.

B. Opiate antagonists are stored in designated areas at SHaW

C. The Fire Chief, or designee(s), will track and disseminate opiate antagonist to all fire and police department personnel and the SHaW Pharmacy, as a designee, will track and disseminate opiate antagonists to the designated SHaW locations for appropriate use.

D. Additional opiate antagonist is available through the University of Connecticut Fire Department (UCFD) for personnel.

4. STORAGE

A. All uniformed Firefighters and police officers shall always be required to maintain opiate antagonist on their person or in EMS kits.

    1. In accordance with manufacturer’s instruction, the opiate antagonist (e.g., intranasal or injectable naloxone) must be kept out of direct light and stored at room temperature (between 59 and 86-degrees Fahrenheit).
    2. Opiate antagonist should not be left in a vehicle for extended periods and should not be subjected to extreme temperatures, since it will freeze, and it may affect the effectiveness of the medication.
    3. In addition to opiate antagonist being stored at UCFD, additional opiate antagonist will be stored in designated locations at the University of Connecticut Student Health and Wellness.

5. REPLACEMENT

A. Replacement opiate antagonist shall be stored at the UCFD and disseminated by the Fire Chief or the designee, and replaced as needed.

    1. In the event that an opiate antagonist is expired or used, the firefighter or police officer shall notify their appropriate supervisor for immediate replacement.
    2. Additional replacement opiate antagonist can be obtained from the UCFD.
    3. The purchase of all opiate antagonist will be through the UCFD.

B. Opiate antagonist that are lost, damaged, or exposed to extreme temperatures, shall be reported to the appropriate supervisor.

RELATED INFORMATION

Department of Human Resources: https://hr.uconn.edu/opioid-epidemic/

POLICY HISTORY

Policy created: 12/11/2019 Approved by Senior Leadership

Revisions:         7/11/23 Approved by the President and Senior Policy Council

Sponsored Award Closeout

November 27, 2019

Title: Sponsored Award Closeout
Policy Owner: Office of the Vice President for Research, Sponsored Program Services
Applies to: All Faculty, Staff, and Students
Campus Applicability: All campuses
Effective Date: November 25, 2019
For More Information, Contact Office of the Vice President for Research, Sponsored Program Services
Contact Information: 860-486-3622 (Storrs and regional campuses)

860-679-4040 (UConn Health)
Official Website: https://ovpr.uconn.edu (Storrs and regional campuses)

https://ovpr.uchc.edu (UConn Health)

REASON FOR POLICY

To ensure the thorough review of financial transactions in addition to other compliance requirements in accordance with the terms and conditions of the award prior to sponsored project closeout.  Unless stated otherwise by the terms and conditions of the Notice of Award, all applicable grant closeout reports are due no later than 120 days after the project end date. Failure to submit timely and accurate closeout documents may affect future funding to the University.

APPLIES TO

All faculty, staff, and students involved in the administration of sponsored programs at the University of Connecticut and all regional campuses andUConn Health (“University”).

DEFINITIONS

Closeout – The act of completing all internal procedures and sponsor requirements to terminate or complete a research project.

Progress/Technical Report – A technical description of the project results and additional information as required by the sponsor.  Additional information requested can include an abstract and a list of publications, patents, patent applications, and / or presentations at scientific meetings.

Final Financial Report/Invoice – Final report or invoice reflecting a summary of all transactions on an award.

Invention Statement – Document detailing all inventions conceived or first reduced to practice during the course of the project under the award and the inventing party.

POLICY STATEMENT

Prior to the closeout of a sponsored award, all applicable administrative actions and all required work of the sponsored award must be completed, including but not limited to financial reports, performance reports and deliverables as required by the terms and conditions of the sponsored award.  Note that final payment on an award may be contingent on the receipt of non-financial reports.

Responsibility for ensuring compliance with sponsored awards’ terms and conditions is shared between Sponsored Program Services (SPS), Principal Investigators (PI) and the fiscal officer/department administrator. The PI is responsible and accountable for the management and administration of his/her award within the constraints imposed by the sponsor and in accordance with University policy. The University is legally and financially responsible and accountable to the sponsor for the performance and proper use of funds for the award, and relies on the oversight of the PI in fulfilling its stewardship role. SPS will issue final financial reports to the sponsoring agency upon receipt of the approval of expenditures from the PI and/or designee.

All costs charged to a sponsored award must be in conformance with the award terms and conditions, the Uniform Guidance in the case of federally sponsored awards, federal and state law and University policy. Funds may not be obligated after the termination date of the sponsored award and all costs incurred on the award must benefit the award during the projects period of performance in accordance with the sponsoring award notice.

SPS has the authority to transfer unallowable costs, non-reimbursed expenditures or other disallowances as determined by the sponsor or the University under the terms of the sponsored award to an unrestricted account.

ROLES AND RESPONSIBILITIES

Principal Investigator:

  1. Ensures that any purchase orders for equipment, supplies or other materials, or services are executed prior to the end of the award performance period;
  2. Prior to the submission of the closeout financial report and within the required timeframe, reviews and approves expenditures to ensure they are allowable and allocable to the project. Further,  any required adjustments to expenses are posted in compliance with closeout policies and procedures;
  3. In collaboration with SPS, prepares and submits all required programmatic reports, which may include progress/technical reports and invention statements;
  4. Works with SPS to confirm final disposition of equipment purchased on the award in accordance with sponsor award notice;
  5. In collaboration with SPS, reviews the reported effort of key personnel to ensure agreement with the effort committed to the sponsor agency and addresses variances; and
  6. Ensure all other areas of compliance including but not limited to disposition of research animals, human subject information/records and protocols and disposition of hazardous materials are addressed in accordance with Federal, State, local and institutional regulations.

Fiscal Officer/Department Administrator:

  1. Monitors the costs charged to sponsored awards in accordance the terms and conditions of the award, relevant federal and state regulations and University policy.
  2. Ensures any outstanding vendor/subcontract invoices and any other subcontract obligations are approved and processed;
  3. Confirms final award expenditures; and
  4. Works with SPS and the PI to resolve any outstanding issues related to closeout.

Sponsored Program Services:

  1. Reviews charges made to accounts to ensure appropriateness;
  2. Reconciles Facilities and Administrative costs (F&A) charged to accounts and makes any necessary adjustments;
  3. In collaboration with the PI and Fiscal Officer/ Department Administrator may review the reported effort of key personnel to ensure agreement with the paid and committed effort reported to the sponsoring agency and addresses variances;
  4. Prepares and submits final financial information to the PI for review and approval;
  5. Ensures that financial reports and invoices are issued in a timely manner in accordance with sponsor requirements;
  6. Prepares and submits final Inventions/patent/property reports;
  7. Prepares and submits other non-financial reporting (e.g., Release and Assignment of Refunds, Rebates, Credits & Other Amounts forms); and
  8. Performs final review of account to ensure all pending action items (encumbrances, cash receipts, etc.) are completed and closes the account in the financial system.

ENFORCEMENT

Violations of this policy may result in appropriate disciplinary measures in accordance with University Laws and By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, and the University of Connecticut Student Code.

PROCEDURES/FORMS

Storrs and Regional Campuses:

Guidance – Award Management (Storrs and Regional Campuses)

UConn Health:

Guidance – Award Management (UCH)

Related

Sponsored Project Expenditures: Approval and Monitoring Policy (Storrs and Regional Campuses)

Policy on Effort Reporting and Certification (All Campuses)

Policy 2002-08:  Effort Reporting (UCH)

Policy 2002-21:  Interim and Final Financial Reports (UCH)

POLICY HISTORY

Policy created: Approved by the Board of Trustees on 12/11/2019.