If a need arises for exceptions to the principles and examples in this Code of Conduct document, approval must be obtained from the University CIO, University CSO, or school CIO. These are meant to be representative and helpful, but not comprehensive. We will sign a yearly acknowledgment that we have received, read, and understood this Code of Conduct.īelow are some examples of the Code of Conduct in practice. We understand any failure to meet the Code of Conduct is considered a violation of trust and is grounds for disciplinary action up to and including dismissal. We will not peruse or examine user’s electronic information for any purpose other than to address a specific issue. We only use the information gathered for the purpose for which it was obtained, properly protect the information while in our possession, and dispose of it properly once it is no longer needed for business purposes. We only obtain the information we need to perform our job or which we have been directed to obtain by proper University or legal authorities. It is part of our job to help protect all user’s electronic information from unauthorized access.
We require access to user’s electronic information in order to develop, test, implement and support the University’s applications, systems and networks and to ensure they run properly to protect against threats such as attacks, malware, and viruses to protect the integrity and security of information to help support business continuity and to help deal with threats to campus safety and the safety of individuals. We have access to user’s electronic information, some of which may be personal and confidential. IT leadership will review and revise the Code of Conduct as needed in response to any incidents or as technology changes. IT leadership will provide guidance on this Code of Conduct as challenges are observed or encountered. IT staff will be required to annually review and affirm the Code of Conduct. IT staff will receive communications and training on the Code of Conduct.
In performing their duties IT staff will comply with applicable University policies including the Harvard Information Security Policy and Harvard's Policy on Access to Electronic Information. In the course of supporting the business of the University, IT staff performing regular duties may have access to data in applications, emails, and file systems or on desktops, servers and networks, and other systems that must be protected by the University.
0 kommentar(er)
