Information Security and Technology Code of Responsibility for Employees

Information Systems maintains a complete policy manual, available at Information Systems Policies. The specific code of responsibility for employees is outlined below.

Information Security and Technology Code of Responsibility for Employees

All information maintained by Eastern Mennonite University (EMU) is subject to this agreement. It applies to all constituent records including, but not limited to, prospective students, students, alumni, employees, donors, contractors and vendors. The records may be in any form, electronic or otherwise, stored in manual systems, the Student Information System (SIS) or any other EMU-owned or controlled technology resources.

The security and confidentiality of this information affects all EMU constituents. Individuals with access to this sensitive information are in a position of responsibility to maintain that security and confidentiality. Any breach of this security and confidentiality will be strictly dealt with by university officials and may result in discipline up to and including termination of employment.
All EMU employees (full-time, part-time, adjunct, temporary, work-study, contractors, etc.) must read and periodically agree to the following Information Security and Technology Code of Responsibility for Employees.

Employees may be periodically prompted during the network login process to affirm this Code of Responsibility. A version, appropriate for signing, is available at Information Systems Policies. All EMU employees (e.g. full-time, part-time, adjunct, temporary, work-study, contractors, etc.) must read and periodically agree to the code as presented below.

Code of Responsibility for Employees

My use of the EMU network constitutes agreement to the following:

  1. I will abide by all EMU Information Systems Policies at Information Systems Policies.
  2. I will not engage in prohibited activities, including, but not limited to:
    1. Using technology resources to threaten or harass others, even as a joke.
    2. Knowingly distributing malware, phishing emails or other malicious communication.
    3. Attempting to gain access to computers or network accessible resources for which I am not authorized.
    4. Hosting for-profit activities using EMU resources (e.g. selling items for personal profit, promoting a personal business--with the exception of advertisements in the eClassifieds system on www.emu.edu).
    5. Using the EMU network or other technology resources for criminal or malicious activities.
  3. My account (Royal username and password) identifies me to EMU systems. I will safeguard my account by:
    1. Not allowing others to use my EMU accounts; nor will I use someone else's account.
    2. Securing my computer against unauthorized access, including using a password-secured screen saver.
    3. Not leaving my computer unattended without securing it by either logging out from it or using a password-protected screen saver.
    4. Using strong passwords[1] and not storing my password(s) in places where others can easily see them.
  4. I will respect all copyright laws by not infringing upon others' copyrights. 
    The Digital Millennium Copyright Act (DMCA) provides strict rules governing the use of copyright protected materials. [www.copyright.gov/legislation/dmca.pdfWhen EMU receives notification of alleged copyright infringements, the computer owner (if computer is not owned by EMU) or the computer user (if the computer is owned by EMU) will face disciplinary actions outlined in the Responsible Use of Technology Resources Policy, available at Information Systems Policies.
  5. I will report any suspicious activity related to electronic equipment or information systems to my supervisor or the Information Systems Helpdesk.
  6. I will safeguard the integrity and security of personal or confidential information by:
    1. Not knowingly including false, inaccurate or misleading data in records or reports.
    2. Not inappropriately sharing confidential information gained by my position, nor benefiting from it.
    3. Accessing information only to the extent I need it to perform my job responsibilities.
  7. I will accept responsibility for ensuring the appropriate use and confidentiality of constituents’ information according to the Family Educational Rights and Privacy Act (FERPA) and all other applicable federal, state and local laws and regulations.
  8. I will properly secure and/or securely dispose of all documents containing EMU constituents’ personal information (e.g. EMU ID numbers, Social Security Numbers, birth dates, addresses, and any other personally identifiable information). I will not store this data in cloud storage systems except EMU’s Google system. If I store this data on a personally-owned devices (laptop, tablet, smartphone, etc.) I will secure it with strong passwords, encryption and other measures as appropriate.
  9. I will always ensure that my email is stored securely and I agree not to configure my emu.edu email account to automatically forward to any other email address.


Distribution: Faculty/Staff Handbook




[1] Refer to EMU strong password recommendation at Royal Account Security.