Effective Date: December 11, 2017
Last Reviewed/Approved Date: New Policy
Next Scheduled Review Date: December 13, 2022
Policy Type: Campus-Wide
The purpose of this policy is to ensure that Elon’s electronic communication services (email, texting, etc.) remain available to and reliable for the Elon Community and are used for purposes appropriate to the University’s mission.
Elon encourages the use of electronic communications to share information and knowledge in support of the University’s mission of education, research and public service and to conduct the University’s business. To this end, the University supports and provides interactive electronic communications services and facilities for telecommunications, mail, publishing, and broadcasting.
This policy supersedes any other prior policies or requirements related to these topics and will be reviewed at least annually for potential updates.
This policy applies to any persons who access or use Elon Facilities or Assets, Confidential Information, Elon Data (the “Elon Community”), including faculty, staff, trustees, students, temporary employees, contractors, third-party service providers, business partners and alumni. Recognizing the convergence of technologies based on voice, video, and data networks, the University established principles, rules, and procedures applying to all members of the Elon Community to specifically address issues particular to the use of electronic communications. This policy clarifies the applicability of compliance and security to electronic communications to ensure consistent application of this policy.
This policy applies to the contents of electronic communications, and to the electronic attachments and transactional information associated with such communications.
Availability: characteristic of the information by which it can be accessed by authorized persons when it is needed.
Confidentiality: characteristic of the information by which it is available only to authorized persons or systems.
Confidential Information: includes data and information regulated by state, federal or international laws, any data and information regulated by the Payment Card Industry and any Elon data and information that is not considered public.
- any equipment that is used in the acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information, including printers, storage devices, computers, computer equipment, network equipment and systems and phone equipment and systems.
- any software or technology system used to store, transmit, process, create or present information or data for University use
- any data or information used by Elon community members in the course of doing business for and on behalf of Elon University.
Elon Data: any information resource that is maintained in electronic or digital format. Data may be accessed, searched, or retrieved via electronic networks or other electronic data processing technologies.
Information Security: preservation of confidentiality, integrity and availability of information.
Information Security Program: a segment of management processes that addresses the planning, implementation, maintenance, monitoring and improving information security within the University.
Integrity: characteristic of the information by which it is changed only by authorized persons or systems in an allowed way.
Official Email Account: an email account issued by Elon University that ends in the domain name @elon.edu is the official electronic account and should be used to conduct University business.
- Senior University Leadership (University President and members of Senior Staff)is responsible for ensuring the availability of resources to adequately support this policy and protect the information and technology assets of the University.
- Associate Vice President of Information Technology and Chief Information Officer is responsible for ensuring Elon’s electronic communication technologies enable the University to meet its goals and objectives.
- Director of Information Securityis responsible for designing and implementing controls that promote the secure, compliant, effective and efficient use of the University’s electronic communications technologies.
- Supervisors / Department Heads / Managersare responsible for ensuring their departments and direct reports adhere to this policy.
- The Elon Communitymembers should read and understand this policy. In addition, Elon Community members must protect Elon Assets and Elon Data within their control from unauthorized access, modification, destruction, and disclosure, and immediately report any violation of this policy to his/her supervisor or department head.
5.0 Policy Statements
- Since electronic messaging systems are used for phishing activities and ransomware delivery, all Elon Community members must educate themselves on how to properly identify and react to these types of messages.
- Electronic messaging systems and communication services are provided by Elon University for the purpose of enhancing productivity and maintaining effective official University communications.
- Elon Community members who are provided official email accounts must activate and maintain regular access to these accounts. These accounts must be used to send and receive electronic communications related to official University business.
- For security and compliance purposes, “auto-forwarding” of email messages from an Elon email account to a non-Elon or personal email account is prohibited, as is the manual forwarding of Elon business communications from an Elon email account to a personal email account.
- Failure to access the email account will not exempt individuals from their responsibility of being aware of and meeting requirements and responsibilities included in electronic communications.
- Message content is the sole responsibility of the individual sending the message and users must adhere to University policies and guidelines for official communications and practice generally accepted online etiquette.
- Faculty retain the discretion of establishing class expectations for email and other electronic messaging communication as a part of the course requirements.
- Elon’s email is a means of official communication to persons who are members of the Elon community. As such, official University communication mechanisms (including, but not limited to, official bulk email and course email) should be read on a regular basis since they may affect day-to-day activities and responsibilities.
- Email is a privilege, and certain responsibilities are attached to its use. All users are expected to adhere to bounds of decency, law, ethics, common sense, and good taste in email communications.
- Elon Community members should maintain his or her email account by adhering to University guidelines for data and information retention.
- Elon University will electronically scan inbound and outbound email for content that may be characterized as spam, harmful or malicious and classifies and quarantines messages in the follow manner:
- Does not deliver messages containing attachments that have been identified as worms by our current anti-virus system.
- Deletes attachments that are identified as containing viruses by our current anti-virus vendor and replaces them with a file called “deleted.txt”.
- Blocks messages from external mailers that do not provide the proper identification per DNS.
- Elon University reserves the right to block other incoming email that exhibits characteristics of spam, viruses, Trojans, or anything else that could threaten the campus’ network infrastructure or services.
- Elon’s email services also limit the size of inbound and outbound messages to 15 MB (including attachments).
- Elon University owns the email system and reserves the right to examine any emails or files. System administrators will refrain from examining email and files and treat them as confidential unless directed by the President, Provost, Vice President for Finance and Administration, or Associate Vice President for Technology/CIO.
- Elon Data, personal and regulated informationmust not be transmitted electronically through the Elon University email system in clear text. As such, Elon University will automatically encrypt any message determined to contain sensitive or personal information. Personal information is defined as an individual’s first and last name connected to any of the following:
- Social Security number
- Driver’s License number
- Financial Account number
- Credit or Debit Card number
- Any security code or password which could provide access to an individual’s financial account
- Users should exercise extreme caution in using email to communicate confidential or sensitive matters and should not assume that email is private and confidential. It is especially important that users are careful to send messages only to the intended recipient(s). Particular care should be taken when using the “reply” or “reply all” commands during email correspondence.
- To protect the availability of the email services at Elon, users should refrain from the following activities:
- Excessive personal use
- Interference with other people’s use of email
- Intentional unauthorized access of other people’s email
- Sending ‘spams’, chain letters, letter bombs or any other type of widespread distribution of unsolicited email
- Forging email
- Giving the impression you are representing the University unless you are authorized to do so
- Using email for commercial activities
- Sending of offensive or abusive messages
- Conducting unlawful activities
- Spoofing, forging, altering, or removing of electronic mail headers is also prohibited
- Elon University email services may not be used to send commercial or unsolicited bulk email or to send messages (such as large volumes of email messages or extremely large individual email messages) with the intent of disrupting a server or an individual’s account on a server.
Sanctions for inappropriate use of Elon Facilities, Assets or Data may include, but are not limited to, one or more of the following:
- Temporary or permanent revocation of access to some or all computing, networking and other technology resources;
- Disciplinary action according to applicable University policies; and /or
- Legal action according to applicable laws and contractual agreements.
Individuals concerned about any violation of this policy are encouraged to contact the Associate Vice President for Technology/CIO or the Vice President for Finance and Administration. Individuals can also report suspected policy violations to email@example.com.