CHAPTER 1200 Information Technology Services

1230 Infrastructure and Platforms

Policies in this section govern access to and use of information technology infrastructure and platforms to manage and protect their integrity and availability. The policies apply to equipment operated on or through University resources.

1231 University Networks

POLICY:

This policy protects the data and network-related resources of the University and helps ensure a secure and reliable network in which end-users have confidence. It reduces the risk of data loss or loss of service by providing consistent network access, maintenance, and methodologies.

Information Technology Services is responsible for the University's data, video and voice communications networks. This includes designing, deploying, documenting, monitoring, maintaining, supporting and troubleshooting the wired and wireless networks of the university.

Cost recovery is administered as statutorily required for network services rendered to auxiliaries, self-support enterprise funds, or third parties.

This policy applies to all users of Cal Poly information technology resources regardless of affiliation, and irrespective of whether those resources are accessed from on-campus or off-campus locations.

OBJECTIVES:

Installation and configuration of all network devices and related systems at Cal Poly must be managed and coordinated by Information Technology Services to prevent access by unauthorized users or service interruptions and difficulties. No member of the campus community is permitted to independently deploy network devices extending the University network, or secure or isolate parts of the University network, except as approved by Information Technology Services.

Network devices and related systems include, but are not limited to, hubs, bridges, switches, routers, firewalls, wireless access points, network address translators, remote access servers (jump boxes), and virtual private network (VPN) servers.

1232 Domain Name Registration and Usage

POLICY:

This policy ensures that website and device names are assigned and used appropriately to promote the image and reputation of the university. These “domain names” are electronic addresses used to find specific destinations and services on the Internet. Domain names are an important part of the University’s identity and public outreach efforts and have an impact on how the University is perceived. Use of “calpoly” in a domain name is considered use of the Cal Poly trademark and is subject to approval of University Marketing prior to producing digital product or content.

This policy governs third level domain name registrations, e.g., unitname.calpoly.edu. It applies to

• any state entity, affiliate or individual registering a domain name for University-related purposes;
• any domain name pointing to a University-owned computer;
• any University-related activity or service requiring a domain name regardless of where it is hosted or how it is funded. This includes: University divisions, colleges, departments, auxiliaries, instructionally related activities, sponsored programs, institutes and centers, student clubs and organizations, and services associated with Cal Poly domain names that are contractually delegated to or operated by non-University entities.

Information Technology Services is the official institutional contact and registrant of domain names on behalf of Cal Poly, including those outside the calpoly.edu domain (e.g., calpolycreamery.com). Individuals and organizational units are not authorized to register Internet domain names on behalf of Cal Poly or their respective units.

Along with the associated policy provided by University Marketing, this policy ensures protection and continued use of Cal Poly domain names, compliance with applicable policies and laws, and prevents inappropriate and unauthorized uses.

OBJECTIVES:

Calpoly.edu

The principal domain name for Cal Poly is “calpoly.edu”.

All devices connected to the Cal Poly network must be registered in the Cal Poly Domain Name System (DNS). All domain names must resolve to a Cal Poly IP address unless a specific exception has been granted by Information Technology Services. Websites and services provided by members of the Cal Poly community as part of their official function or as part of Cal Poly’s mission must be registered and hosted within the calpoly.edu domain.

External Cal Poly domains

Exceptions will be granted by University Marketing if an external (non-calpoly.edu) domain name is appropriate and necessary to convey the identity, function or nature of an established entity, activity or service, or to prevent a non-calpoly.edu domain name from being misappropriated. This includes Web sites, cloud services, and services delegated to, maintained or operated by non-University entities on behalf of the University. The University entity requesting the non-calpoly.edu domain name is responsible for any related costs. All non-calpoly.edu domain name requests are subject to availability.

Use of the term “calpoly” is protected by state law, state and federal trademark law and University policy. University approval is required prior to registering a domain name outside of “calpoly.edu” and containing the term “calpoly”. See related policy under University Marketing.

Members of the Cal Poly community are not permitted to register a non calpoly.edu domain name resolving (pointing) to a computer or service on campus. With the approval of University Marketing and ITS, recognized Campus Organizations, such as the Cal Poly Alumni Association or the Cal Poly Foundation, are permitted to use the Cal Poly name in registering an appropriate external Cal Poly domain name (e.g., www.calpolyalumni.net).

Non-calpoly.edu domain names registered without Information Technology Services approval must be transferred to ITS control as soon as possible. Any resulting costs will be borne by the responsible University entity.

1233 Telephone Service and Usage

POLICY:

This policy describes assignment, use and management of telephone services at Cal Poly. Information Technology Services provides voice services for local and long distance, voice messaging and emergency 911. Information Technology Services also initiates University cell phone transactions (i.e., phone purchases, service activations/terminations, etc.) using established contracts with commercial vendors.

OBJECTIVES:

Information Technology Services provides each full-time faculty (or full-time equivalent), each full-time state staff member and each state department as determined by the department head, with a telephone line, a digital telephone and a voice mailbox with standard features. Additional services, such as advanced telephone sets and non-standard features, are provided on a chargeback basis. Cost recovery is administered as statutorily required for telephone services rendered to auxiliaries, self-support enterprise funds, or third parties.

University-owned cell phones may be issued to employees for business purposes. Information Technology Services (ITS) is responsible for managing University cellular service contract phones purchased on the Cal Poly government account. ITS will assign University-owned cell phones based on authorization of the associated service and charges by the appropriate administrator. Cell phones purchased on the Cal Poly government account with state funds are considered state property and must be returned to the University upon termination of employment.

Use of campus telephone services is intended for official University business and must comply with applicable laws and University policies, including the Responsible Use Policy and information security policies and standards.

1234 Cloud Computing Services

POLICY:

The purpose of this policy is to ensure that CSU data is not inappropriately stored or shared using public cloud computing, file sharing services or other software as a service. Policies and best practices for Cloud Computing Services follow the same guidance as for equipment on premise.

Cloud computing services are application and infrastructure resources accessed via the internet. They provide services, platforms and infrastructure for activities involving the processing, exchange, storage or management of institutional data. Cloud computing includes, but is not limited to:

• Use of servers or information technology services of any type that are not hosted by the CSU or Cal Poly (e.g., social networking applications, file storage, content hosting)
• Software as a Service (SaaS): an application hosted, maintained and updated by a third-party vendor and available to users over the Internet
• Platform as a Service (Paas): a platform, hosted by a third-party vendor, on which the customer can develop and run applications
• Infrastructure as a Service (IaaS): infrastructure such as hardware, virtual services and operating systems provided by a third-party vendor

Using a third-party cloud service to handle institutional data does not absolve members of the campus community from the responsibility of ensuring that the data is properly and securely managed.

OBJECTIVES:

Members of the campus community will use the ICT process (see CAP 1203.2) for purchasing and deploying cloud computing resources. The security evaluation will identify conditions the vendor needs to agree to contractually to ensure the Cloud Computing Service complies with CSU policy. Acquisition of cloud services which store, or access, or provide access to, protected data must comply with ICSUAM 8040 Managing Third Parties.

Authentication to campus information assets hosted in the cloud shall be subject to no less control that those hosted on campus and must comply with ICSUAM 8060 Access Control and associated standards.

Campus information assets stored in the cloud shall be protected with no less control that that used for on premise systems, as detailed in ICSUAM 8065 Asset Management and associated standards. Storage of Level 1 data will be subject to additional controls set by Information Technology Services.

1235 Two-Way Radio Communications in VHF and UHF Bands

POLICY:

Two-way radio communications in the Very High Frequency (VHF) and Ultra High Frequency (UHF) bands must comply with Federal Communication Commission (FCC) regulations. Such communications are used for a wide range of purposes at Cal Poly.

OBJECTIVES:

Information Technology Services (ITS) provides radio frequency management services that include interference prevention for the operation of two-way radio communication devices on campus.

All two-way radio system installations and modifications, including any outside vendor radio frequency programming, must be coordinated through ITS-Technical Services to ensure that the radio frequency devices meet FCC compliance, will be compatible with devices already in use, and will not cause harmful interference with existing campus installations.