Administration & Finance

A&F SERVICES

Campus Administrative Policies

CHAPTER 1200 Information Technology Services

1200 Organization and Division Policies

1201 Organizational Structure

Information Technology Services provides information technology oversight for the University and technical services and support to Cal Poly administration, staff, faculty and students. Under the direction of the Vice President for Information Technology Services/Chief Information Officer, the division includes (1) information security; (2) application, data and integration services; (3) client services and portfolio management; and (4) infrastructure and platform services.

References for CAP 1201

  1. Date approved by the President: April 23, 2020
  2. Effective Date: April 23, 2020
  3. Responsible Department/Office(s): Vice President for Information Technology/Chief Information Officer
  4. Revision History: Not applicable/New
  5. Related University Policies, Procedures, Manuals and/or Documents:
    1. About ITS
  6. Laws, Regulations and/or Codes of practice referred to herein or related to this policy:
    1. N/A

1202 Information Technology Advisory Committees

The Vice President for Information Technology Services/Chief Information Officer manages the University’s technology enterprise. The VP/CIO may appoint campus committees to advise the technology enterprise.

The Information Technology Management Council (ITMC) establishes the vision, priority and pace of information technology initiatives at Cal Poly. It includes workgroups representing information technology interests across campus, ensuring that input is received from broad and diverse perspectives.

References for CAP 1202

  1. Date approved by the President: April 23, 2020
  2. Effective Date: April 23, 2020
  3. Responsible Department/Office(s): Vice President for Information Technology/Chief Information Officer
  4. Revision History: Not applicable/New
  5. Related University Policies, Procedures, Manuals and/or Documents:
    1. IT Governance documentation
  6. Laws, Regulations and/or Codes of practice referred to herein or related to this policy:
    1. N/A

1203 University IT Policies

Under the direction of the Vice President for Information Technology Services/Chief Information Officer, Information Technology Services (ITS) is responsible for coordinating the development, dissemination, implementation, interpretation, and enforcement of policies, standards, guidelines and procedures for information security, information resources and technology.

Policy development is driven by California State University System (CSU) policies and directives, legislation and regulations, audit findings, risk assessment, University strategic plan and campus initiatives.

1203.1 IT Responsible Use Policy

The principal concern is the effective and efficient use of information technology (IT) resources; ensuring the resources are used in a manner that does not impair or impede their use by others in pursuit of the University’s mission.

The policy is intended to ensure:

  • The integrity, availability and performance of University resources;
  • The user community operates according to established policies and applicable laws;
  • These resources are used for their intended purposes; and
  • Appropriate measures are in place to assure the policy is honored.

IT resources are provided to support the University’s mission of education, research and service. To ensure these shared and finite resources are used effectively, to further the University’s mission, each user has the responsibility to:

  • Use the resources appropriately and efficiently.
  • Respect freedom of thought, inquiry and expression
  • Respect the privacy of others.
  • Protect the stability and security of the resources.
  • Understand and fully abide by established California State University and Cal Poly policies and applicable federal and state laws.

1203.1.1 Scope

This policy applies to all users and all IT resources and services provided by the University to support Cal Poly’s core academic mission and to enable users to access, communicate, store, retrieve and transmit data. Upon initial access and annually thereafter, users must acknowledge they have read and agree to abide by the Responsible Use Policy and applicable standards.

Additional use policies and terms and conditions may be in place for specific campus resources or non-University resources supporting Cal Poly’s mission. Users must become familiar with any policies when agreeing to use such resources.

Users must respect the rights of other users; respect the confidentiality, integrity and availability of the systems and related physical resources they have access to; and observe all relevant laws, regulations, and contractual obligations.

Policy provisions include, but are not limited to:

  • Authorized use/access: Access to Cal Poly's information technology resources is a privilege granted to faculty, staff and students in support of their studies, instruction, duties as employees, official business with the University, and/or other University-sanctioned activities. Access may also be granted to individuals outside of Cal Poly for purposes consistent with the mission of the University.
  • Data security, confidentiality and privacy: Cal Poly users are responsible for understanding the various data classifications, ensuring the confidentiality and appropriate use of institutional data to which they are given access, ensuring the security of the equipment where such information is held or displayed, ensuring the security of any accounts issued in their name, and abiding by related privacy rights of students, faculty and staff.
  • Network and system integrity: Activities and behaviors that threaten the integrity of computer networks or systems are prohibited on both University-owned and privately-owned equipment operated on or through University resources.
  • Commercial use: Use of the University’s information technology resources is strictly prohibited for unauthorized commercial activities, personal gain, and private, or otherwise unrelated to the University, business or fundraising.
  • Political advocacy: California law makes it illegal for any state employee or consultant to use or permit others to use state resources for any campaign activity not authorized by law.
  • Harassment: Harassment of others via electronic methods is prohibited under California State Penal Code and University policies.
  • Copyright: Federal copyright law applies to all forms of information, including electronic communication.
  • Trademark and patents: Student, faculty and staff use of University information technology resources in the creation of inventions and other intellectual property that must be patented, trademarked or licensed for commercial purposes must be consistent with Cal Poly’s Intellectual Property Policy.
  • Electronic communications: University electronic communications are to be used to enhance and facilitate teaching, learning, scholarly research, to support academic experiences, to facilitate the effective business and administrative processes of the University, and to foster effective communications within the academic community.
  • Internet/Web use and accessibility of digital content: An official Cal Poly web site is any site on calpoly.edu, or any site paid for by Cal Poly.

All existing laws (federal and state) and University regulations and policies apply, including not only those laws and regulations specific to computers and networks (e.g. malware), but also those that apply generally to personal conduct (e.g. harassment).

1203.1.2 Compliance and Enforcement

Users will be held accountable for their conduct under any applicable University policies, standards, procedures or collective bargaining agreements. Enforcement will be based upon receipt of one or more formal complaints about a specific incident or through discovery of a possible violation in the normal course of administering IT resources and services. Complaints alleging serious misuse will be directed to those responsible for taking appropriate disciplinary action. Appeals of University actions resulting from enforcement of this policy will be handled through existing disciplinary/grievance processes.

First offenses and minor infractions are generally resolved informally by the entity responsible for the resource. Repeat offenses and serious incidents may lead to formal disciplinary action up to and including dismissal or termination. Misuse may result in the loss of computing privileges and prosecution under applicable civil and criminal statutes.

Back to top

References for CAP 1203.1

  1. Date approved by the President: April 23, 2020
  2. Effective Date: April 23, 2020
  3. Responsible Department/Office(s): Vice President for Information Technology/Chief Information Officer
  4. Revision History: Not applicable/New
  5. Related University Policies, Procedures, Manuals and/or Documents:
    1. CSU Information Security Policy
    2. CAP 263 Cal Poly Intellectual Property Policy
    3. Cal Poly Responsible Use Standards (full text) and related appendices
  6. Laws, Regulations and/or Codes of practice referred to herein or related to this policy:
    1. California State Penal Code Section 502
    2. California Government Code 8314 – Political Advocacy
    3. California State Penal Code Section 653m – Harassment
    4. Federal Copyright Law

1203.2 Information and Communications Technology (ICT) Decisions

Policy

Cal Poly seeks information and communications technology (ICT) that is universal in design and accessible to its student, employee and community audiences.

This policy assists campus units in making information and communications technology (ICT) decisions that integrate effectively with campus and CSU priorities and requirements for service, support, accessibility, security, technology or compliance to regulation or law.

Information and communication technology (ICT) includes, but is not limited to:

  • Software and operating systems, including “cloud-hosted” applications and services, e.g., subscription databases, licenses, data sharing, data analysis
  • Web-based content, e.g., websites, online surveys and other content, social media sites, online subscriptions
  • Third party services to design or create information and communication technology products, applications or services, e.g., web design, mobile application development
  • Telecommunication products, e.g., telephones, cell phones, smart phones, video conferencing
  • Video and multimedia products and services, e.g., TV displays and tuners, projectors, media players and recorders, wearables, and mediated content such as DVDs, streaming media
  • Self-contained, closed products, e.g., printers, scanners, copiers, kiosks, digital cameras, scientific instruments
  • Hardware, e.g., servers, appliances, computers, mobile devices, storage, peripherals
  • Digital documents and materials, e.g., ebooks, online journals, instructional materials
  • Appliances, controllers, monitoring and systems devices connected to the Internet e.g., IoT, radio/TV broadcast devices, facilities controllers, cameras, digital signage

Objectives:

In general, if a product or service fits into the ICT categories above, requires user interaction, and involves collecting, creating, analyzing, converting, transferring, storing or duplicating data or information, then it is covered.

Prior to making an ICT decision, especially one involving a new product or service, it is important to consult with unit management and IT support and Information Technology Services (ITS) to assess the priority, resource implications, potential impact and alternatives, and available tools to meet the need.

All applicable ICT products and services will be reviewed for:

  • Accessibility
  • Information Security
  • Technology Integration and Support, e.g., authentication, data access needs, networking
  • Fit with established university level IT initiatives, priorities and strategic direction

ITS will partner with Strategic Business Services on ICT acquisitions for Accessibility and Information Security compliance.

This policy applies to all technology decisions meeting the campus criteria for review, regardless of who initiates the decision/request or the funding source (including no-cost or open source purchases). Any ICT product or service may be subject to review based on substantive changes (e.g., technical, functional, operational) or its potential impact on campus users or the University.

The vice president/chief information officer, Information Technology Services, is responsible for application and enforcement of this policy.

The VP/CIO or designee, in consultation with university procurement or other affected parties, is responsible for developing standards, guidelines and practices for implementing the policy.

Back to top

References for CAP 1203.2

  1. Date approved by the President: April 23, 2020
  2. Effective Date: April 23, 2020
  3. Responsible Department/Office(s): Vice President for Information Technology Services
  4. Revision History: Not applicable/New
  5. Related University Policies, Procedures, Manuals and/or Documents:
    1. Cal Poly Electronic & Information Technology Decisions Standards & Practices
    2. Cal Poly Technology Purchases Website
    3. Disability Support and Accommodations Policy
    4. California State University Board of Trustees Policy on Disability Support and Accommodations
    5. CSU Accessible Technology Initiative (ATI) Vendor Requirements
    6. Information Technology Industry Council VPAT
  6. Laws, Regulations and/or Codes of practice referred to herein or related to this policy:
    1. Federal Register - Information and Communication Technology (ICT)
    2. United States Access Board - Section 508