Administration & Finance

A&F SERVICES

Campus Administrative Policies

CHAPTER 1200 Information Technology Services

1200 Organization and Division Policies

1201 Organizational Structure

The Information Technology Services division oversees IT operations and provides technical support to Cal Poly administration, staff, faculty, and students. Led by the Chief Information Officer, the division encompasses key areas such as cybersecurity, application and data management, user support, and infrastructure services.

References for CAP 1201

  1. Date approved by the President: April 23, 2020
  2. Effective Date: April 23, 2020
  3. Responsible Department/Office(s): Vice President for Information Technology/Chief Information Officer
  4. Revision History: Not applicable/New
  5. Related University Policies, Procedures, Manuals and/or Documents:
    1. About ITS
  6. Laws, Regulations and/or Codes of practice referred to herein or related to this policy:
    1. N/A

1202 Information Technology Advisory Committees

The Vice President for Information Technology Services/Chief Information Officer manages the University’s technology enterprise. The VP/CIO may appoint campus committees to advise the technology enterprise.

The University establishes the vision, priority and pace of information technology initiatives at Cal Poly. It includes workgroups representing information technology interests across campus, ensuring that input is received from broad and diverse perspectives.

References for CAP 1202

  1. Date approved by the President: April 23, 2020
  2. Effective Date: April 23, 2020
  3. Responsible Department/Office(s): Vice President for Information Technology/Chief Information Officer
  4. Revision History: Not applicable/New
  5. Related University Policies, Procedures, Manuals and/or Documents:
    1. a. Policies, Standards, Guidelines, Procedures, and Forms
  6. Laws, Regulations and/or Codes of practice referred to herein or related to this policy:
    1. N/A

1203 University IT Policies

Under the direction of the Vice President for Information Technology Services/Chief Information Officer, Information Technology Services (ITS) is responsible for coordinating the development, dissemination, implementation, interpretation, and enforcement of policies, standards, guidelines and procedures for information security, information resources and technology.

Policy development is driven by California State University System (CSU) policies and directives, legislation and regulations, audit findings, risk assessment, University strategic plan and campus initiatives.

1203.1 IT Responsible Use Policy

The principal concern is the effective and efficient use of information technology (IT) resources; ensuring the resources are used in a manner that does not impair or impede their use by others in pursuit of the University’s mission.

The policy is intended to ensure:

  • The integrity, availability and performance of University resources;
  • The user community operates according to established policies and applicable laws;
  • These resources are used for their intended purposes; and
  • Appropriate measures are in place to assure the policy is honored.

IT resources are provided to support the University’s mission of education, research and service. To ensure these shared and finite resources are used effectively, to further the University’s mission, each user has the responsibility to:

  • Use the resources appropriately and efficiently.
  • Respect freedom of thought, inquiry and expression
  • Respect the privacy of others.
  • Protect the stability and security of the resources.
  • Understand and fully abide by established California State University and Cal Poly policies and applicable federal and state laws.

1203.1.1 Scope

This policy applies to all users and all IT resources and services provided by the University to support Cal Poly’s core academic mission and to enable users to access, communicate, store, retrieve and transmit data. Upon initial access and annually thereafter, users must acknowledge they have read and agree to abide by the Responsible Use Policy and applicable standards.

Additional use policies and terms and conditions may be in place for specific campus resources or non-University resources supporting Cal Poly’s mission. Users must become familiar with any policies when agreeing to use such resources.

Users must respect the rights of other users; respect the confidentiality, integrity and availability of the systems and related physical resources they have access to; and observe all relevant laws, regulations, and contractual obligations.

Policy provisions include, but are not limited to:

  • Authorized use/access: Access to Cal Poly's information technology resources is a privilege granted to faculty, staff and students in support of their studies, instruction, duties as employees, official business with the University, and/or other University-sanctioned activities. Access may also be granted to individuals outside of Cal Poly for purposes consistent with the mission of the University.
  • Data security, confidentiality and privacy: Cal Poly users are responsible for understanding the various data classifications, ensuring the confidentiality and appropriate use of institutional data to which they are given access, ensuring the security of the equipment where such information is held or displayed, ensuring the security of any accounts issued in their name, and abiding by related privacy rights of students, faculty and staff.
  • Network and system integrity: Activities and behaviors that threaten the integrity of computer networks or systems are prohibited on both University-owned and privately-owned equipment operated on or through University resources.
  • Commercial use: Use of the University’s information technology resources is strictly prohibited for unauthorized commercial activities, personal gain, and private, or otherwise unrelated to the University, business or fundraising.
  • Political advocacy: California law makes it illegal for any state employee or consultant to use or permit others to use state resources for any campaign activity not authorized by law.
  • Harassment: Harassment of others via electronic methods is prohibited under California State Penal Code and University policies.
  • Copyright: Federal copyright law applies to all forms of information, including electronic communication.
  • Trademark and patents: Student, faculty and staff use of University information technology resources in the creation of inventions and other intellectual property that must be patented, trademarked or licensed for commercial purposes must be consistent with Cal Poly’s Intellectual Property Policy.
  • Electronic communications: University electronic communications are to be used to enhance and facilitate teaching, learning, scholarly research, to support academic experiences, to facilitate the effective business and administrative processes of the University, and to foster effective communications within the academic community.
  • Internet/Web use and accessibility of digital content: An official Cal Poly web site is any site on calpoly.edu, or any site paid for by Cal Poly.

All existing laws (federal and state) and University regulations and policies apply, including not only those laws and regulations specific to computers and networks (e.g. malware), but also those that apply generally to personal conduct (e.g. harassment).

1203.1.2 Compliance and Enforcement

Users will be held accountable for their conduct under any applicable University policies, standards, procedures or collective bargaining agreements. Enforcement will be based upon receipt of one or more formal complaints about a specific incident or through discovery of a possible violation in the normal course of administering IT resources and services. Complaints alleging serious misuse will be directed to those responsible for taking appropriate disciplinary action. Appeals of University actions resulting from enforcement of this policy will be handled through existing disciplinary/grievance processes.

First offenses and minor infractions are generally resolved informally by the entity responsible for the resource. Repeat offenses and serious incidents may lead to formal disciplinary action up to and including dismissal or termination. Misuse may result in the loss of computing privileges and prosecution under applicable civil and criminal statutes.

Back to top

References for CAP 1203.1

  1. Date approved by the President: April 23, 2020
  2. Effective Date: April 23, 2020
  3. Responsible Department/Office(s): Vice President for Information Technology/Chief Information Officer
  4. Revision History: Not applicable/New
  5. Related University Policies, Procedures, Manuals and/or Documents:
    1. CSU Information Security Policy
    2. CAP 263 Cal Poly Intellectual Property Policy
    3. Cal Poly Responsible Use Standards (full text) and related appendices
  6. Laws, Regulations and/or Codes of practice referred to herein or related to this policy:
    1. California State Penal Code Section 502
    2. California Government Code 8314 – Political Advocacy
    3. California State Penal Code Section 653m – Harassment
    4. Federal Copyright Law

1203.2 Information and Communications Technology (ICT) Decisions

Policy

Cal Poly seeks information and communications technology (ICT) that is universal in design and accessible to its student, employee and community audiences.

This policy assists campus units in making information and communications technology (ICT) decisions that integrate effectively with campus and CSU priorities and requirements for service, support, accessibility, security, technology or compliance to regulation or law.

Information and communication technology (ICT) includes, but is not limited to:

  • Artificial Intelligence (AI) products and services, e.g., all models / types - embedded, integrated and standalone
  • "Locally installed" applications and operating systems, e.g., for computers, servers, appliances, devices, instrumentation
  • "Cloud-hosted" applications and services, e.g., CRM, databases, data analysis and visualization, learning systems, modeling (computational and imagery), online journals and digital resources, information security tools, productivity suites, project management and workflow tools, social media, streaming media, communications and marketing platforms, calendaring and event platforms, polling and survey tools
  • Web hosting services and website applications and services, e.g., administration, analytics, configuration, design, reporting, tools and utilities
  • Third party services to design or create information and communication technology products, applications or services, e.g., web design, mobile application development
  • Third party services that support academic instruction, e.g., learning portals, proctoring
  • Third party services that support campus operations, e.g., admissions and recruitment; health and safety; parking, university housing; online storefronts that enable ordering, reservations, tickets, payments, deliveries
  • Third party assessment and consultant services that interact with data, computers, infrastructure, networks, systems, services, users, e.g., online surveys, online reports.
  • Third party services that acquire, configure, design, implement products, applications or services for campus operations, e.g., door access, building controls, facilities solutions.
  • Telecommunication products, e.g., telephones, cell phones, smart phones, video conferencing
  • Video and multimedia products and services, e.g., TV displays and tuners, projectors, media players and recorders, wearables, and mediated content such as DVDs, streaming media
  • Self-contained, closed products, e.g., printers, scanners, copiers, kiosks, digital cameras, scientific instruments
  • Hardware, e.g., servers, appliances, computers, mobile devices, storage, peripherals
  • Digital documents and materials, e.g., ebooks, instructional materials, learning resources
  • Digital remediation services, e.g., audio/video captioning, document accessibility
  • Accessibility support and assistive technologies, e.g., compliance scanning, remediation platforms, dictation and text-to-speech products, screen magnifiers / readers, input and output devices
  • Appliances, controllers, monitoring and systems devices connected to the Internet e.g., IoT, radio/TV broadcast devices, facilities controllers, cameras, digital signage

Objectives:

In general, if a product or service fits into the ICT categories above, requires user interaction, and involves collecting, creating, analyzing, converting, transferring, storing or duplicating data or information, then it is covered.

Prior to making an ICT decision, especially one involving a new product or service, it is important to consult with unit management and IT support and Information Technology Services (ITS) to assess the priority, resource implications, potential impact and alternatives, and available tools to meet the need.

All applicable ICT products and services will be reviewed for:

  • Accessibility
  • Information Security
  • Technology Integration and Support, e.g., authentication, data access needs, networking
  • Fit with established CSU and university level initiatives, priorities and strategic direction

ITS will partner with Strategic Business Services on ICT acquisitions for Accessibility and Information Security compliance.

This policy applies to all technology decisions meeting the campus criteria for review, regardless of who initiates the decision/request or the funding source (including no-cost or open source purchases). Any ICT product or service may be subject to review based on substantive changes (e.g., technical, functional, operational) or its potential impact on campus users or the University.

The Vice President / Chief Information Officer is responsible for application and enforcement of this policy.

The Vice President / Chief Information Officer or designee, in consultation with university procurement or other affected parties, is responsible for developing standards, guidelines and practices for implementing the policy.

Back to top

References for CAP 1203.2

  1. Date approved by the President: April 23, 2020
  2. Effective Date: April 23, 2020
  3. Responsible Department/Office(s): Vice President / Chief Information Officer
  4. Revision History:
    Version 1.0 - April 23, 2020
    Version 1.1 - October 1, 2025
  5. Related University Policies, Procedures, Manuals and/or Documents:
    1. Cal Poly - CAP 153.1 - Digital Accessibility Policy
    2. Cal Poly - CAP 210.2 - Academic Affairs - Accessibility of Instructional Materials
    3. Cal Poly - CAP 640 - Disability Resource Center
    4. Cal Poly - Administration & Finance - Technology Purchases
    5. Cal Poly - Accessible Technology Initiative (ATI) SharePoint - Procurement
    6. CSU Accessible Technology Initiative (ATI) - Procurement
    7. CSU Executive Order 1111 - Disability Support and Accommodations Policy
  6. Laws, Regulations and/or Codes of practice referred to herein or related to this policy:
    1. ADA.gov - Laws, Regulations & Standards
      Americans with Disabilities Act of 1990, as amended, (ADA) 42 U.S.C. 12101 et seq.
      Sections 504 and 508 of the Rehabilitation Act of 1973, 29 U.S.C. Section 701 et seq.
    2. Americans with Disabilities Act Title II Regulations
    3. Federal Register - Information and Communication Technology (ICT)
    4. Federal Register - Title II of the Americans with Disabilities Act (ADA)
    5. United States Access Board - ICT Accessibility 508 Standards and 255 Guidelines

Additional Resources