MUSC Acceptable Use Policy (2024)

Welcome to the MUSC Identity Management System!

IMPORTANT: This agreement applies to all individuals who receive access to any of MUSC'scomputing, electronic, network or print resources regardless of your affiliation with MUSC (employee,faculty, student, contractor, vendor, etc.).

A. Standards:

a. Applicability

This policy applies to all members using MUSC computing, telecommunications andwireless resources, including but not limited to computers, computer systems andnetworks, medical devices, smart phones, portable digital assistants (PDA's),telephones, pagers, cellular phones and two-way radios, whether property of MUSCor not, and to all uses of those resources, whether on campus or from remotelocations.These resources are hereinafter referred to as "computing and telecommunicationsresources."Additional guidelines may be established by MUSC to apply to specific computers,computer systems, networks or applications. b. Requirements:
Legal:
An individual using MUSC computing and telecommunications resources shall comply with all federal, South Carolina, and other applicable laws; all generally applicable MUSC rules and policies; and all applicable contracts and licenses. Examples of such laws, rules, policies, contracts, and licenses include, but are not limited to, the laws of libel, privacy, copyright, trademark, and child p*rnography; the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act, which prohibit "hacking", "cracking", and similar activities; Federal Communication Commission regulations; the MUSC Code of Conduct; the MUSC Anti-Harassment policy; and all applicable software licenses. Users who engage in communications with persons in other states or countries or on other systems or networks should be aware that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. Users are responsible for ascertaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses.

A member using MUSC computing and telecommunications resources shall use onlythose resources that they are authorized to use and use them only in the manner andto the extent authorized. Ability to access computing resources does not, by itself,imply authorization to do so.Users are responsible for ascertaining what authorizations are necessary and forobtaining them before accessing any computing resources. Accounts and passwordsmay not, under any circ*mstances, be shared with, or used by, persons other thanthose to whom they have been assigned by MUSC.A user of computing and telecommunications resources shall respect the privacy ofother users and their accounts, regardless of whether those accounts are securelyprotected. The ability to access other persons' accounts does not, by itself, implyauthorization to do so.

Reasonable:
A user of MUSC computing and telecommunications resources shall respect the finitecapacity of those resources (including, for example, bandwidth, disk space and CPUtime) and limit use so as not to consume an unreasonable amount of those resourcesor to interfere unreasonably with the activity of other users.

See Also

MUSC NetID - Change Password

Email Communications:
Each member is provided with a MUSC email address. This address is consideredtheir official MUSC email account and all MUSC business conducted via email mustuse the MUSC email account and email system.Confidential or sensitive information should not be sent through e-mail or exposedto public networks such as the Internet unless adequately secured againstunauthorized access and encrypted in transit. Email sent from one musc.edu emailaddress to another musc.edu email address using the MUSC email system isconsidered secure and no additional steps are needed to encrypt the message.

Personal Use:
Personal use of MUSC computing and network resources is restricted by State law.Section 8-13-700(A) of the South Carolina Ethics Code reads as follows:“No public official, public member, or public employee may knowingly use his officialoffice, membership or employment to obtain an economic interest for himself, amember of his immediate family, an individual with whom he is associated, or abusiness with which he is associated. This prohibition does not extend to theincidental use of public materials, personnel, or equipment, subject to or available fora public official's, public member's, or public employee's use which does not result inadditional public expense.”

Examples of inappropriate personal use include, but are not limited to:

(1) Interferes with the performance of the user’s job or other MUSCresponsibilities;
(2) Accessing p*rnographic web sites;
(3) Unreasonably consumes MUSC resources; or
(4) Is out of compliance with other MUSC policies.

Additional restrictions on personal use may be imposed in accordance with normalmanagement or departmental responsibilities.

Representing MUSC:
Internal: Misrepresenting or willfully concealing your identity at any point on theMUSC network is prohibited.

External: A user of computing and telecommunications resources shall not state orimply that they speak on behalf of MUSC or use MUSC trademarks and logos withoutauthorization to do so. Affiliation with MUSC does not, by itself, imply authorizationto speak on behalf of MUSC.

Academic Freedom:
Freedom to teach and freedom to learn are inseparable facets of academic freedom.The freedom to learn depends upon appropriate opportunities and conditions notonly in the classroom, but on the campus as a whole. The responsibility to secure andto respect general conditions conducive to the freedom to learn is shared by allmembers of the academic community -- faculty, staff, and students. System andnetwork administrators are expected to respect the University's academic freedompolicies.

Security:
All MUSC members share in the responsibility for protecting MUSC's informationsystems against threats to availability, integrity and confidentiality. The owners,administrators, and users of all MUSC systems are required to understand and meettheir assigned security responsibilities, as defined in this policy, and all otherapplicable MUSC policies.All members should be familiar with MUSC information security practices, safeguardtheir system credentials, employ the appropriate physical safeguards to protectinformation assets, and protect the confidentiality of electronic protected healthinformation.B. Expectation of Privacy

MUSC computing and telecommunications resources are not private.For example, communications made by means of these resources are subject to SouthCarolina Public Records Law to the same extent as they would be if made on paper. Thenormal operation and maintenance of MUSC’s computing and telecommunications resourcesrequire the backup and caching of data and communications, the logging of activity, themonitoring of general usage patterns, and other such activities that are necessary for therendition of service.

a. Reason to Access Activity

(1) It reasonably appears necessary to do so to protect the integrity,confidentiality, availability, or functioning of MUSC generally or computingand telecommunications resources in particular, or to protect MUSC fromliability;
(2) There is reasonable cause to believe that the user has violated, or isviolating, MUSC policy;
(3) An account appears to be engaged in unusual or unusually excessiveactivity, as indicated by the monitoring of general activity and usage patterns;
(4) The user has voluntarily made them accessible to the public, as by postingto Usenet or a web page;
(5) It is necessary for MUSC work and business-related reasons (e.g. a personis on vacation or sick leave and access to some files is needed to furtherinstitution business); or
(6) It is otherwise required by law.

b. Monitoring as a Job Service Requirement
MUSC may also authorize access and monitoring of an employee's or agent's actualcommunications over its computing and telecommunications resources wherecustomer service is a primary responsibility of an employee's job duties. Suchmonitoring must be authorized by Human Resources and employees in positionssubject to monitoring shall be notified of such activity.

c. Access monitoring oversight
Any access or individual monitoring, specified in B(a)(5) or for any other reason notlisted in B(a) or B(b)., must be authorized in advance by three of the followingindividuals: Human Resources Director or designee, Legal Counsel, Chief InformationOfficer, and Chief Information Security Officer, or a majority thereof. The head of theunit which employs the individual will be notified of such access when appropriate.MUSC, at its discretion but subject to any applicable laws, may disclose the results ofany access or monitoring, including the contents and records of individualcommunications, to MUSC personnel or law enforcement agencies and may usethose results in appropriate MUSC disciplinary proceedings and/or legal proceedings.

C. Enforcement

Violations of the MUSC Acceptable Use of Computing and Telecommunications ResourcesPolicy by faculty, students, and staff are treated as violations of applicable MUSC policiesViolations of public law which involve MUSC computer and communication systems may besubject to prosecution by local, state or federal authorities.MUSC faculty, students, or staff who knowingly violate copyright and/or license terms (forexample, by making or using an unauthorized copy of a copyrighted or licensed softwareproduct) may be personally liable for their actions.