logo

Appropriately Affiliated Members

Those associated with the University through the status of current student, faculty, staff, BGSU retiree, BGSU alumni, active BGSU account holder.

Core Values

The Core Values to which the University adheres include respect for one another, cooperation, intellectual and spiritual growth, creative imaginings, and pride in a job well done.

Executive Steering Committee (ESC)

The BG@100 Executive Steering Committee decides project scope, timelines, priority and has overall responsibility for the success of the BG@100 PeopleSoft project effort.

General Public

Any person not directly affiliated with the Office of the CIO.

Information

Data, in all its forms, collected, maintained, accessed, combined, or modified by and for members of the University community

Information Technology Resource

All aspects associated with management and processing of information. This includes facilities, technologies, and data used for University processing, transfer, storage, and communications. Examples of these resources, include, but are not limited to, computers, networking equipment, telecommunications equipment, electronic mail, electronic information sources, network bandwidth, wireless devices, video communications, IP telephony, University assigned accounts, voice mail, passwords, access controls, storage media, documentation, personal digital assistants.

Network

A configuration of communications equipment and communication links by any wired or wireless means, that enables resources to be geographically separated, while still connected to each other.

PeopleSoft

PeopleSoft is the company that produces the administrative software application that is being implemented by the BG@100 PeopleSoft project for use as administrative systems at BGSU. The software itself is also referred to as PeopleSoft.

Public Computers

Example of public computers include, but not limited to, airport kiosks, library computers, internet cafes etc.

Reconnaissance

An inspection or exploration to gain knowledge of a network's topology, configuration or components.

Safe Computing

Using information technology in a secure manner consistent with its intended purpose. Examples of security measures to be taken, include, but are not limited to, the use of strong passwords that are not easily guessable, are changed regularly and are kept private; the application of all relevant security patches in a timely manner; maintenance of up-to-date virus definitions; backup and protection of important/critical data; security of passwords; protection of data and files.

Security Controls

Any procedure or technology that mitigates the risk of unauthorized users from accessing information technology resources, including, but not limited to, firewalls, encryption, policies, and passwords.

Sensitive University Data

Sensitive University Data includes personal information and proprietary information of the University included but not limited to: Social Security numbers, Driver License numbers, credit card or other financial account numbers, BGSU ID numbers, protected health information, financial data, educational records, intellectual property or research records, donor profiles, or any information that could result in a material risk of identity theft, a violation of the Family Educational Rights and Privacy Act, or otherwise harm the legitimate financial and reputational interests of the University if unauthorized access is permitted, whether intentionally or unintentionally.

Technology

A method or methodology that applies technical knowledge or tools.

Unlicensed Spectrum Space

Unlicensed spectrum includes the FCC unlicensed 2.4 Ghz Industrial/Scientific/Medical (ISM) band and the 5.1 Ghz Unlicensed National Information Infrastructure (UNII) band.

User

A user is any person, either authorized or unauthorized, who utilizes information technology resources from any location.

Virtual Private Network (VPN)

A “tunnel” connection created to allow secure communications over public networks.

Vunerability Scanning

The process of proactively identifying vulnerabilities of computing resources in a network in order to determine if and where a resource can be exploited and/or threatened.  

Policies Related to Data Access and Usage

POLICY STATEMENT AND PURPOSE

Bowling Green State University provides information technology resources to support the academic, administrative, educational, research and service missions of its appropriately affiliated members within the margins of institutional priorities and financial capabilities.  The information technology resources provide for the University, a conduit for free and open forum for the expression of ideas mindful of the University core values.  In order to protect the confidentiality, integrity, and availability of information technology resources for intended purposes, the following policy has been developed.  

POLICY SCOPE

The scope of this policy is to encompass all information technology devices owned by the University, any device obtaining connectivity to the University network, and all University relevant data on these devices.

IMPLEMENTATION OF POLICY

This policy replaces the Information Technology Services Network and Computer Policies and the Acceptable Use Policy for Information Technologies and is authorized by the Office of the Chief Information Officer (CIO) and has been approved by the Information Technology Committee (ITC).  This policy may be supplemented with additional published guidelines by campus units that are authorized to operate/control their own information technology resources provided such guidelines are consistent with and supplemental to this policy and do not alter its intent.

RELATED POLICIES

POLICY

1. All usage of information technology resources is to be consistent with all other relevant policies at BGSU.

2. Users must be aware of and comply with all Federal, State, local, and other applicable laws, contracts, regulations and licenses.


3. Use of information technology to access resources other than those supporting the academic, administrative, educational, research and service missions of the University or for more than limited social purposes is prohibited.

  • Information technology is provided to access resources supporting the academic, administrative, education, research and service missions of the University.  Use of the provided information technology resources is to be mindful of the University core values.  Use of information technology for experimental use or limited social purposes is permitted, as long as it does not violate other policies or interfere with operations of the University.
  • The legitimate use of information technology resources does not extend to whatever is technically possible.  Although some limitations are built into computer operating system and networks, those limitations are not the sole restrictions on what is permissible.  Users must abide by all applicable restrictions, whether or not they are built into the operating system or network and whether or not they can be circumvented by technical means.
  • Network applications and protocols that are not essential to carrying out the mission of the University or to conduct University business are neither specifically permitted nor specifically prohibited.  Should such a subsidiary application or protocol become a risk to the security of the University's information technology infrastructure, its use will be restricted or blocked as deemed appropriate or necessary, without prior notice.


4. All users must only access or attempt to access information technology resources that they are authorized to use and then only in a manner and to the extent authorized.

  • Ability to access information technology resources does not, by itself, imply authorization to do so.  Prior to accessing a resource, users are responsible for ascertaining and properly obtaining necessary authorization.  Accounts, passwords, and other authentication mechanisms, may not, under any circumstances, be shared with, or used by, persons other than those to whom they have been assigned by the University.

5. Attempting to circumvent information technology security systems is prohibited.

  • BGSU employs various technologies and procedures in the interest of protecting the confidentiality, availability, and integrity of information technology.  Some examples of these technologies and procedures, include, but are not limited to, physical methods, firewalls, anti-virus software, encryption, and passwords.  Circumvention or attempted circumvention of a security system creates a threat to the University and is not permitted.

6. Disruption of University authorized activities is prohibited.

  •  All members of the BGSU community share the information technology resources provided by BGSU.  Those causing disruption to the use of information technology resources for other community members will be in violation of this policy.  Some examples include, but are not limited to, configuration of devices that disrupt network services, launching denial of service attacks, and disturbing public access resources.

7. Use of information technology to conduct reconnaissance, vulnerability assessments, or similar activity by unauthorized personnel is prohibited.

  • In an effort to protect the confidentiality, availability, and integrity of information technology resources, BGSU officials will investigate any discovered unauthorized network reconnaissance, vulnerability scanning, or service enumerations.  While it is recognized that there are some valid purposes for this activity, BGSU officials are unable to determine intent and must react in a manner that will best protect information technology resources by assuming that the source of scans are malicious.  Additionally, many vulnerability scanning tools utilize techniques that may be disruptive if not properly used.  Please contact the ITS Information Security Office for authorization to conduct vulnerability or service assessments using BGSU information technology resources.

8. Users are required to protect the confidentiality, integrity, and availability of information technology.

  • This responsibility includes practicing safe computing at all times when deploying or using BGSU information technology resources.  Users are to care for the integrity of technology based information sources they are authorized to access and to ensure that information is shared only with other appropriately authorized users.

9. Anonymous use, impersonation, or use of pseudonyms on an information technology resource to escape accountability is prohibited.

  • Examples of this include, but are not limited to, forging email or using any Internet service not affiliated with the University that can prevent accountability for its usage.

10. The use of any unlicensed spectrum space is prohibited on any BGSU-owned or BGSU-occupied property, unless it is part of the wireless services being deployed by the University.

  • Information Technology Services (ITS) has implemented wireless Local Area Network (LAN) services on the BGSU main campus and the Firelands campus.  While this service allows mobility and easier access to the BGSU network, it means that the air space on campus now serves as a medium for network connectivity.  The use of open air space poses a number of potentially difficult situations for both users and network administrators.  Users that may need to make use of wireless equipment for special purposes such as research or other unique applications must contact the Technology Support Center within ITS to coordinate this use of wireless air space.

RESPONSIBILITIES

University Responsibilities

  • Provide and coordinate information technology resources to allow completion of duties as assigned in support of the academic, administrative, educational, research, and service missions, within the margins of institutional priorities and financial capabilities.
  • Communicate, review, update, and enforce policies to protect information technology resources.
  • Take reasonable measures to mitigate security threats.

User Responsibilities

  • Read, agree to, and abide by all University policies and policy updates.
  • Practice safe computing when using information technology resources.
  • Notify University officials upon discovery that an assigned information technology resource has been accessed, attempted to be accessed, or is vulnerable to access by unauthorized users.
  • Users are responsible for activity resulting from their assigned information technology resources.

SECURITY AND PRIVACY STATEMENT

BGSU respects the privacy of all information technology users.  The University does not routinely monitor the content of material but does reserve the right to access and review all aspects of its information technology infrastructure to investigate performance or system problems, search for harmful programs, or upon reasonable cause, to determine if a user is violating a policy, State or Federal law.  BGSU monitors, keeps, and audits detailed records of information technology usage; traces may be recorded routinely for trouble shooting, performance monitoring, security purposes, auditing, recovery from system failure, etc.; or in response to a complaint, in order to protect the University's and others' equipment, software, and data from unauthorized use or tampering.  Extraordinary record keeping, traces and special techniques may be used in response to technical problems or complaints, or for violation of law, policy or regulations, but only on approval by University administrators specifically authorized to give such approval.  In addition to the privacy of individuals being respected under normal circumstances, the privacy of those involved in a complaint will be respected and the University will limit special record keeping in order doing so, where feasible.  Information will be released in accordance with law.  Users should be aware that while the University implements various security controls to protect information technology resources, protection of data from unauthorized individuals cannot be guaranteed.

ENFORCEMENT AND SANCTIONS

Individuals or entities in violation of the BGSU Information Technology Policy will be referred to the appropriate disciplinary authority for review.  Access privileges may be suspended without prior notice if it is determined that a policy violation is causing a current or imminent threat to the confidentiality, integrity, or availability of information technology resources. 

Applicability: All University Units
Effective Date: July 24, 2008
Responsible Unit:  
ITS
Number:
3341-
Policy Administrator: Office of the CIO
Last Revised:
August 6, 2013

POLICY STATEMENT AND PURPOSE

Information in the form of data is an essential and vital asset of Bowling Green State University (BGSU).  BGSU collects and stores vast amounts of data essential to University business. The purpose of this policy is to ensure that BGSU faculty, staff, and students appropriately protect data from improper use or release.  

POLICY DEFINITIONS

Data

BGSU data includes, but is not limited to, student records, personnel data, research data, BGSU financial data, BGSU or department administrative records, alumni and donor information, library circulation information, and medical information.  Such information may be in existing or archived form, or in physical or digital form.  Data may include facts, files, records, reports, or any information meant only for internal use and /or subject to confidentiality agreements.

Data Owner/Steward

University officials or their designees assigned planning and policy-level responsibility for data within their functional areas, and management responsibility for defined segments of institutional data. Data owners are responsible within their functional areas for assigning and overseeing authorized data users, overseeing the establishment of data policies, determining legal and regulatory requirements for data, and promoting appropriate data use and data quality.

Data Users

Any authorized faculty, staff, or student at BGSU that accesses, modifies, or handles data.

DETAILS

1. All data users must use and protect data in a manner consistent with all relevant policies of BGSU.   

2. All data users must be aware of and comply with all applicable Federal, State, and other applicable laws, contracts, regulations, and licenses.  

3. BGSU data should be given one of the following classifications by the data owner/steward.

a. Public - Data that must be released under Ohio public records laws or where BGSU unconditionally waives an exception to the public records law.

b. Limited Access - Data BGSU may release if it chooses to waive exceptions to the public records law and place conditions or limitations on such release.  Notification of unauthorized access is not required to the victims or other outside entities. e.g. intellectual property, research data, BGSU ID numbers.

c. Restricted - Data release prohibited by federal laws, state laws, and/or contractual obligations.  For data to be defined as restricted, notification of unauthorized access is required to the victims or other outside entities. e.g. Social Security Numbers, personal health information, driver’s license numbers.

4. All data users must understand the classification of the data they are accessing and protect the data appropriately based on the classification. (See Data Resource Summary for assistance with this step).

5. All data users must only access or attempt to access data that they are authorized to use and then use only in a manner and to the extent authorized.

6. Data users may only provide data to other data users authorized to receive such data.

Applicability: All University Units
Effective Date: April 2011
Responsible Unit:  
ITS
Number:
3341-
Policy Administrator: Office of the CIO
Last Revised:
August 6, 2013

POLICY

Account Eligibility

ITS will only issue email accounts to individuals that meet the eligibility requirements. Information Technology Services (ITS) will only issue one personal email account to each eligible individual.

Background

ITS is responsible for issuing official BGSU email accounts. ITS has established eligibility requirements for email accounts to manage and secure the computing environment. By limiting account privileges to people that meet the eligibility requirements, ITS is better able to allocate resources to individuals actively working on University projects. ITS is also better able to identify and locate people that have misused computing facilities.

Details

An individual must have a current affiliation with the University. Affiliations include University employees (faculty and staff), currently enrolled students, retirees, Alumni and guests. Guest account requests are evaluated by ITS on a case-by-case basis.

An individual must acquire a BGSU authentication account prior to requesting other server accounts.

An individual must agree to abide by the policies and responsibilities outlined in the University’s Acceptable Use Policy

Email Addresses

ITS has rules and standards for email usernames and the corresponding email addresses.

Background

Individuals can acquire an email account upon meeting University affiliation requirements. When registering for an email account, the client must choose a username. This username will be used for all server accounts (including email) that the individual requests throughout his or her affiliation with the University.

Different server systems have different username requirements. Due to the broad use of this username, ITS has established rules and standards for usernames to meet the requirements of the various University server systems.

Details

Individuals requesting an email account will choose from a list of available usernames. These usernames will be derived from the client’s first, middle, and last names. The requestor must select a username from the choices provided. ITS will not accommodate requests for special or “vanity” usernames.

Usernames will not be available for selection by new subscribers until the previous owner’s email account has been deleted for at least three months. This is done to help avoid confusion when messages meant for the original owner of the username are sent to the new owner.

If a client leaves the university for an extended period and his or her account is terminated, ITS cannot guarantee that the account username will be available if that client returns to the university at a later date.

Username Changes

ITS will only change a client’s username when a client has legally changed their name. This also changes the client’s username for other server accounts.

Background

As part of the email account acquisition process, a client is required to choose a single unique username from a list of available options derived from their first, middle and last names. This unique username is then used as the account name for every server account provided to the client. To minimize administrative overhead and to assure accurate record keeping, ITS has established strict rules for initiating a username change.

Details

ITS will accept requests for changing a client’s username if the client presents ITS with proof of a legal name change. The client should have their name changed on the Administrative Computer Systems (Human Resources and/or Student Information System) before requesting a username change. ITS will then process the username change and change all server account names assigned to that client.

ITS cannot change an individual’s name on the Administrative Computer Systems. The client must make this request through Registration and Records

Office Accounts

Departments and offices can obtain office email accounts for business correspondence. Multiple individuals within the department can access these accounts to process the incoming mail.

Background

The University provides email as a tool for conducting the business of departments, academic offices, and ultimately the University. Office accounts are intended to streamline the operations of departments and offices by providing accounts for group use. These accounts allow multiple individuals within a department to access and respond to incoming mail. These office accounts also allow the departments to advertise an email address that corresponds to a department or function, rather than an individual. These accounts are intended to minimize the impact of staffing changes and absences and eliminate the need for one person to access another individual’s email account to perform University business.

Details

Offices and Departments can obtain office email accounts by submitting a request to the ITSTechnology Support Center. The requesting office or department will need to choose a name for the account (preferably 8 to 12 characters long) that is not already in use.

Office accounts have the same restrictions and quotas as faculty and staff email accounts and can be accessed through webmail and other POP (Post Office Protocol) and IMAP (Internet Message Access Protocol) mail clients.

ITS has the right to limit the number of office accounts granted to a department or office.

Email Forwarding

The owner of a BGSU email account can have the account forwarded to an email address outside of the BGSU domain.

Background

Clients must register for a BGSU email account to acquire other server accounts. ITS recognizes that many individuals already have email accounts when they join the University community. To simplify management of individual’s email accounts, ITS allows BGSU email accounts to be forwarded to an email address outside the BGSU domain.

Details

ITS will not allow email to be forwarded from an individual’s BGSU email address to another individual’s BGSU email address.

ITS will immediately remove any forward that is suspected of creating an email routing loop or other delivery problems.

Quotas on Attachments

ITS will establish and enforce quotas on email attachment size provided to account holders. When an attachment is over its 25 Meg size, the email will not be delivered.

Email Blocking

ITS reserves the right to block any incoming email messages that might cause email server problems, problems for the email users, or problems for the University’s network.

Background

Email can be used to transport virus-infected files or programs that can disrupt the email servers and the email user community. Email can also be used to broadly deliver information that is inappropriate or a nuisance (unsolicited bulk email, also known as “spam.”) To protect the University community and University resources from such threats, ITS may block specific messages, senders or domains from the University’s domain. These blocks may be set on a temporary or permanent basis depending on the nature of the threat.

Details

ITS may use anti-virus software to automatically block messages that appear to be infected by a virus.

ITS may use “black-hole” lists to protect against known email abusers and sites with open relays. At times, legitimate senders may be blocked if they are sending from a site that has left itself open to abuse because of weak security.

ITS may manually set blocks on specific senders or domains when they are suspected of sending messages that are deemed inappropriate or a threat to our environment.

ITS will set size limits for email messages. The current maximum size for a single message is 10 megabytes. Limiting the size of messages keeps individual accounts from exceeding their quotas and protects the University network from excessive traffic. Email messages that exceed the size limit will be blocked from entering the email server.

Email messages must properly identify the sender. Email messages that are found to not properly identify the sender will be blocked from entering the email server.

Account Access

ITS reserves the right to restrict email server access methods to those appropriate for the intended use of a server. For security reasons, these methods are generally restricted to the lowest level of access needed to perform the intended functions of the server.

Background

ITS is responsible for securing the University’s email environment. ITS evaluates the intended use of a server in conjunction with the security risks introduced by various account access methods to establish the best account access policy. In general, the least access necessary to provide the necessary services will be granted.

Details

Email accounts can only be accessed with email software that follows Post Office Protocol (POP) or Internet Message Access Protocol (IMAP). Clients can use the ITS-provided Webmail interface to access their accounts, which uses the IMAP protocol to access the servers.

Client Responsibilities

Account holders have responsibilities that must be met as part of the privilege of email access. Account holders are expected to live up to these responsibilities or lose their access privileges.

Background

The email server environment is a shared environment. Since the account holders are a diverse group, and since email access is critical to University business, it is essential that each account holder use the servers responsibly.

Details

An account holder is responsible for the use of his or her email account, and may not give anyone else access to that account. Conversely, account holders may not, in any way, try to obtain access any account other than their own.

An account holder is responsible for the security of his or her account password. This includes changing that password on a regular basis and ensuring that no one else knows it. It is also the account holder’s responsibility to remember passwords that they set for their accounts.

An account holder may not deliberately perform acts that will disrupt the normal operation or diminish the performance of the network, servers, or other devices on the University network.

An account holder must abide by the terms of all software licensing agreements and copyright laws.

An account holder must abide by the rules established for the server where the account is housed. The account holder must follow all rules regarding quotas, server access methods, usage restrictions, etc.

An account holder must adhere to the responsibilities and policies dictated in Bowling Green State University's Acceptable Use Policy

Account Termination

BGSU accounts will be administratively disabled and deleted within an established time interval after the account holder is no longer affiliated with the University.

Background

Information Technology Services has responsibility for managing access to the University's centrally controlled servers and services.  Account termination policies have been established in order to enhance the security and reliability of these systems, and to allow for system resource planning and growth to meet the evolving needs of the University community.  By limiting account privileges to users who have an active affiliation with the University, ITS can focus the resources and support toward the proper subscriber group and allow current and prospective students, faculty, and staff to get priority service.

Details

Accounts held by individuals who violate University policies, policies established in the BGSU Information Technology Policy, or any ITS established policies will be immediately eligible to have their accounts administratively locked without prior notice.

Accounts held by student applicants who have failed to enroll and register for the term in which they were accepted for admission will be eligible for deletion the following term.

Accounts held by faculty and staff will be eligible for deletion 90 days after their resignation or termination, however retirees of BGSU are eligible to retain their email accounts indefinitely. Accounts of terminated employees may be administratively locked prior to the 90-day timeframe at the request of University administration or the management of the contracting department, area or unit.  Faculty and staff must make arrangements prior to their departure from the University to publicize a new email address as appropriate.

Accounts granted to non-affiliated individuals (campus ministers, visiting scholars, adjunct (intermittent) faculty, external faculty, consultants, contractors, participants in Continuing Education courses or programs, etc.) will be considered eligible for deletion 24 months after their accounts are created.  Individuals in this category who have a continuing role at the university can contact the Technology Support Center (TSC) when notified of their deletion eligibility to be put into contact with their sponsoring department, area or unit to request an additional 24-month extension of their access.

Accounts are eligible for deletion two weeks after the University has been notified that an account holder is deceased.  Account privacy policies apply to all accounts, even after an account holder's death.

Accounts may be deleted at ITS discretion any time after they become eligible.  A delay in the deletion process does not imply a right of the account holder to extended access to their accounts. Account holders can have their accounts deleted earlier than scheduled by placing a request through the Technology Support Center.

Account Privacy

ITS will honor the account holder’s right to privacy. As necessary for email administration, ITS reserves the right to examine, log, capture, archive, inspect, and preserve any messages stored on the University central servers.

Background

ITS is responsible for managing and supporting the University email servers. This responsibility requires ITS to investigate and analyze server performance and security issues. At times, these efforts require ITS personnel to examine, log, capture, archive, inspect, and preserve messages in client accounts. ITS will honor the account holder’s right to privacy except in cases where there are security violations, policy violations, and/or violations of the law.

Details

Individuals 18 years of age or older are considered to be adults in the State of Ohio and are therefore responsible for their own actions. ITS cannot honor requests from the parents of these individuals to release email account information or terminate email privileges for these individuals.

ITS employees are required to protect the account holder’s right to privacy based on the confidentiality rules in the ITS Code of Ethics. Any violation by ITS employees of this code of ethics is considered grounds for dismissal.

Any email account that is associated with or suspected of being associated with security violations, policy violations, and/or violations of the law may be examined, logged, captured, archived, inspected, or preserved as part of a formal investigation. Any account found to be in violation may be turned over to University officials, law enforcement officials, officials of the court, or other officials engaged in an investigation

Public Records

BGSU employees are responsible for maintaining records of correspondence that relates to University business. This includes electronic mail that may be subject to disclosure under Ohio’s Sunshine Laws. ITS recommends that employees familiarize themselves with these laws and with BGSU’s document retention policies and maintain their records accordingly.

Background

ITS is responsible for managing and supporting the University email servers. This responsibility includes maintaining backups of the email system in case of catastrophic or system failures. These archives are expired on a regular schedule and only include messages that were in a client's account at the time of a backup. Our resources do not allow for a more extensive archive of public record documents of the type required by Ohio laws. Also, since personal correspondence is often mixed with business correspondence in BGSU email accounts, ITS disclosure of contents of email accounts in response to public records requests might also mean disclosing personal correspondence.

Details

BGSU employees are responsible for maintaining records of correspondence that relates to University business. This includes electronic mail that may be subject to disclosure under Ohio’s Sunshine Laws. ITS recommends that employees familiarize themselves with these laws and with BGSU’s document retention policies and maintain their records accordingly.

Applicability: All University Units
Effective Date: November 3, 2000
Responsible Unit:  
ITS
Number:
3341-
Policy Administrator: Office of the CIO
Last Revised:
August 6, 2013

RELATED POLICIES

BGSU Information Technology Policy

POLICY

Email is a mechanism for official communication within Bowling Green State University.  Official university correspondence will be sent to faculty and staff through email and official university email accounts are required for all BGSU faculty, staff, and students.  The addresses are all of the form: username@bgsu.edu.

  • Faculty and staff are required to obtain their university email account at the time of employment/contract.
  • Faculty and staff will anticipate that official university correspondence will come to them through this email account and must access this email account on a regular and timely basis in order to stay current with University related communications.
  • Faculty and staff are expected to use their BGSU email account for all email correspondence related to official university business.
  • All use of email will be completed in a manner consistent with meeting BGSU email policies.

RESPONSIBILITIES

     University Responsibilities

  • Official email communications are intended only to meet the academic and administrative needs of the campus community.  As stewards of the process, Information Technology Services is responsible for directing the use of official email.

    User Responsibilities

  • Faculty and staff who wish to have email redirected from their official BGSU email address to another email address (e.g., @aol.com, @hotmail.com) may do so, but at their own risk.  The University will not be responsible for the handling of email by outside vendors.  Having email redirected does not absolve faculty and staff from the responsibility associated with the official communication sent to the BGSU account.  In order to forward email, please contact the Technology Support Center in 110 Hayes Hall, tsc@bgsu.edu, or by telephone at 419-372-0999.
  • Users should exercise extreme caution in using email to communicate confidential or sensitive matters, and should not assume that email is private and confidential.  Users should be aware that BGSU email correspondence is considered a public record.
  • Faculty and staff have the responsibility to recognize that certain communication will be time critical.  The University expects that such communications will be received and read in a timely fashion.

ENFORCEMENT AND SANCTIONS

Use of BGSU technology resources must be completed in compliance with the  BGSU Information Technology Policy.  Any violations will be referred to the appropriate disciplinary authority for review.

Applicability: All University Units
Effective Date: November 3, 2000
Responsible Unit:  
ITS
Number:
3341-
Policy Administrator: Office of the CIO
Last Revised:
August 6, 2013

POLICY DEFINITIONS

Virtual Private Network (VPN)

A “tunnel” connection created to allow secure communications over public networks.

Information Technology Resources

All aspects associated with management and processing of information.  This includes facilities, technologies, and data used for University processing, transfer, storage, and communications.  Examples of these resources, include, but are not limited to, computers, networking equipment, telecommunications equipment, electronic mail, electronic information sources, network bandwidth, wireless devices, video communications, IP telephony, University assigned accounts,  voice mail, passwords, access controls, storage media, documentation, personal digital assistants.

Public Computers

Any computer that is available to the general population.  Example of public computers includes, but not limited to, airport kiosks, library computers, internet cafes etc.

RELATED POLICIES

BGSU Information Technology Policy

POLICY

In order to maintain the appropriate level of protection for BGSU systems and data as well as provide for external access for authorized users, the BGSU MyVPN has been implemented by Information Technology Services (ITS).  This policy has been created to mitigate any threats and vulnerabilities to BGSU’s information technology resources that are accessed through the BGSU MyVPN.

  • Connection to the BGSU MyVPN is considered an extension of the BGSU Network. Thus usage of the BGSU MyVPN and its connected systems must be consistent with all relevant BGSU Policies.
  • Only authorized users are permitted to use the BGSU MyVPN.
  • All users must obtain access via the BGSU MyVPN Access Request Web Form
  • The BGSU MyVPN must only be used for official University business.
  • Supervisors of MyVPN users must inform ITS whenever a user no longer needs access to the BGSU MyVPN so access can be deactivated.
  • Users may not access the BGSU MyVPN from public computers.

RESPONSIBILITIES

     User Responsibilities

  • Users must logout when they have completed any work through the BGSU MyVPN.
  • Users must report any known or suspected unauthorized usage of their BGSU MyVPN account to ITS immediately.
  • Users are responsible to assure the system they are accessing the BGSU MyVPN is secure. This includes, but is not limited to, ensuring the system is free from all malware (viruses, worms, Trojans, spyware, etc.), firewalls enabled, and security updates applied.

ENFORCEMENT AND SANCTIONS

Individuals or entities in violation of the BGSU MyVPN Policy will be referred to the appropriate disciplinary authority for review.  Access privileges may be suspended without prior notice if it is determined that a policy violation is causing a current or imminent threat to the confidentiality, integrity, or availability of information technology resources.

Applicability: All University Units
Effective Date: May 13, 2008
Responsible Unit:  
ITS
Number:
3341-
Policy Administrator: Office of the CIO
Last Revised:
August 6, 2013

POLICY

The BGSU Business Office will not process requests to pay or reimburse remote access charges from any sources. The only possible exception will be for externally funded grant budgets and then only in cases where the grant guidelines clearly allow such expenses. Remote access charges are also not allowable expenditures for Foundation accounts. This guideline is to prevent the potential for transactions occurring that could jeopardize the tax exempt status of the BGSU Foundation.

Applicability: All University Units
Effective Date: September 1, 2013
Responsible Unit:  
ITS
Number:
3341-
Policy Administrator: Office of the CIO
Last Revised:
August 6, 2013

POLICY DEFINITIONS

Disciplinary Authority 

Entity at BGSU that has ability to enforce sanctions upon a classification of an affiliated member of the BGSU community.  Some examples include: Supervisors and Human Resources for staff members, Department Chair or Provost Office for faculty, Student Affairs for students.

Limited Use (data)

Data BGSU may release if it chooses to waive exceptions to the public records law and place conditions or limitations on such release.  Notification of unauthorized access is    not required to the victims or other outside entities. (Some examples include BGSU intellectual property, BGSU ID numbers, campus security details, internal memorandums, etc.)

Restricted (data)

Data release prohibited by federal laws, state laws, and/or contractual obligations.  For data to be defined as restricted, notification of unauthorized access is required to the victims or other outside entities.  (Some examples include, Social Security Numbers, student records, financial account data, driver’s license numbers, health records, etc.)

Social Networking Media

Internet based technologies that are typically very accessible and scalable allowing users to post content on topics in various forms.  Some forms of social media include, wikis, blogs, podcasts, and forums.  Some specific examples include, but are not limited to, Facebook, Twitter and Wikipedia. 

POLICY

Social Networking Media is a popular and powerful mechanism for timely communications to the entire world about news and events occurring at Bowling Green State University.   It has also become common to integrate classroom instruction and assignments with these technologies.  BGSU recognizes the use of social media by its faculty, staff and students to communicate factual information regarding the University.  However, posting to social networking media on behalf of BGSU must adhere to this policy.  

General

1. All usage of official BGSU social networking media is to be consistent with all relevant policies of BGSU.  This includes, but is not limited to the following policies:

Users should also be aware of any additional policies created by colleges, departments, student organizations, etc.

2. All users of official BGSU social networking media must be aware of and comply with all Federal, State, local, and other applicable laws, contracts, regulations, and licenses.  This includes, but is not limited to the following:

3. The creation of new official BGSU social media presence must be reviewed and approved prior to implementation by the Office of Marketing and Communications.

4. All users of official BGSU social networking media should follow the BGSU Social Networking Guidelines.

5. No BGSU data that is considered limited use or restricted should be posted to social networking media.

ENFORCEMENT AND SANCTIONS

Individuals or entities in violation of the BGSU Social Networking Media Policy will be referred to the appropriate disciplinary authority for review and action. 

Applicability: All University Units
Effective Date: April 2011
Responsible Unit:  
ITS
Number:
3341-
Policy Administrator: Office of the CIO
Last Revised:
August 6, 2013

POLICY STATEMENT AND PURPOSE

Official University email accounts are required for all BGSU students.  The official BGSU email address for all students will be in the form:  username@bgsu.edu.

Undergraduate students receiving email at the official BGSU email address will have these messages automatically forwarded to their Office 365 email box using their username@bgsu.edu address.

POLICY

At the time of admission or initial registration, all students are given a BGSU account.  Students may anticipate that official university correspondence will come to them through this email account and should access this email account on a regular and timely basis.


Additionally, all students should recognize that their BGSU account is currently part of the authentication process used for accessing the MyBGSU portal.  MyBGSU is an essential University tool used for administrative and academic correspondence.  It is expected that students will be required to use this tool to access one or more administrative or academic services at the University, such as grade reports, class registration and class assignments/announcements.

1. University use of email

Email is a mechanism for official communication within Bowling Green State University.  The University expects that such communications will be received and read in a timely fashion.  Official email communications are intended only to meet the academic and administrative needs of the campus community.  As stewards of the process, Information Technology Services is responsible for directing the use of official student email.

2. Assignment of student email

A BGSU Account Registration Web site is available to allow students to set up their BGSU account online.  This page is located at http://www.bgsu.edu/newaccount.

Admitted students will receive an information packet that includes information necessary to create their BGSU account.

Students on the main campus can use the Web service or can register for an email account by bringing their official BGSU ID to the Technology Support Center in 110 Hayes Hall.  Firelands students can register for an account online or by visiting the Main Lab in 231 North and bringing their official BGSU ID.  Accounts must be created before the University can correspond with its students using the official email accounts.

Official email addresses will be directory information unless a student requests otherwise.

3. Expectations about student use of email

Students are expected to check their email on a frequent and consistent basis in order to recognize that certain communications may be time critical.  "I didn't check my email," error in forwarding mail, or email returned to the University with "Mailbox Full" or "User Unknown" are not acceptable excuses for missing official University communications via email.  Additionally, no student should share his or her BGSU password with any other individual.  Such sharing could facilitate violations of federal, state, and/or local laws and therefore is prohibited.

4. Redirecting of email

Students who wish to have email redirected from their official University email address to another email address (e.g., @aol.com, @hotmail.com), may do so, but at their own risk.  The University will not be responsible for the handling of email by outside vendors.  Having email redirected does not absolve students from the responsibilities associated with the official communication sent to their BGSU account.  In order to forward email, please contact the Technology Support Center in 110 Hayes Hall or by telephone at 419-372-0999.

5. Authentication of confidential information

It is a violation of University policies, including the Codes of Student Conduct to impersonate a University officer, faculty/staff member or student.  To minimize this risk of fraud, some confidential information may be made available only through MyBGSU, which is password protected.  In these cases, students will receive email correspondence directing them to MyBGSU, where they can access the confidential information only by authenticating.  The confidential information will not be available in the email message.  Again, because password protection is a key component of MyBGSU security, students should never share their passwords or other identifying information, except as requested by the University.

6. Privacy

Users should exercise extreme caution in using email to communicate confidential or sensitive matters, and should not assume that email is private or confidential.  It is especially important that users are careful to send messages only to the intended recipient(s).  Particular care should be taken when using the "reply" command during email correspondence.

7. Educational uses of email

Faculty will determine how electronic forms of communication (e.g., email) will be used in their classes, and will specify their requirements in the course syllabus.  This "Official Student Email Policy" will ensure that all students will be able to comply with email based course requirements specified by faculty.  Faculty can therefore make the assumption that students' official BGSU accounts are being assessed and faculty can use email for their classes accordingly.

ENFORCEMENT AND SANCTIONS

Use of BGSU technology resources must be completed in compliance with the BGSU Information Technology Policy.  Any violations will be referred to the appropriate disciplinary authority for review.

Applicability: All University Units
Effective Date: September 1, 2013
Responsible Unit:  
ITS
Number:
3341-
Policy Administrator: Office of the CIO
Last Revised:
August 6, 2013

Policies Related to Client Services

POLICY DEFINITIONS

Sensitive University Data

Sensitive University Data includes personal information and proprietary information of the University included but not limited to:  Social Security numbers, Driver License numbers, credit card or other financial account numbers, BGSU ID numbers, protected health information, financial data, educational records, intellectual property or research records, donor profiles, or any information that could result in a material risk of identity theft, a violation of the Family Educational Rights and Privacy Act, or otherwise harm the legitimate financial and reputational interests of the University if unauthorized access is permitted, whether intentionally or unintentionally.

POLICY

Employees of Bowling Green State University whose duties may include the need for cellular services can obtain this service in one of the following manners:

Option

General Description

Cellular Services Stipend:

Personally owned phone managed by the employee with a provided monthly, taxable stipend paid to the employee for business use.

BGSU Owned Phone:

Phone and service owned by BGSU and managed by the department.

Personally Owned Phones:

Faculty and staff who already own a personal cellular phone and use it for business use, however their voice and/or data minutes are low and not vitally critical to their job function.

 

General

The policies under the “General” heading apply to all faculty and staff of BGSU regardless of the method of cellular services.

a)  Management for each department will determine the cellular services options for their staff subject to the approval of the divisional vice president

b)  Employees must not store sensitive University data unencrypted on their phone

c)  Any cellular phone that has been used to access the BGSU email system must wipe the data from the phone in the event the phone is deemed lost, stolen, or the phone is no longer going to be used for University purposes. For assistance on remotely wiping a phone, please contact the ITS Technology Support Center (419.372.0999  -   tsc@bgsu.edu - http://www.bgsu.edu/its/tsc/)

1. Stipend

a) Employees eligible for a cellular services stipend must complete the “Cellular Services Stipend Authorization” form.

b) Stipend allowance, including amount, is subject to the approval of the vice president of each division.

c) Employees must provide their supervisor with the cellular phone number obtained as a result of the stipend.

d) Employees must retain a cellular services contract for as long as the stipend is provided.

e) Employees must notify the University if their cellular services contract is cancelled or expires.

f) Stipends will not be provided for hardware (i.e. employees must purchase their own phones).

g) Employees are responsible for researching and obtaining a cellular services contract that meets the requirements of the stipend allowance.  Employees can purchase services/features beyond the stipend package if they choose to, however, the employee will be responsible for the additional charges.

h) Employees are individually responsible for all contractual obligations agreed to in their cellular services contract.  This includes any termination fees.

i) Employees are responsible for the maintenance of their phone, both hardware and software.

j) Stipend allowances must be reviewed annually for accuracy and relevancy by the employee’s supervisor.


2. BGSU Owned Phone

a) Use of the BGSU owned cellular phones must be done so in a manner consistent with the IRS rules for employee cell phones:  http://www.irs.gov/irb/2011-38_IRB/ar07.html.

b) A BGSU owned cellular phone may be issued only to those who have on-call positions and who, furthermore, have responsibility to protect property, health, and safety of the institution.

c) The employee is required to account for personal calls on the monthly bill.

d) Charges

i. The employee must timely reimburse BGSU for the cost of the personal calls, to include a pro rata share of the monthly charge.

ii. Failure of the employee to timely reimburse BGSU shall result in the personal use of the phone being treated as ordinary taxable income to the employee. This use will be reflected in the employee wage statement and shall be subject to usual income tax withholding.

e) University owned cellular phones must be returned to the college/department upon termination of employment or duties requiring the use of a cellular phone.

f) Colleges/Departments are responsible for maintaining the hardware, software, accounts and services for the BGSU owned cellular phones used by their employees.

g) Colleges/Departments are responsible for assuring that usage of the BGSU owned cellular phones are in compliance with this policy.

h) Colleges/Departments are responsible for monthly review of the employees' BGSU owned cellular phone bills, and any supporting documentation.

i) College/Departments must maintain the usage records and supporting documentation to support the exclusion of the phone use from the employee's wages.

3. Personally Owned Cellular Phones—No Stipend

a) No reimbursement will be provided for business related calls or data access.

 

ENFORCEMENT AND SANCTIONS

Individuals or entities in violation of the Cellular Services Policy will be referred to the appropriate disciplinary authority for review.

Applicability: All University Units
Effective Date: September 1, 2013
Responsible Unit:  
ITS
Number:
3341-
Policy Administrator: Office of the CIO
Last Revised:
August 6, 2013

POLICY

Information Technology Services (ITS) at Bowling Green State University provides computer lab facilities to support the academic, research and instructional activities of the University.  The resources provided are intended for the sole use of University faculty, staff, students, and authorized users.

  • Authorized users should be prepared to validate their University affiliation by showing a valid BGSU ID if asked to do so at any time.
  • Food and drink are prohibited in ITS computer labs.
  • Report any hardware, software, or network problems as directed within the labs.  Do not attempt to fix these items yourself.
  • Only ITS lab consultants are to occupy the area behind the operations desk.
  • The telephone at the lab consultant’s desk is provided for business use only.  There is a public accessible phone provided within each building for general use.
  • Computer labs are intended for instructional and official use.  Commercial or business use of lab equipment is prohibited.  Academic use takes precedence over recreational use; students using computers for recreational purposes will be asked to relinquish their machines if students are waiting to do class work.
  • Noise levels must be minimized to allow clients to complete their work.  Please keep talking and general noise to a reasonable level to allow others to concentrate.  All ringers and alarms on such devices should be turned off or set to vibrate.  Headphones are available at the desk for checkout with proper ID for clients who need to use software with audio.
  • All lab clients are expected to understand and comply with the provisions of the United States copyright laws as they apply to computer software and corresponding documentation.
  • The creation or use of illegal copies of software on lab equipment is prohibited.
  • All labs are considered public forums.  Materials viewed online which could be considered objectionable, offensive, or otherwise inappropriate to others in the lab are prohibited.

REPONSIBILITIES

    User Responsibilities

  • Alert the lab consultant to any printer needing attention – i.e. for restocking of paper/clearing of paper jam.
  • Take responsibility for saving your work often!  Be sure to label your media with name and phone number.
  • Lab staff is allowed to consume food in the operations area of this lab. They are asked to do so discreetly and away from lab equipment.
  • Lab consultants are trained in general use and troubleshooting of basic application packages.  Consultants may not be able to answer all questions regarding specific software.
Applicability: All University Units
Effective Date: February 1, 2008
Responsible Unit:  
ITS
Number:
3341-
Policy Administrator: Office of the CIO
Last Revised:
August 6, 2013

POLICY

Instructors (faculty, staff and graduate students teaching university classes) may use Information Technology Services (ITS) computer facilities for internal academic and administrative functions at no charge. These include such activities as official university classes, seminars, staff-training sessions and university users groups. Programs arranged by Continuing & Extended Education that offer university credit are considered classes and are included in this category.

All other groups using ITS computer facilities will be charged a rental fee according to the schedule below:

  • External for profit groups will pay an hourly rate of $50 for up to 20 systems and an additional $2.50 per each system over 20.
  • Non-profit organizations will pay 75% of the external rate. (University departments sponsoring a conference and charging outside fees will pay at the non-profit rate.)

If groups renting computer facilities need the assistance of Information Technology Services staff, they will be charged at the rate of $10.00 per hour for student time. If contract or classified staff are needed, the rates are negotiable. If the facility is rented at a time that it is normally closed, there may be a charge for unlocking and relocking.

Those wishing to rent an ITS facility/area should contact Ginny Pinkelman via email at ginnyg@bgsu.edu or by phone at 419-372-2006. At least five days prior notice is required. Request for rental of a facility may be denied during peak usage.

Applicability: All University Units
Effective Date: November 1, 2007
Responsible Unit:  
ITS
Number:
3341-
Policy Administrator: Office of the CIO
Last Revised:
August 6, 2013

POLICY

Fraudulent Use

It is unlawful to obtain or attempt to obtain telecommunication services by use of a false, fictitious or counterfeit number. It is unlawful to charge telephone calls to the telephone number or credit number of another person without valid authority. Avoiding or attempting to avoid payment for telecommunication services by use of any fraudulent scheme, device, means or method is prohibited by law and by University regulations. Criminal prosecution and/or University disciplinary action may be taken

Harassing Calls

The use of profane, indecent or threatening language to any person over the telephone, annoying or harassing by repeated telephoning, or making certain false statements over the telephone is prohibited by law. A false report concerning destructive devices is unlawful. Criminal prosecution and/or University disciplinary action may be taken.

Telephone Attachments

Departments and students may attach answering machines and fax machines to the BGSU telephone system if they meet the following requirements:

  • All such equipment must be FCC registered.
  • The owner must advise Information Technology Services of the registration number if Information Technology Services requests it.
  • It is the owner's responsibility to determine if the equipment is compatible.

Other equipment may be added with, and only with, the prior written approval of the Director of Information Technology Services. If difficulties in such equipment, or in use of such equipment, result in a service call, the student/department will be responsible for reimbursing Information Technology Services for the service call at the current rate. Therefore, when there is trouble with such a device, we suggest that the owners disconnect their equipment before placing a service call and try their line with a standard University phone to see if the problem is with the telephone services or with the equipment.

The University will not be responsible for damage done to private equipment attached to its telephone system. If said equipment is found to be "incompatible" or causes problems, the student/department will be asked to remove the device. If not removed by the student/department, Information Technology Services has the right to take action to remove immediately the problem device.

This policy constitutes prior approval as required by the Student Code if the equipment connected complies with the policy.

Applicability: All University Units
Effective Date: May 23, 2000
Responsible Unit:  
ITS
Number:
3341-
Policy Administrator: Office of the CIO
Last Revised:
August 6, 2013

Policies Related to Application Support

POLICY STATEMENT AND PURPOSE

Bowling Green State University (BGSU) Information Technology Services (ITS) within the Office of the CIO will establish and follow detailed processes to activate and deactivate PeopleSoft application accounts and to grant access privileges.

POLICY

Standards:

  • The computer and communication system privileges of all users, systems, and programs must be restricted based on the principle of least privilege.  A user, system, or program should have access only to the resources that are necessary to perform daily tasks.
  • Key system resources and utilities, as well as privileged user IDs must be strictly limited to those individuals who must have such privileges for authorized business purposes.
    • For example:  only security administrators will have a privileged user ID that allows them to change user access.
  •  Access roles must be created in such a way as to enforce segregation of duties.
    • For example:  A role cannot be created that allows someone to approve the creation of an account and actually create the account as well.
  • All user accounts and roles will be administered by ITS Security Personnel.  Access to user accounts and roles will only be granted through the documented approval process.
    • See HCM Security Flowchart and Narrative and FMS Security Flowchart and Narrative documents.
  • Exceptions to this policy must be approved by:
    • Chief Information Officer

Guidelines:

  • ITS will make a reasonable effort to ensure that deployed solutions support the following password rules:
    • Passwords must be 6 to 8 characters in length.
    • Passwords must begin with an alphabetic character.
    • Passwords must contain at least one lowercase letter.
    • Passwords must contain at least one uppercase (capital) letter.
    • Passwords must contain at least one of the following characters:
      • ! (exclamation point)
      • . (period)
      • , (comma)
      • $ (dollar sign)
      • % (percent sign)
      • ? (question mark)
      • * (asterisk)
      •  # (pound sign)
      • < ("less than" sign)
      • > ("greater than" sign)
      • ( (left parenthesis)
      • ) (right parenthesis)
    • Passwords must not contain any of the following characters:
      •  ; (semicolon)
      •  : (colon)
      •  ' (quote)
      •  " (double quote)
      •  - (dash)
      •  / (slash)
      •  \ (backslash)
      •  @ ("at" sign)
    •  Accounts should be locked out after 3 unsuccessful login attempts.  The account should stay locked out until it is reset by an ITS Security Analyst.  Users should be automatically logged off after 60 minutes of inactivity. 
Applicability: All University Units
Effective Date: December 14, 2007
Responsible Unit:  
ITS
Number:
3341-
Policy Administrator: Office of the CIO
Last Revised:
August 6, 2013

INTRODUCTION:

With the implementation of PeopleSoft Enterprise systems, functional areas took on the responsibility of scheduling their own processes within the systems.  Each process must be run under a specific user account.  On occasion, the person associated with a scheduled process either leaves the University without transferring or cancelling those scheduled processes, or the person may be on leave for an extended period of time, either expectedly or unexpectedly.  On such occasions, issues with scheduled processes cannot be easily addressed by others in that functional area or within the technical support area.  This policy governs the creation and administration of departmental scheduling accounts within the PeopleSoft Enterprise systems at BGSU that will enable a process whereby those scheduling responsibilities can be transferred to others without or with minimal disruption in service.

POLICY:

Department scheduling accounts for FMS and HCM/CSS are permitted only when they can be tied to an individual.  That individual is responsible for protecting and maintaining the password associated with that account, and for using the account in accordance with the BGSU Information Technology Policy.  No password sharing is permitted for any reason.  When an account holder leaves the University, for any reason, the account holder's supervisor may authorize a transfer of that scheduling account to another staff member immediately or to an appointed person in Information Technology Services (ITS) until a permanent staff member is identified.  The account password must be changed and the associated BGSU Id number transferred to the new account holder.  If the original account holder returns to campus, the supervisor can then authorize a reversal of the process to assign the account back to the original account holder.  In any case of an account transfer for any reason, a new password will be created for the account.

RELATED DOCUMENTATION:

BGSU ITS Procedures Associated with Departmental Scheduling Accounts (found below).

Applicability: All University Units
Responsible Unit:  
ITS
Number:
IT-xx-xx
Policy Administrator: Office of the CIO
Last Revised:
February 18, 2013

PROCEDURE OVERVIEW / GENERAL DESCRIPTION

This document outlines the procedures for obtaining, transferring and decommissioning a departmental scheduling account.  Departmental scheduling accounts are governed by the Departmental Scheduling Account Policy, which explains when it is appropriate to request such an account and how the account must be handled when it is being transferred from one individual in a campus department to another.

Associated Policy:  BGSU ITS Departmental Scheduling Account Policy

AREAS OF RESPONSIBILITY

Departmental Scheduling Account Owner: Will request a departmental scheduling account for scheduling processes within CSS or FMS.  This account will be separate from the individual’s personal account and will be used for scheduling and managing output from a scheduled process.  If the account owner is going to be out of the office for an extended period of time, it is the account owner and his/her supervisor’s responsibility to transfer the account ownership to another employee within the account owner’s department.  The account owner must never share the password associated with the account with anyone else in or outside of his/her office.  If the account owner leaves the department or University under good terms, he/she should transfer the account to another individual in the office who can then take over the processes associated with the account without disruption in the scheduling of those processes.

ITS Security Team: Will set up departmental scheduling accounts in CSS and FMS and manage passwords associated with those accounts.  Will reassign BGSU emplids associated with the accounts as requested and approved by departmental supervisors and/or ITS management.

ITS Application Area: In the event that a departmental scheduling account owner leaves unexpectedly, an appointed person in the ITS area may need to temporarily be assigned the departmental scheduling account access until the account can be transferred to another account holder or the account can be decommissioned and all processes running under that account can be terminated.

PROCEDURE DETAILS

Obtaining a Departmental Scheduling Account

To obtain a departmental scheduling account, complete the appropriate Security Request Form for the area involved.  The request should include:  

  • Name, title, BGSU username and BGSU Id, phone number of person who will own the departmental scheduling account
  • Department name
  • Role/Roles that need to be assigned to this account
  • Indicate within the “Special Instructions/Notes” that this is a departmental scheduling account
  • The signature and email address of the applicant and the applicant’s supervisor

As indicated on the form, submit the completed form to the Technology Support Center in 110 Hayes Hall.

Transferring a Departmental Scheduling Account

To transfer ownership of a departmental scheduling account from one staff member to another, complete the appropriate Security Request Form for the area involved.  The request should include:   

  • Name, title, BGSU username and BGSU Id, phone number of the person to whom the account is being transferred
  • Department name (of transferee)
  • Within the Special Instructions/Notes, indicate that this is request to transfer the following departmental scheduling account:  
    • Name of the departmental scheduling account being transferred
    • Name and BGSU Id of person who currently owns the account
    • Name and phone number of department contact person
    •  Date when account transfer is needed
  • Signature and email address of the new account owner
  • Signature and email address of supervisor authorizing the transfer of this account

Decommissioning a Department Scheduling Account

To inactivate or remove a departmental scheduling account, complete the appropriate Security Request Form for the area involved.  The request should include:  

  • Name, Title, BGSU username and BGSU Id, phone number of Person Who Owns the Departmental Scheduling Account
  • Department Name
  • Within the Special Instructions/Notes, indicate that this is request to remove the following Departmental Scheduling Account:  
    • Name of the Departmental Scheduling Account Being Removed
    • Name and Phone Number of Department Contact Person
    • Date when Account Should be Removed
  • Signature and email Address of the Supervisor Authorizing/Requesting the Removal of this Account

Before removing or inactivating the account, the security administrator will contact the appropriate lead or manager in the applications area to verify that there are no active scheduled processes associated with account.  If there are active processes, the lead or manager will need to work the department contact or supervisor to make sure that those processes are cancelled or that they are handled appropriately.  The applications area will need to make sure that no process is abandoned without an owner before the account is inactivated (or locked).

Applicability: All University Units
Responsible Unit:  
ITS
Number:
IT-xx-xx
Policy Administrator: Office of the CIO
Last Revised:
February 18, 2013

Related Links