2.6 | Technology Use, Technology Replacement, Data Security and Integrity

2.6.1 | Technology Use

As an employer and owner of the computer system, Sampoerna University has the authority to restrict the electronic communication technology use of its employees and students in their capacity as employees and students. For the following purposes, the University may monitor access to equipment, networking structures, and electronic communication systems:

1. to ensure the systems’ and networks’ security and operational performance.
2. to conduct performance evaluations of employees.
3. to ensure compliance with University policies.

Electronic communication includes, but is not limited to, email, internet services, web pages and computer use.

2.6.1.1  | User Privacy

Users should not expect privacy when entering, creating, transmitting, receiving, or storing information using the university’s information technology resources. All information/data entered, produced, distributed, received, or stored via the university’s information technology resources may be monitored, checked, searched, and/or disclosed without prior notice by persons assigned by the university or as required by law or as necessary to guarantee that our information technology resources are administered and operated effectively and adequately. Any request to the information technology resource usage logs, which are not part of the day-to-day information technology resources administration and monitoring, must be approved by the President of Sampoerna University.

2.6.1.2  | Acceptable Uses

Information technology resources are primarily designated to support teaching and learning, research and community services, or the university’s administrative purposes. Use of information technology resources for reasonable personal stuff is permitted as long as it does not unnecessarily burden the university, disrupt network operations, or break this or other university rules.

2.6.1.3  | Unacceptable Use

The activities listed below include, but are not limited to, activities that are expressly prohibited by this Policy:

1. Use someone else’s account or data without their consent (for example, using an account that was discovered “logged in” on a shared or public computer).
2. Share a password with others.
3. Attempt to access any information technology resource for which the user does not have the appropriate permission.
4. Give others access to technology resources to which they are not entitled.
5. Utilize information technology resources as a staging area for hacking (breaking into) other systems.
6. Download, distribute, or hold any copyrighted or patent-protected content, data, software, or information.
7. Transmit, retrieve, or display any pornographic content using the campus network or computing resources.
8. Distribute threatening messages or other materials with the intent of harassing, defaming, intimidating, or threatening someone.
9. Send email chain letters or bulk mailings for non-university-related purposes.
10. Propagate deliberately any viruses, worms, trojan horses, or other malicious program code.
11. Deploy privately owned devices, such as routers, hubs, switches, wireless access points, servers, or server services, in the university’s network or anyplace on campus, unless permitted by the Information Technology department.

2.6.1.4  | Responsibilities

University has the authority and responsibility to manage and audit the use of information technology resources and network traffic. The university is responsible for managing and possibly restricting such use as needed to ensure acceptable use as described in this Policy. Users are encouraged to exercise care and take precautionary measures to help safeguard the reliability and security of information technology resources. Users of the university’s information technology resources are solely responsible for their use of these resources and for the information they intentionally or unintentionally transmit, receive, or save.

2.6.1.5  | Sanction

Individuals who violate the technology use policy may face disciplinary actions as defined in the University Policy. Inappropriate use may cause users to lose access to information technology resources directly.

2.6.2 | Technology Replacement

Information Technology Department is in charge of purchasing, maintaining, replacing, and upgrading the majority of the standard computer and computer-related technology equipment used on campus for faculty, staff, and general student facilities such as classrooms and computer labs. The standard refers to computer hardware and software used by most faculty/staff members and the general lab computer. Each department may be responsible for purchasing and maintaining any additional or nonstandard computer and computer-related technology, hardware, and software required by their department or its staff/faculty/students. Information Technology Department may make some recommendations and/or provide technical assistance to the department carrying out the purchasing or maintenance activity. Faculty and staff are encouraged to communicate with the Information Technology Department about their hardware and software requirements, including any purchases under consideration as part of the technology procurement process. This collaboration will ensure that all purchases fulfil faculty and staff’s needs and university standards.

2.6.2.1  | Hardware / Equipment Replacement

• Faculty and Staff:The Information Technology (IT) department keeps a list of computers that all faculty and staff use to support their function in the university. The IT department may consider replacing computers every 4 to 5 years depending on resource availability. Computer standard configurations are designed to fulfil the computing needs of the vast majority of users. Every year, the IT department determines which computers need to be upgraded or replaced, beginning with the oldest. Computers that have problems or are in bad condition, such as having weak performance, will be replaced or repaired as soon as possible. In case a computer or technology device handed back by a faculty or staff member can be utilized elsewhere on campus. It will be reallocated to another user or used to accommodate other university needs such as supporting events, supporting research activities, etc. Hardware failures or specific software requirements may necessitate an upgrade or replacement of a faculty/staff member’s computer prior to the end of its life cycle.
• Computer Lab and Library:On an estimated 5-year period, computers in the laboratories and the library will be upgraded or replaced. If the equipment is still functional and of sufficient quality, it will be reallocated to other places for use, such as departmental labs, research labs, or other areas where equipment is needed.
• Other Computer Related Technology / Devices: Other equipment such as projector, server, storage, network device, printing device, etc., will be replaced according to its life cycle or 4-5 years cycle. Earlier replacement or upgrade might be done if the device is broken or runs into a problem.

2.6.2.2  | Software Replacement / Update

Three primary software or applications are utilized in the university: operating system, office standard, and academic (discipline-specific). The IT department will cover the expense of renewing or maintaining most software and applications, such as the operating system and office standard software. The respective department should buy (purchase, subscribe, and upgrade) other software/ applications that the IT department does not provide using its budget. Prior to making any purchasing or subscription decisions, it is strongly advised that each department communicates with the IT department for application recommendations, pricing models, and other relevant information.

• Faculty and Staff:The Information Technology (IT) department keeps a list of computers that all faculty and staff use to support their function in the university. The IT department may consider replacing computers every 4 to 5 years depending on resource availability. Computer standard configurations are designed to fulfil the computing needs of the vast majority of users. Every year, the IT department determines which computers need to be upgraded or replaced, beginning with the oldest. Computers that have problems or are in bad condition, such as having weak performance, will be replaced or repaired as soon as possible. In case a computer or technology device handed back by a faculty or staff member can be utilized elsewhere on campus. It will be reallocated to another user or used to accommodate other university needs such as supporting events, supporting research activities, etc. Hardware failures or specific software requirements may necessitate an upgrade or replacement of a faculty/staff member’s computer prior to the end of its life cycle.
• Computer Lab and Library:On an estimated 5-year period, computers in the laboratories and the library will be upgraded or replaced. If the equipment is still functional and of sufficient quality, it will be reallocated to other places for use, such as departmental labs, research labs, or other areas where equipment is needed.
• Other Computer Related Technology / Devices: Other equipment such as projector, server, storage, network device, printing device, etc., will be replaced according to its life cycle or 4-5 years cycle. Earlier replacement or upgrade might be done if the device is broken or runs into a problem.

2.6.2.3  | Responsibilities

If a faculty/staff’s laptop or computer is damaged due to human error, the faculty/staff person may be responsible for the expense of repairing it. The damage of a faculty/staff’s and student’s personal items and devices is not the university’s responsibility. The risk of losing or damaging personal items is entirely on individual responsibilities.

2.6.3 | Data Security and Integrity

The policies, procedures, and practices of an organization’s data management are developed to secure three critical characteristics of data, i.e., integrity, security, and access.

1. Integrity: Accuracy, consistency, and timeliness are data integrity characteristics. Institutional datais a resource that can be accessed and relied upon by a wide range of users. Data integrity starts with the individual or organization that creates the data and continues with those who access and utilize it in the future.
2. Security:Data security entails more than just electronic security. While technology can provide some aspects of security, security also requires trust. As an essential and business-critical institutional asset, data must be protected at all levels against harm, loss, and security leaks, and everyone who uses it bears this responsibility.
3. Access:Internally, access to institutional data is allowed when a valid business or research need is established; externally, access to institutional data is granted when disclosing such data does not break the organization’s stewardship duties, privacy regulations, or legal agreements. Institutional data have genuine uses for research and decision-making within an organization.

2.6.3.1  | Data Governance Principles

Sampoerna University’s approach to data governance is based on the following concepts:

• Data is an asset: Institutional datais a significant asset that is managed appropriately to assist, among other things, timely and informed decision-making. It does not belong to any particular individual, entity, department, or system within the university. Individuals in designated responsibilities manage institutional data repositories and usage following stewardship principles that support the institution’s aims and objectives.
• Data must be defined: Institutional data should be established consistently across the university, using similar terminology and set of definitions, and these definitions must be readily accessible and understandable. A shared terminology facilitates communications and enhances interaction among people and the system.
• Data must have integrity: Clear and specific standards should be created and enforced to maintain data integrity.
• Data must be adequately safeguarded: Institutional Data should be protected against intentional, accidental, or illegal modification or destruction and from improper publication or use in compliance with institutional policies and applicable regulations.
• Data must be easily accessible to all parties involved: Data must be distributed across institutional functions and organizations, and authorized persons must have access to complete their responsibilities to get the most out of institutional data.
• Access to institutional data, including confidential and sensitive data, is granted depending on the user’s function and intended use. Authorization and access are provided, documented, reviewed, changed, and terminated in compliance with the University policies and applicable regulations. Appropriate data access can increase decision-making efficiency and effectiveness and deal with information requests and service delivery in a reasonable time frame.

2.6.3.2  | Data Stewardship Responsibilities

The value of institutional data as a resource for the university is based on its use. It loses value if it is misused, damaged, changed, misunderstood, improperly shared, or users who need the information cannot access it. The university must ensure that the institutional data are valuable and become the institutional resource to achieve its goals.

All university community members are responsible for using Institutional Data appropriately to support the university’s objectives. Institutional Data users may access and use the data only to align with the university’s values and objectives, and ethical principles. Users of Institutional Data are obliged to protect and keep the confidentiality of Institutional Data by not publicizing data to everyone else other than as needed by their job duties and under the University policies, and not utilizing it for personal or commercial gain, or self-enrichment, whether their own or another’s.

2.6.3.3  | Data Privacy

The university emphasizes privacy and understands its importance in an academic atmosphere. The university expresses its commitment to adhering to the University Policy on Privacy and all applicable privacy laws and regulations. Accessing confidential information that is not immediately required for work performance or function is restricted, even if done with good intentions and if the information is not further exposed.

Sampoerna University’s faculty, staff, students, visitors, and all other individuals who use or have access to institutional data are obliged to uphold their legal, contractual, and University policy obligations to protect personal information against improper dissemination and use. Users of institutional data are responsible for adhering to the terms of this and related policies regardless of whether the device, machine, equipment, or system they use is controlled by Sampoerna University, the user, or a third party. All members of the SU community who work with or use institutional data in any capacity are required to adhere to any applicable laws and regulations and all applicable University policies, practices, guidelines, and standards.

2.6.3.4  | Sanctions

Individuals who break University policies may be denied access to Institutional Data and Systems and may face other consequences and disciplinary procedures, both within and outside the university, depending on the circumstances and management’s sole discretion. The university has the authority to report suspected violations of applicable law to law enforcement entities that are appropriate for the situation.