Information Technology (IT) Infrastructure

I. Scope
This policy applies to any person or any device that connects to the LSUHSC-S IT infrastructure and is meant to augment, but not replace, any existing policy, laws, or regulations that currently refer to computing and networking services.

Any policy at a division or department level of the organization should build upon the foundation of this policy, and may be more restrictive than this policy, but should not be less restrictive.

All IT infrastructure strategic decisions shall be in concert with the appropriate leadership in the affected areas.

LSUHSC-S Operational Computer Services provides management and operation of the IT infrastructure in partnership and cooperation with the major divisions of LSUHSC-S. All IT infrastructure designs must be coordinated and approved by the Assistant Dean for Information Technology. All new network cable plants must adhere to the cabling and wiring standards, and must be installed by the Telecommunications Section of Auxiliary Enterprises.

The owner of an LSUHSC-S user ID shall be held accountable for any violations associated with that ID, regardless of the ownership or the location of the equipment where the violation may have occurred.

II. Purpose
The LSU Health Sciences Center Shreveport (LSUHSC-S) information technology (IT) infrastructure supports mission-critical and business-critical services for patient care, education, public service, research, and administration.

Staff, researchers, clinicians, students, and faculty depend on the LSUHSC-S IT infrastructure for the electronic classroom, telemedicine, healthcare, clinical and administrative database applications, high-speed data and image exchange, and collaborative initiatives with both internal and external entities.

The purpose of this document is to institute an enforceable policy to protect the performance, integrity, security, reliability, and continuity of vital services that rely on the LSUHSC-S IT infrastructure through good citizenship and legal and ethical use.

Definitions and Terms
Authorized Use - Use of the IT infrastructure must be consistent with the instructional, research, public service, patient care, and administrative goals of LSUHSC-S, and for the express purpose of conducting business related to one's job duties.

Authorized User - Staff, student, faculty, contractor, vendor, or entity that has an official affiliation with LSUHSC-S and has been assigned a network user ID and/or has been specifically authorized to use an infrastructure resource by the group responsible for operating the resource.

Business Use/Need - That which is consistent with one's role in the organization.

Operational Computer Services (or "Computer Services") - The LSUHSC-S central computer services group that provides non-academic IT support such as the network infrastructure, administrative applications, web services, E-mail infrastructure, IT security, etc. Computer Services reports to the Assistant Dean for Information Technology.

LSUHSC-S Information Technology Infrastructure - Information technology (IT) is a compilation of products and services that turn data into functional, meaningful, available information. The IT infrastructure is the network, the communication physical media, the protocols, the associated software/applications/firmware, the hardware devices that provide connectivity, and all equipment attached thereto regardless of ownership or location.

Network - A network is that system of products and services by which all computers and peripherals are connected. Due to the current need for high-speed networking, it is critical that cables and wiring adhere to industry wiring standards to provide a reliable service.

Network User ID - A network account assigned by Computer Services Security that provides authentication and access to the LSUHSC-S network and applications on the IT infrastructure. A user must fill out an account application through his/her local supporter and sign a statement attesting to having read and understood the proper use of his/her user ID and password.

Academic Computing - Provides consulting services for the research and education missions of LSUHSC-S in areas such as statistics, electronic course design, electronic grading, and distance education. Academic Computing reports to the Assistant Dean for Information Technology.

III. Policy
Use of the LSUHSC-S IT infrastructure is a revocable privilege granted to those with an official affiliation with LSUHSC-S. Access to specific services on the IT infrastructure is based on a business need. Access to the IT infrastructure, and any components on the infrastructure, requires authorization. The LSUHSC-S IT infrastructure must be used in a manner consistent with protecting patient care and the critical business functions of the organization. No one should perform any activity on the IT infrastructure that undermines the public's confidence in LSUHSC-S to fulfill its mission.

Online Privacy Statement
Authorized LSUHSC-S staff may, at any time, for any reason, or without reason, access any device connected to the LSUHSC-S network such as a computer, its hard drives and component parts, monitor all contents, copy (download) any and all contents and use any such contents, for any purpose it deems necessary.

All users are advised that they should have no expectation whatsoever of privacy as to any transmission/communication or image generated, received by, sent by, or stored in a computer.

All users are advised that by using a computer on the LSUHSC-S IT infrastructure, they acknowledge that they are subject to the terms of this policy and that they give their unrestricted consent to the monitoring, copying, and unrestricted distribution of any transmission/communication or image generated, received by, sent by, or stored in the computer. Such use is subject to this same policy even when access to the LSUHSC-S network is through dial-up or the Internet and even when the computer that is used is personal property and not the property of LSUHSC-S. Such computer may be scanned, and network access may be denied.

Acceptable Use Statement
All users of the IT infrastructure are expected to exhibit responsible behavior and shall:

• Comply with all federal and state laws, LSUHSC-S rules and policies, terms of computing contracts, and software licensing rules.
  

• Obtain authorization to use LSUHSC-S computing resources.
  
  
• Be held responsible for the use of their assigned user ID. Sharing of user IDs and passwords is prohibited.
  
  
• Obtain the proper authorization prior to accessing or sharing LSUHSC-S data.
  
  
• Actively participate and cooperate with Computer Services in the protection of the IT infrastructure against threats. For example, not opening E-mail from an unknown source, safeguarding passwords, reporting any violations of the acceptable use statement to the local support staff, and cooperating with the local support staff to keep security patches up to date on applications and computers.
  
  
• Take reasonable precaution to avoid introducing computer viruses into the LSUHSC-S network. For example, files downloaded from the Internet, received from E-mail, or brought in from outside LSUHSC-S must be scanned with approved virus-scanning software. Anyone suspecting they may have a computer virus should contact the Help Desk (5-5470) immediately.
  
  
• Erase the hard-disk drive of any computer scheduled for surplus using an approved method as described by the State Office of Information Technology.
  All users of the IT infrastructure shall NOT:

• Engage in any activity that jeopardizes the availability, performance, integrity, or security of the IT infrastructure. Examples would be installation of a server without the express permission of Computer Services; using peer-to-peer (P2P) applications that take up bandwidth for the downloading of music, games, and video; releasing computer viruses or worms; and deliberately or recklessly overloading access links or switching equipment through the use of streaming media such as web radio and other mechanisms.
  
  
• Use computing resources in a wasteful manner that creates a direct cost to LSUHSC-S. Some examples of waste are unnecessary backgrounds on E-mail taking up valuable storage space, spending time on the Internet for personal use, playing computer games, engaging in non-business related online chat groups, or printing multiple copies of documents.
  
  
• Use LSUHSC-S IT resources for personal monetary gain or commercial purposes not directly related to LSUHSC-S business or for functions that are not related to one's job.
  
  
• Install, copy, or use any software in violation of licensing agreements, copyrights, or contracts.
  
  
• Send copies of documents or include the work of others that are in violation of copyright law in electronic communications.
  
  
• Obtain or attempt to access the files or electronic mail of others unless authorized by the owner or as required for legitimate business need, security issues, or investigative purposes. Disclosure of any information obtained must abide by existing policy, laws, and regulations.
  
  
• Harass, intimidate, or threaten others through electronic messages.
  
  
• Construct a false communication that appears to be from someone else.
  
  
• Send or forward unsolicited E-mail to lists of people you do not know. It places considerable strain on the E-mail system. Bulk mailing of information can be selectively used for business- related communication but must be approved at a level appropriate to the scope and content of the information. Contact Information Services (5-5408) for help with bulk mailings.
  
  
• Send, forward, or reply to E-mail chain letters.
  
  
• "Reply to all" to mass E-mail mailings.
  
  
• Retransmit virus hoaxes.

• Directly connect to LSUHSC-S computers by dialing to a modem installed on such computer or by using any other unapproved method.
  
  
• Create or transmit (other than for properly supervised and lawful research purposes) any offensive, obscene or indecent images, data or other material, or any data capable of being resolved into obscene or indecent images.
  

IV. Amendments and Revisions
This policy shall be amended or revised as the need arises.

V. Enforcement of Policy
Noncompliance with this policy could result in disciplinary action up to and including termination of employment, dismissal from an academic program, and civil or criminal liability.

This memorandum is effective January 16, 2004.

_____________________________________
Signed: John C. McDonald, M.D., Chancellor