FPG Computer and Network Policies

Last Revision: August 17, 2011

Software Policy

Acceptable use

The University of North Carolina maintains policies on acceptable and appropriate use of information technology services, tools and resources. All FPG staff should be familiar with these policies. An updated version of the University IT Policies can be found here: http://help.unc.edu/1688 and http://its.unc.edu/ITS/about_its/its_policies/index.htm.

Purchasing & Licensing

All purchasing of software and associated licenses should be centralized with FPG IT Services to ensure that all applications conform to software standards and are purchased at the best possible price. By centralizing purchases and license management, FPG can take advantage of volume discounts. In some cases, as few as 5 licenses can qualify FPG for a discount. All requests for software should be submitted to FPG IT Services via email. FPG IT Services will confirm with the Business Office staff to ensure the purchase is an allowable expense when using grant funds. Each employee is individually responsible for reading, understanding, and following all applicable licenses, notices, contracts, and agreements for software that he or she uses or seeks to use on FPG computers. Unless otherwise provided in the applicable license, notice, contract, or agreement, any duplication of copyrighted software may be a violation of federal and state law. FPG IT Services will retain the installation disks and license codes for all software purchases.

Software standards

The following list shows the current standard suite of software included on FPG computers that are fully supported by the FPG IT Services:

  • Microsoft Windows 7 (64-bit)
  • Microsoft Office 2010 with Outlook 2010
  • Microsoft Internet Explorer 8
  • Adobe Acrobat Reader & Flash
  • SAS 9.2
  • Symantec Endpoint Security
  • Apple QuickTime & iTunes
  • UNC TIM
  • CutePDF (PDF creator)
  • Dell KBOX client (System management including patch management & remote control)
  • Various department specific applications
  • Laptops only: PGP full disk encryption, Cisco VPN client & Remote Desktop client

Software

All software and associated licenses acquired using FPG grant funds are University property and must only be used on University-managed computers. All such software must be used in compliance with applicable licenses, notices, contracts, and agreements. FPG systems are regularly scanned for malicious software and file-sharing applications. If detected, these applications are removed or disabled. FPG IT Services provides several secure solutions for sharing data with non-UNC collaborators.

Software applications and/or utilities that enable “server” or “host” services on a desktop or laptop are prohibited. Such applications must be hosted on an FPG or UNC server to ensure compliance with the UNC Information Security Policies.

Back to top

Hardware Policy

FPG IT Services is responsible for ordering all desktops/laptops & hardware in use and supported at FPG. This includes desktops, laptops, Netbooks, Tablets and other handheld devices.  FPG IT Services can only service equipment located at (or returned to) university-owned or university-leased locations. FPG IT Services cannot support (install applications, utilities, repair, etc.) personally owned desktops. All FPG systems must have the FPG KBOX client installed to ensure compliancy with the UNC Security Policies. All mobile devices must have full disk encryption enabled. All mobile devices such as laptops, Tablets, PDAs and other handheld devices must be registered with FPG IT Services and an annual “Off Campus Use Agreement” must be on file.

Supported Desktops

FPG IT Services will provide a standard desktop configuration and environment. Project funds may be required for specialized or high-end desktops to run project specific applications such as coding stations, processor-intensive statistical analysis, multimedia stations, etc.

Supported Laptops

FPG IT Services does not provide laptops for general use. Laptops can be purchased by projects through FPG IT Services. Supported laptops must be departmentally owned or university-purchased and meet minimum hardware and warranty standards. Laptops should be purchased with a 4-year warranty. Accidental damage coverage is strongly encouraged for all laptops used for data collection. All laptops must also meet the requirements for UNC Information Security Standards for Workstations, Laptops and PDAs Storing or Processing Sensitive Data. All FPG laptops will be have full disk encryption enabled regardless of the data on the laptop.

Due to the minimum hardware requirements for current operating systems, applications and security utilities, supported laptops must be within one-year of warranty expiration. Under current system requirements, laptops that are unable to run Windows 7 and PGP disk encryption may not be used to store any UNC/FPG data. Those laptops must be configured as remote desktop clients only. For projects requiring a large number of laptops for data collection or other use, contact FPG IT Services to discuss support costs for managing the systems.

Personal Systems

FPG IT Services cannot support (install applications, utilities, repair, etc.) personally owned desktops. UNC Security Policies prohibits certain data to be stored on non-University managed or owned systems. Personal systems should never be used to store or access sensitive data even temporarily. Personal systems used to access FPG data must have proper security utilities in place including current anti-virus protection and patch management software. Please note: If University data is stored on a personal device and that device becomes compromised, ITS Security may take possession of the device to run forensic scans. The process for determining the compromise may take several weeks. The cost for forensic scans on personal laptops will be the responsibility of the owner.

Printers

FPG IT Services provides full support for the Konica/Minolta copier/printer/scanners located in each building. Print jobs can be sent to any of the printers for a nominal fee. FPG IT Services does not provide personal or other networked printers. Projects may purchase other printers through FPG IT Services. FPG IT Services provides limited support for printers other than the Konica/Minolta devices.

Back to top

Data Policy

Sensitive Information includes all data, in its original and duplicate form, which contains:

Sensitive data also includes any other information that is protected by University policy or federal or state law from unauthorized access. Sensitive Information must be restricted to those with a legitimate business need for access. Examples of sensitive information may include, but are not limited to, social security numbers, system access passwords, some types of research data (such as research data that is personally identifiable or proprietary), public safety information, information concerning select agents, information security records, and information file encryption keys.

Data Storage

FPG provides personal and project storage space on secured, networked locations. All FPG/UNC data should be stored on the FPG network and not on local systems or mobile devices. On laptops and mobile devices, it may be necessary to temporarily store copies of FPG/UNC data. However, local systems are not backed up and recover of data is not guaranteed. Projects needing large amounts of storage space should contact FPG IT Services for options and costs.

Storage of Sensitive Data

As described in the UNC Information Security Standards, Sensitive Information must never be stored on mobile computing devices (e.g., laptops, personal digital assistants (PDA), smart phones, tablet PCs) unless approved in writing by the FPG Director and FPG IT Director and unless these devices are University owned or managed and maintained in compliance with the Information Security Standards for Workstations, Laptops and PDAs Storing or Processing Sensitive Data. Sensitive Information must never be stored on any personally owned devices.

On rare occasions and only with written approval of the FPG Director and FPG IT Director and pursuant to a written contract with an outside third party, mobile devices belonging to UNC business partners or vendors may be used to store or access UNC-Chapel Hill’s Sensitive Information, as long as the non-UNC third party contractually accepts the responsibility for maintaining the security of the University’s Sensitive Information in accordance with all the Information Security Standards.

Sensitive data should only be stored on an FPG or UNC server managed by a qualified systems administrator. Sensitive data should not be stored on a desktop system unless PGP is installed on that system.

Remote access to certain sensitive data may be restricted. In such cases, a remote desktop client will be available for sensitive data access.

Back to top

FPG Computer and Network Acceptable Use Policy

Acceptance of the following Acceptable Use Policy is a precondition for authorized use of the FPG network or FPG computing devices. The term "computing devices" includes, but is not limited to, desktop computers, laptop computers, Tablets, PDA's, storage devices (such as USB memory sticks), and printers. No use of any FPG computing device or the FPG network is permitted without such authorization. An abbreviated version of this Use Policy is also available at Policies: Short Form.

  1. Individuals handling data that fall under the definition of sensitive data according to the UNC Information Security Policy are responsible for notifying FPG IT Services as to the nature of the data so that appropriate security precautions can be implemented for the data. Individuals assume full responsibility for understanding and abiding by any procedures required by their work with regard to compliance with UNC Information Security Policy. Sensitive data should only be saved and stored on an FPG/UNC server managed by a qualified systems administrator.
  2. The network and/or computing devices owned by FPG may not be used for commercial profit activities except where University policy and NC statute each explicitly allow such activity.
  3. Unsolicited advertising by users is strictly forbidden. For the purpose of this Policy, "Unsolicited Advertising" shall be defined to include any transmission that describes goods, products, or services and that is initiated by the vendor, provider, retailer, or manufacturer of the described goods, products, or services, or by a third party retained by, affiliated with, or related to the vendor, provider, retailer, or manufacturer. This prohibition shall not include either (i) discussions of a product or service's relative advantages and disadvantages by users of those products or services (unless the user is also the vendor, provider, retailer, or manufacturer, or related to or affiliated with the vendor, provider, retailer, or manufacturer), (ii) responses to questions, but only if such responses are direct replies to those who inquired via electronic mail, or (iii) mailings to individuals or entities on a mailing list so long as the individual or entity voluntarily placed his/her or its name on the mailing list.
  4. Users shall avoid unnecessary network traffic and interference with other users. That is, the FPG network and servers are shared resources and must therefore not be used in any way which would degrade the performance of these systems or interfere with the use of these resources by other staff. FPG IT Services will not provide support for non-business use applications such as music, weather and other streaming software. If such applications are found to interfere with normal network traffic, the applications will be disabled.
  5. Any type of mass mailing resulting in network spamming or "chain letters" is strictly forbidden. The FPG "All Staff" lists are strictly for FPG business only. They are not for personal use under any circumstance including, but not limited to, postings of "for sale" items, requests to buy or sell tickets, or information regarding personal needs such as a need for roommates. The addresses of the FPG lists are not to be disclosed to anyone not affiliated with FPG.
  6. Users shall not harass or stalk others, post, transmit, or originate any unlawful, threatening, abusive, fraudulent, hateful, defamatory, obscene, or pornographic communication, or any communication where the message, or its transmission or distribution, would constitute or would encourage conduct that would constitute a criminal offense, give rise to civil liability, or otherwise violate any local, state, national, or international law.
  7. Users shall not access or attempt to gain access to any other user's system accounts or to any nonpublic or restricted portions of the FPG network. Users also shall not intercept or attempt to intercept data transmissions of any kind. Email is considered private under UNC policy.
  8. Use of peer-to-peer file sharing applications is strictly prohibited on the FPG network and computer systems. Peer-to-peer file sharing applications include, but may not be limited to, applications used for the finding, downloading and sharing of music, video or data over the internet. This includes applications such as DropBox. The use of software that enables server or host services on a desktop or laptop is also strictly prohibited.
  9. Publication of materials to the web for which FPG is not the copyright holder is prohibited without the explicit written permission of the copyright holder or a blanket statement from the copyright holder allowing general republication of their materials. In all cases, republished materials must include proper acknowledgements in regards to the copyright holder. Note that this also applies to images or music used in publications or videos published to the web.
  10. FPG employees should not store any content on an FPG computing device to which that employee does not have appropriate rights. For example, you must own any music CD that you have stored on your computer.
  11. FPG employees should not allow individuals not affiliated with FPG to use FPG computer resources. Limited exceptions to this are permissible such as to allow a visiting lecturer the opportunity to check email via the web or a vendor to obtain information required for their work here. In such cases the individual must be closely supervised by an FPG employee, and the FPG employee assumes full responsibility for the activities of their visitor. Under no circumstance is an individual from outside FPG to make any change to the configuration, software or hardware of an FPG system without the explicit permission of FPG IT Services.
  12. FPG employees may not download or install any kind of software on FPG computers. This includes shareware, freeware, personally-owned software, project-owned software, web-browser plugins, or software updates. All such work is to be conducted by FPG IT Services staff unless explicit permission is granted by IT services for an individual to do such work themselves for a particular case.
  13. Personal use of the FPG network and computing devices (including printers) should be minimal. It is understood and appreciated by FPG and UNC that personal use of email, the web and applications such a word processing by staff is necessary for staff members to function optimally in today's world. However, such use should not involve any changes to the configuration of any FPG computer or equipment, should not have any measurable impact on the performance of the network or computing devices, and should have negligible cost impacts.
  14. Immediately upon termination of employment at FPG all rights to use the FPG network, computing devices, and services cease. Faculty members retiring from FPG but continuing affiliation with FPG may request a continuation of email services from UNC ITS. Accessing FPG equipment or services after the end of employment may be considered a network intrusion subject to prosecution.
  15. All FPG managed laptops, tablets and mobile devices should have full disk encryption enabled if technology feasible.
  16. Personal laptops and computers should not be used to directly access UNC/FPG data. Personal laptops and computers should never store UNC/FPG sensitive data. Remote access to data should be done via remote desktop. 
  17. If any of these Terms of Service are found to be more or less stringent than those implemented by UNC, the State of North Carolina, or U.S. law, the most stringent applicable rule will have precedence over all others.

FPG IT Services and the FPG management team shall have broad authority to interpret and apply these Acceptable Use Policies. FPG also shall be entitled to modify or amend these policies at any time. FPG shall provide notice of any such modifications or amendments by email to the "All FPG Staff" list. Users shall be responsible for regularly reviewing notices posted on-line on the FPG IT Services web pages. Any such modification shall be effective immediately upon notice being provided regardless of whether subscriber actually reads such notice.

FPG shall be entitled to act upon any breach of these Acceptable Use Policies, and FPG shall be entitled to exercise all appropriate remedies, including termination from the network, disciplinary review, termination of employment, and/or legal action.

Back to top

FPG Computer and Network Acceptable Use Policy (Abbreviated Version)

Note: The term "computing devices" includes, but is not limited to, desktop computers, laptop computers, Tablets, PDAs, storage devices (such as USB memory sticks), and printers.

  1. If you handle sensitive data, you are responsible for understanding and obeying the UNC Information Security Policy. Tell FPG IT if you are handling/collecting sensitive data. We can only help you comply with the UNC Information Security Policy if we know you have sensitive data. Do not store sensitive data on anything other than an FPG/UNC server.
  2. No commercial use of FPG computers or network.
  3. No emailing advertisements to others.
  4. Do not engage in any activity that can negatively impact network or system performance for everyone else.
  5. No mass-mailings or chain letters. Use the FPG "all staff" lists only for FPG business.
  6. Keep emails legal and appropriate for a business environment.
  7. Do not attempt to gain access to the network accounts of others or to parts of the network to which you don't have permission.
  8. No peer-to-peer file sharing applications allowed on FPG systems. This includes applications such as DropBox. Do not run a server or server-like application on your desktop or laptop.
  9. When publishing (includes the web) make sure you respect copyrights meticulously.
  10. No music or other files on your computer that you don't have a legal right to have.
  11. Do not let anyone outside of FPG use FPG computers.
  12. Do not load any software of any kind on any FPG computer (includes web plug-ins). FPG IT Services does that work for you.
  13. Personal use of email and the web is allowable as long as the way you do it is allowable with your manager and doesn't impact anyone else.
  14. When you are no longer an employee of FPG you are no longer allowed to use FPG computers or network services. Talk to us before you go so that we can help you transition.
  15. All FPG managed laptops, tablets and mobile devices must be encrypted if they can be.
  16. Don’t use personal equipment to access data. Use remote desktop.
  17. If we haven't covered something here for which UNC, North Carolina or the United States has a rule, those rules trump ours.

These rules can change! If they do, we will send out a note via email and post them on your website. You are responsible for keeping up with any changes.