• Faculty Handbook
• AP Faculty Handbook
• Classified Employee Handbook
• Wage Employee Handbook
• Student Handbook
• Commonwealth Employment Policies
• Financial Procedures Manual

Policy #1201
Information Technology Resource Management

Date of Current Revision: September 2010
Responsible Office: Assistant Vice President for Information Technology

1. PURPOSE

In conjunction with JMU Policies 1212 (Information Technology Infrastructure, Architecture and Ongoing Operations) and 1213 (Information Technology Project Management), this policy establishes general requirements and responsibilities associated with the management and use of computing and telecommunications resources and services at James Madison University.

2. AUTHORITY

The President gives the Assistant Vice President for Information Technology responsibility for University policies and procedures for acquisition, implementation, documentation and use of information technology resources and for meeting its compliance obligations. Information Technology (IT)  also provides and manages a variety of computing facilities and services for the university.

3. DEFINITIONS

Workstations:
Generally synonymous with personal computers, desktop computers, or microcomputers, but can refer to any kind of small computer such as a Windows PC or Macintosh.

Shared Central Computers:
Computers managed centrally by IT that house applications shared by university users such as e-mail and HRMS.

Network:
A system of hardware and software that transmit and receive any combination of voice, video and/or data. The network includes the network operating system, various client and server machines, the cables connecting them and all supporting hardware in between such as bridges, routers and switches.

End User Computing:
Computing activities and resources intended primarily to support the needs of the department or unit developing or purchasing the application. EUC applications typically reside on workstations. EUC applications used to conduct University business must be adequately documented and secured in order to ensure continuity of service or operations. An EUC application may be developed in-house or purchased as a turnkey package from a commercial vendor.

Access Control:
A mechanism for controlling the right to view or use systems and/or data (e.g. passwords and user identification numbers).

4. APPLICABILITY

This policy applies to all data, computing and telecommunications resources owned, operated or contracted by James Madison University.

5. POLICY

James Madison University provides a wide range of information technology resources including workstations, shared central computers, voice, data and video networks, and remote access to other facilities. These resources are available for academic instruction, faculty and student research, office automation, and administrative processing. They are supported by an appropriate mix of consulting, training, maintenance, and support services.

Misuse of university computers, communication devices, data or other information technology resources is a serious offense. Misuses of information technology resources include, but are not limited to, improperly using university data, computer equipment, software or other resources, accessing university computers with stolen or illegitimate user identification, and compromising the security or performance of shared computer or communication systems. Specific requirements related to appropriate use are outlined in Policy 1207 (Appropriate Use of Technology Resources).

6. PROCEDURES

More detailed requirements, instructions, and procedures for use of the university's information technology resources are specified in JMU Computing Standards established and maintained by IT at http://www.jmu.edu/computing/standards.

All users of university information technology resources are required to adhere to these standards as well as other university policies related to information technology.

7. RESPONSIBILITIES

7.1 General Responsibilities

Information Technology
IT has overall responsibility for ensuring that effective information technology resource management takes place within the university. Establishing and implementing plans, policies, procedures, and practices that protect and direct the university's information resource investment and assure the confidentiality, availability, integrity, and effective use of these resources by the university community are central to this effort.

To address specific academic needs IT works cooperatively with the Educational Technologies (ET) unit of Academic Affairs’ Libraries and Educational Technologies division. IT also seeks advice through a variety of standing and ad-hoc groups. Such committees and advisory groups are convened to address specific issues or the needs of a particular constituent group. They are generally composed of key users of information technology who advise on matters related to instructional, research and administrative applications of technology. They participate in major information technology policy decisions, provide input to long range plans and makes suggestions for service improvement.

Individual Responsibility
Individual division heads, deans, academic/administrative unit heads and faculty, staff and students provide input and share responsibility for effective information technology resource management. Their responsibilities include those directed by university policy or procedure and those that generally assure a secure and effective technology environment for themselves and others.

7.2 Specific Responsibilities

7.2.1 Acquisition:
University departments must contact IT and complete a Project Initiation Questionnaire prior to soliciting acquisition, development or enhancement of technology systems. See Policy 1202 (Information Systems Implementation and Project Management).at http://www.jmu.edu/JMUpolicy/1202.shtml

IT will assist university departments in performing a business impact analysis that will examine the development or acquisition alternatives, selection process, implementation requirements and life cycle planning. Specific considerations such as installation and configuration of hardware, software and services, security practices, telecommunication requirements and operational responsibilities will be discussed. IT will also assist in identifying and evaluating compatibility issues, compliance obligations and requirements for project documentation and implementation. While specific processes depend on the scope and complexity of the project, general requirements for initiation, classification and management of computing projects are outlined in Policy 1202 (Information Systems Implementation and Project Management). In addition, specific procedures are outlined in JMU Computing Standards.

Requests for information technology resources for externally funded projects or university-sponsored programs will be submitted through the appropriate department head, dean, and vice president. IT will review these requests and the costs for necessary computer/communication services may be assigned in accordance with university accounting regulations

7.2.2 Security:
IT is responsible for establishing and maintaining the physical security of the central computing facilities (including shared file servers managed by IT), the university's communications network, and data for which IT is the custodian. These responsibilities are more fully detailed in the Policy 1204 (Information Security).

Division heads, academic deans and academic/administrative unit heads through their staff are responsible for the availability, confidentiality, and integrity of data and software stored on individual workstations, servers or shared central computers to the extent they have access and/or operational control. This responsibility includes ensuring backup of key software systems and data on individual workstations or file servers. They may also include account management and/or data stewardship responsibilities that have been specifically assigned.

7.2.3 Access Control:
The university provides access to its non-public computing resources for the exclusive use of students, faculty, and staff for the purposes of advancing educational pursuits and certain administrative support functions.

IT is responsible for instituting and monitoring appropriate access control measures for shared central computer systems including centrally managed administrative and academic computers, shared file servers and other systems for which it has system administration responsibilities.

With the written approval of the appropriate division head, academic dean, or academic/administrative unit head, access control responsibilities for private file server volumes may be delegated to individual workgroup managers.

Access to central computing systems is granted by the issuance of individual user logon identification, password protection and usage restrictions as appropriate. In addition to these general access controls, compliance with procedures for granting access to particular software applications or data sets is also required. Data managers are assigned to approve access to certain databases and/or applications. These data managers are responsible for assuring that requests for data/system use are in keeping with assigned responsibilities and university data access provisions. IT is responsible for implementing data access as approved by the appropriate data managers.

Individual users assume responsibility for the appropriate and ethical use of the systems and data to which they have access. See the university policies on Information Security (Policy 1204) University Data Stewardship Policy (1205) and Appropriate Use of Information Technology Resources (Policy 1207) for more detail.

7.2.4 Systems Development and Maintenance
IT provides systems analysis and programming services to support the university's administrative and academic functionality. These services include the design, programming, documentation, testing, and enhancement of computer systems for a variety of service functions (e.g. financial accounting, student records administration, payroll processing, etc.) as requested by university departments. IT and the university department will review a cost/benefit analysis of requested enhancements to assure appropriate utilization of university resources.

7.2.5 Systems Administration and Operations:
IT is responsible for providing environmental control and systems support for central software application systems and computing/communications components to meet the various administrative and academic needs of the university. Specific tasks include capacity and production planning, operational control, security monitoring and system administration for a variety of standard and ad-hoc production environments.

IT is responsible for providing direction to members of the university community regarding safe and responsible use of technology resources and the responsibilities users have for protecting and efficiently using such resources at JMU. The responsibilities are more fully detailed in Policy 1207 (Appropriate Use of Information Technology Resources) and Policy 1204 (Information Security).

7.2.6 Telecommunications and Network Access:
In cooperation with the university’s Telecommunications Department, IT delivers voice, data and video services by designing, installing, and maintaining the campus network infrastructure, including both cabled and wireless components. IT also works with Telecom to provide access to information, systems, and services at other sites by providing inter-network connectivity, satellite transfer, and other forms of voice/data/video access.

8.SANCTIONS

Sanctions will be commensurate with the severity and/or frequency of the offense and may include termination of employment or expulsion. In addition, violators may be subject to criminal civil action.

Employees who do not adhere to this policy may be subject to discipline, up to and including termination of employment. Violators are subject to disciplinary and/or legal action as specified in the employee, faculty, and/or student handbooks, other university policy and procedures or federal or state law as applicable.

9.EXCLUSIONS

Exclusions may be approved by the Assistant Vice President for Information Technology to accommodate special needs or circumstances in support of the university's mission and that do not compromise the access or rights of other students, faculty and staff.

10.INTERPRETATION

The authority to interpret this policy rests with the President, and is generally delegated to the Assistant Vice President for Information Technology.

Previous version: September, 2006
Approved by the President: April, 2002

Index Terms

IT
PC
Personal computing
Resource Management
Networks
Systems
Security