Information Technology Student Affairs Data Security and Privacy User Agreement The Division of Student Affairs, in accordance with the Montana Board of Regents Policy 1303.1, maintains that each user of the Montana University System's (MUS) computing and information resources should realize the fundamental importance of information resources and recognize his/her responsibility for the safekeeping of those resources. MUS information technology resources are to be used by employees for job-related activities, not for private, or commercial purposes, unless covered under formal agreements with the MUS. Each user of MUS-owned or managed computing systems must be knowledgeable of and adhere to MUS policies, respect the rights of other users by minimizing unnecessary network traffic that might interfere with the ability of others to make effective use of shared resources, respect the integrity of the physical facilities and controls, and obey all pertinent federal, state, county, and local laws and ordinances. Each user must abide by these policies, laws, and contractual obligations, and adhere to appropriate ethical standards. Further, data contained on MUS-owned or managed computing systems and transmitted on attached networks are presumed to be MUS property, and are subject to monitoring and/or copying by the MUS, unless MUS's rights are otherwise limited by law, policy, or contract. That is, in order to meet its obligations, the MUS, through individuals operating within the course of their legitimate job duties, may periodically, routinely, or for a specific purpose monitor activity on its computers, computing resources and network. These individuals may include IT personnel and appropriate administrators and supervisors. Records obtained by monitoring may be used within the MUS by MUS officials, employees and agents for purposes appropriate to the management and administration of the MUS, including the investigation of possible misconduct by a user or a third party. According to Montana Board of Regents Policy 1302, the types of activities the MUS may monitor and on which it may maintain records include, but are not limited to: 1. e-mail sent from or received by e-mail systems operating on MUS sites; 2. accesses to external Web sites originating from MUS sites; 3. other significant external network activity originating from or received by MUS sites; and 4. the contents of permanent storage devices attached to MUS computers (including installed software and software version information, system data, and user data). By signing this agreement I, ___________________________________, acknowledge that I have read (Print your name) and understand this policy and will act responsibly concerning security, privacy and acceptable computing practices. ______________________________________ _____________________ Signature of Employee Date Policy passed by Student Services Directors and Senior Management Team on dd/mm/yyyy