Access and Use Agreement
for UW Information Systems and UW Institutional Information
Updated in February 2013 to align with the below UW Rules/Policy Statements.
If you are a UW employee, you are required to accept this agreement as your acknowledgement of the UW Rules/Policy Statements listed below which govern your access to and right to use UW information systems or institutional information.
If you are not a UW employee, you are required to accept this agreement as your promise that you will abide by the UW Rules/Policy Statements listed below (whether or not they are written to apply to you) in exchange for the UW providing you access to and the right to use UW information systems or institutional information.
UW Rules/Policy Statements
The UW Rules/Policy Statements listed below govern your access to and the right to use UW information systems and institutional information. This list is not necessarily exhaustive. Other UW Rules/Policy Statements, as well as Policies, Standards and Guidelines in your UW organizational area, and state and federal laws, might apply to your activity. These include, but are not limited to, ethics laws and laws regarding maintenance and disclosure of public records.
- UW APS 2.4, Information Security and Privacy Roles, Responsibilities, and Definitions
- UW APS 2.5, Information Security and Privacy Incident Management Policy
- UW APS 2.6, Information Security Controls and Operational Practices
- UW APS 55.1, Mobile Device Use and Allowance Policy
Summary of UW Rules/Policy Statements
You are personally responsible for protecting the privacy and security of all UW data you use from information systems to which you are given access regardless of how or where they are created, managed, or stored (e.g. electronic or paper information, email, UW systems, cloud services, and personal computers, smartphones, tablets or other mobile computing devices). Below are summaries of key points about your areas of responsibility.
- In accessing or using UW information systems or institutional information, you must follow all applicable laws and UW Rules/Policy Statements.
- You are accountable for all activities associated with your accounts and the access privileges you have been assigned.
- All who access or use UW information systems or institutional information must promptly report potential Information Security and Privacy Incidents to the Office of the Chief Information Security Officer at 206-221-7000 or firstname.lastname@example.org. In the case of non-UW employees, the reports must be made to the UW employee who authorized their access or use.
- You are required to protect against unauthorized access to your accounts, privileges, associated passwords, and computing devices.
- You may access and use UW information systems or institutional information only as necessary to fulfill job duties or activities authorized by the UW. If you are unsure whether an intended access or use is authorized, you should check with your supervisor, or in the case of non-UW employees, the UW employee who authorized your access and use.
- Your access and use of UW's network, information systems, or institutional information may be logged and monitored.
- You must be familiar with the UW methodology for classifying institutional information as confidential information, restricted information, or public information and follow the UW Rules/Policy Statements for maintaining the confidentiality, integrity and availability of institutional information according to the classification.
- You are expected to configure mobile devices that are used to conduct UW business, whether personally owned or provided by the UW, in such a way that protects UW institutional information. The devices and systems should have security measures and practices which meet or exceed those required by applicable UW Rules/Policy Statements.
- You should limit the degree to which you access or use UW confidential information on mobile devices to those situations in which such access is a business necessity and not merely an individual convenience.
- You may not send unsolicited email to individuals that ask them to reply with confidential information or click on embedded links that immediately direct an individual to a web site that requires entry of confidential information.
- If you provide a third party access to or use of institutional information covered by University rules or policies, you shall include terms and conditions in an agreement or contract that require compliance with applicable information security and privacy laws and University rules or policies.
- You are discouraged from unnecessarily duplicating institutional information.
Failure to comply with laws or UW Rules/Policy Statements applicable to your access and use of UW information systems or institutional information may result in disciplinary action up to and including termination for UW employees; contract termination in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student.