Policies

FDU maintains policies with regards to the use and security of its computer systems, networks and information resources. Users of these facilities are required to adhere to these policies which are meant to protect FDU’s computer systems, networks, data and other information resources.

Policies

Acceptable Use Policy for Computer Usage

icon Close

The computing and electronic communications resources at Fairleigh Dickinson University support the instructional, research, and administrative activities of the University. Users of these facilities may have access to University resources, sensitive data, and external networks. Consequently, it is imperative for all users to behave in a responsible, ethical, and legal manner. This document presents specific guidelines to appropriate behavior and use of FDU computing resources.

SCOPE

These guidelines apply to all users of FDU computing resources. Users include all students, faculty, visiting faculty, staff, guests of the administration, and external individuals or organizations.

Computing resources include, but are not limited to, desktop and laptop computers, file servers, email and electronic communications, software, University-assigned email accounts, data storage, and networking equipment used to link these components together and to the Internet, whether owned, leased or rented by FDU. In addition, computing resources expressly include use of the University network via a physical or wireless connection, regardless of the ownership of the computer or device connected to the network. Moreover, this policy applies equally to all usage of University computing resources, whether that usage occurs through a University owned device or personal device.

University property, including computing resources, are provided to you in order to conduct University business. Although security protocols have been put in place to restrict access to computing resources in order to protect them against external parties or entities obtaining unauthorized access, employees should understand that these systems are intended for business use, and all computer resources are to be considered as University records.

Fairleigh Dickinson University is not responsible for the content of any material users prepare, receive or transmit. Thus, as a condition of using the University’s computer system, the user represents that he/she is in compliance with all federal, state and international copyright and other intellectual property laws and agreements and other federal and state laws, and that in his/her use of the system the user will not violate any federal or state civil or criminal laws. Furthermore, the user will indemnify, exonerate and hold the University, and its representatives, harmless from any claim, damage or cost related to the user’s use that is in violation of University policy(ies), including any legal fees the University decides it is necessary to incur to defend itself.

ACCEPTABLE USE

Those who make use of the FDU computing resources are required to behave in a manner consistent with FDU’s codes of conduct. As a user of this network, you agree to the following usage guidelines:

  1. You also shall not use an account not belonging to you. You will use only the computers, computer accounts and computer files for which you have authorization.
  2. You are responsible for any computer account you have been given. You shall set a password on the account that is in compliance with University password policies and you shall not share this password with other people. If you discover that someone has made unauthorized use of your account, you should change your password immediately and immediately report the event to one of the individuals listed in Appendix 1.
  3. You agree not to intentionally seek out information about, copy, or modify password files, other users’ files, or disks and tapes belonging to other people, whether at FDU or other facilities.
  4. You should not attempt to decrypt material to which you are not entitled or attempt to gain rights you have not been specifically granted by the owner. If you observe or discover a gap in system or network security, you agree to inform the one of the individuals listed in Appendix 1 and not to exploit the gap.
  5. You agree to refrain from any activity that interferes with a computer’s operating system or its logging and security systems, or that may cause such effects.
  6. You must be sensitive to the public nature of computing resources and agree not to transmit, post or otherwise display material that is threatening, obscene, harassing or defamatory. The use of University computing resources to libel, slander, or harass any other person is not allowed and could lead to University discipline as well as legal action by those who are the recipients of these actions.
  7. You agree not to make copies of or distribute software the University owns or uses under license, unless the owner of the software or the owner of the license has specifically granted permission to copy. If in doubt as to whether you have permission to copy software, assume you don’t.
  8. Messages, statements, and declarations sent as electronic mail or public postings should be treated as if they were tangible documents. From electronic identifiers used in the transmission of messages, addressees can see the University is the source of the message or its system is being used to transmit it, similar to how letterhead or return addresses on a tangible document would identify the University. SUGGESTION: Therefore, as a representative of the FDU community, you are expected to respect the University’s good name in your electronic dealings with those both within and outside the University. Moreover, in so far as employees make use of FDU computing resources to relay personal opinions, it is their obligation to make sure that no addressee can infer that their personal opinions are necessarily shared or authorized by the University, and they are obligated to clearly identify their opinions as their own and not those of the University.
  9. You agree not to create, alter, or delete any electronic information contained in any system that is not your own work.
  10. You agree not to create & send, or forward electronic chain mail letters. You agree not to attempt to alter or forge the “From” line or any other attribution of origin contained in electronic mail or postings. You agree not to use any of the University systems for sending what is commonly referred to as “SPAM” mail (unsolicited bulk email).
  11. You shall not use FDU computing resources as a means of obtaining unauthorized access to any other computing systems.
  12. FDU’s data storage, on University servers, hosted servers, third party storage or hosted storage, is an FDU computing resource with costs attached and should be used with care and discretion. It is not meant to be used for archiving programs and data not currently being used or for storage of files publicly available elsewhere. It is meant for current class work, research and development projects, business files and temporary storage of other files. Users shall attempt to keep their disk usage minimized and will refrain from maintaining duplicate copies of software already installed, or other files stored, on the system.
  13. Network addresses such as TCP/IP addresses and machine addresses are assigned by University Systems and Networking staff and may not be altered or otherwise assigned without the explicit permission of the Associate Vice President of Technology Infrastructure and CTO/CISO. In addition, no equipment may be attached to the network without the explicit permission of the the Associate Vice President of Technology Infrastructure and CTO/CISO.
  14. FDU’s computing resources are not to be used for the transmission of commercial or personal advertisements, solicitations, and promotions or for extended reproduction of political, ideological or commercial material originated by a person or organization. This includes but is not limited to the execution of revenue-generating advertising programs which pay users when the programs are run. The Associate Vice President of Technology Infrastructure and CTO/CISO may suspend this rule when it is in FDU’s best interest to permit such activity.
  15. Users may not contract with external Internet services, service providers or the like without the explicit approval of the Associate Vice President of Technology Infrastructure and CTO/CISO.
  16. Without the explicit permission of the Associate Vice President of Technology Infrastructure and CTO/CISO you agree not to run any of the following protocols or services:

    A. Port scanners, network monitors or other types of utilities that probe any other computer, be they inside or outside FDU’s network.
    B. Routing or network serving protocols such as RIP, IGRP, OOTP or DHCP on the network.
    C. Daemons, processes or programs that accept incoming connections, as a server would.
    D. Streaming media servers or any other server that broadcasts continuous data streams.
  17. FDU’s computing resources, including equipment,, network, services, and wiring may not be modified or extended beyond the areas of their intended use.
  18. Network connections may not be used to provide network access to anyone outside the University community or for any purposes other than those that are in direct support of the academic mission of the University.
  19. All computers connected to FDU’s network must run an operating system and configuration that is supported by its vendor with regard to security patches and updates, as well as antivirus software with current virus definitions. It is the user’s responsibility to keep their virus definitions up to date and to apply all critical operating system updates. For more information or questions email infosecurity@fdu.edu.
  20. Users may not alter the operating system or configuration of University owned computers without the explicit authorization of the Associate Vice President of Technology Infrastructure and CTO/CISO.

PERSONAL USE

Computing resources are created to support the instructional, research, and administrative activities of the University, and are the property of the University. Personal use of the University’s computing resources, except for students enrolled at the University , should be incidental and kept to a minimum. Use of such resources by an employee for other than work-related matters should be reasonable and limited so that it does not prevent the employee from attending to and completing work effectively and efficiently, does not incur additional cost to the University, and does not preclude others with work-related needs from using the resources, including the shared campus and Internet bandwidth.

Department Heads and other administrators may enact additional restrictions to further limit employees’ personal use of University computing resources. These restrictions may include but are not limited to: limiting time spent reading or writing personal email or visiting web pages, and limitations on acceptable content due to the possible exposure of screens to other individuals. Human Resources must be consulted, in advance, about any proposed restrictions.

SECURITY

Users should use any available methods to safeguard their data, including regular changes of passwords, making duplicates of files, and encrypting sensitive data. In the event that files have been corrupted as a result of intrusion, you should notify a system administrator immediately. Please note that FDU’s computing resources are not completely secure. It is possible that others will be able to access files by exploiting shortcomings in system security. For this and other reasons, FDU cannot assure confidentiality of files and other transmissions.

Information Systems and Technology (“IST”) and each of its departments attempt to provide reasonable security against damage to files stored on FDU’s computing resources by filtering all outgoing and incoming electronic mail for viruses and junk mail and making regular backups of systems. In connection with the University’s migration to Office 365, the University adopted a policy of retaining copy of each fdu.edu email for three (3) years. This means, regardless of individual user action, the University will maintain a copy of all email traffic for a period of 3 years.

In the event of lost or damaged files, a reasonable attempt will be made to recover the information; however, the University and the University Information Technology staff cannot guarantee recovery of the data or loss of data due to media failure, floods, fires, etc.

University Systems and Networking and each of its departments will make reasonable attempts to provide error-free hardware and software on our computing resources, however, it is not possible to guarantee this, and information provided by staff members is not guaranteed to be correct.

PRIVACY

Users should exercise caution when storing any confidential information in electronic format, because the privacy of such information cannot be guaranteed. User(s) must be aware that any personal files, including e-mail, maintained on University computing resources are University property and are subject to University storage, retrieval and review. Users of the University’s computing resources are hereby informed that they have no justified expectation of privacy in material processed, sent, or stored on or through the systems, and that the consent of the user to give access to his or her electronic documents is a condition precedent to the user’s use of University’s computer resources.

Even though the electronic data transmitted by or stored on University equipment is the property of the University, the IST staff will not normally log into another user account or access user’s files unless specifically granted permission by the user, or as otherwise permitted under this Policy. Student staff should avoid situations where helping another student or a faculty member would give them access to data relevant to a course that the student staff person is currently taking.

Exceptions to this practice are made under certain circumstances. These include: system backups, which access all files in a user’s account; software upgrades which may require editing startup files in a user’s account; diagnostic and trouble-shooting activities, which may, for example, require viewing the address headers of e-mail messages to determine the cause of problems; and keystroke monitoring of sessions to determine inappropriate use of the computing facilities. Another exception is a suspected violation of the tenets in this policy, the Student, Faculty, or Employee Handbooks, University employment policies, rules or practices or local, state or federal law, or as required by court order. In such situation(s), University computer resources in the possession of a user, or otherwise assigned to an individual, may be accessed, reviewed, duplicated and/or stored for later review by appropriate personnel without the user’s permission or knowledge.

Because employees are granted access to and use of FDU’s computing resources to conduct University business, the University reserves the right to access electronic mail messages left on or transmitted through the University’s computing resources. Employees should not assume that such messages are private and confidential or that the University or its designated representatives will not have a need to access and review this information. Individuals using the University’s computing resources should also have no expectation that any information stored on the University’s computing resources, whether the information is contained on a computer hard drive, computer disks, University or third party server or in any other manner, will be private.

In the event that user files need to be copied or viewed for reasons other than security, diagnostic, system backup or in compliance with law enforcement, or internal investigations authorized by the Associate Vice President of Human Resources and the General Counsel, University Systems and Networking staff may attempt to inform the user of this access.

The Family Education Rights and Privacy Act (FERPA) binds all users who have access to student data. Its application relevant to this Acceptable Use Policy centers on a student’s right to consent to disclosure of personally identifiable information. FERPA does permit certain information to be released without consent and this information is referred to as “Directory information”. To find out specifically what information you may or may not give out and to whom, you must contact the respective Dean of Students office.

POLICY VIOLATIONS

Policy violations should be reported immediately to any one of the individuals listed in Appendix 1.

Violations of this policy will be dealt with as described in the Student, Faculty and/or Employee Handbooks, any relevant contracts, and possibly State and/or Federal law or regulations. University students and employees who violate this Policy will be met with appropriate disciplinary action, up to and including dismissal, expulsion or termination from the University. Third parties who violate this Policy may have their relationship with the University terminated and their access to campus restricted. In addition, a user’s system privileges can be suspended for a specified time period or revoked and/or a monetary fine may be imposed on those in violation to reimburse the University for the staff time and other costs of investigating and rectifying the violation.

The University reserves the right to suspend computing resource privileges while investigating a complaint or troubleshooting a system or network problem.

This policy is subject to revision. Comments and suggestions are welcome and should be sent to Neal Sturm, Vice president & Chief Information Officer, mailstop M-DB2-01, or neal_sturm@fdu.edu.

This document will be reviewed semi-annually and is available both electronically and in printed form at each of the Campus Computing Centers.

It is the user’s responsibility to remain informed about the contents of this document.

Contacts

Neal Sturm
Vice president & Chief Information Officer
Mailstop M-DB2-01 973-443-8689 neal_sturm@fdu.edu

Saul Kleinman
Associate Vice President of Management Information Systems
Mailstop T-BH2-03 201-692-2065 saul@fdu.edu

Last Modified: icon icon Copy Link

Availability and Use of Google Apps

Resources for: Faculty Staff
icon Close

Effective Date: April 1st, 2021

I. Objective

Fairleigh Dickinson University (FDU) has adopted and standardized use of the Microsoft Office 365 Suite of products for University business. Some external entities, however, that conduct business with University employees utilize the Google Suite of products. This policy stipulates which Google applications will be made available to faculty and staff (not students) to enable collaboration with these external entities to conduct University business.

II. Purpose

Fairleigh Dickinson University (FDU) has adopted and standardized use of the Microsoft Office 365 Suite of products for University business. However, it is recognized that not all entities use Microsoft Office 365 as their platform and, from time to time, FDU faculty and staff may need the ability to collaborate with external entities that may be using the Google Suite of products. This policy stipulates which Google applications will be made available to faculty and staff to enable collaboration with these external entities.

  • Faculty and staff are reminded that in accordance with the University’s WISP policy, WISP protected data must not be stored or transmitted through any service, without the prior written authorization from the University Chief Information Security Officer.
  • As stated in the “Policy for Acceptable Use for Email”, Google Gmail is not available for use. All University business must be conducted through an FDU email account on Microsoft Office 365.
  • Faculty and staff may not use, or attempt to use, Google apps as a method of collaboration with students, faculty or staff. This FDU Policy on the Availability and use of Google Apps is expressly for the use with external entities only.
  • This Policy on the Availability and use of Google Apps applies only to use of Google applications by faculty and staff, and not FDU students.
  • Microsoft Office 365 is the only FDU supported platform for email and collaboration.
  • Google Apps are not supported by FDU IT personnel.

III. Scope

This policy applies to all FDU faculty and staff, wherever located throughout the world. Students will NOT have access to the fdu.edu Google Apps suite of products.

IV. Data Security Coordinator

The University has designated the Chief Information Security Officer, working together with the Data Security Information Response Team (DSIRT) and the USAN Director of Systems, to implement, supervise and maintain this Policy.

V. Internal Risks

To combat internal risks to the security, confidentiality, and integrity of any electronic, paper or other records, adherence to this Policy and the WISP will be strictly enforced.

VI. External Risks

To combat external internal risks to the security, confidentiality, and integrity of any electronic, paper or other records, adherence to this policy and the WISP will be strictly enforced.

VII. In Case of Questions

Questions regarding the availability of Google Apps can be directed to the University Technical Assistance Center (“UTAC”) at (973)-443-8822. The UTAC is available 24×7.

  • Please note that the UTAC is not able to provide application support on the Google suite of products.

VIII. Other Applicable Policies

IX. Exceptions

Requests for exceptions to this Policy should be directed in writing to the Chief Information Security Officer via The University Technical Assistance Center (“UTAC”) at 973-443-8822. Only the Chief Information Security Officer, in consultation with the DSIRT and the USAN Director of Systems, may grant such exceptions and will do so only after careful review and in writing.

X. Appendix

X1.1 Google Apps Available to Faculty and Staff

Note

These applications may only be used in collaboration with outside entities who use Google applications as their sole source of collaboration and request the use of any one of these application for official FDU business use. Any other use of these applications by FDU faculty and staff is a violation of this Policy.

Services Descriptions
AssignmentsAssignments brings together the capabilities of Google Docs, Drive and Search into a tool for collecting and grading student work.
CalendarGoogle Calendar is a web-based tool for personal scheduling and calendar sharing. It can be accessed through either a Web browser or through a third-party calendar client.
ClassroomGoogle Classroom enables teachers to create an online classroom area in which they can manage all the documents that their students need.
Drive and DocsGoogle Docs is an online word processor that lets you create and format text documents and collaborate with other people in real time. Google Drive on the web lets you store, access, and edit your files anywhere — on the web, on your hard drive, or on the go.
Google MeetGoogle Meet enables conversations with photos, emoji, group video calls for free. You can connect across computers, Android and Apple devices.
Google VaultVault is an information governance and eDiscovery tool for Google Workspace. With Vault, you can retain, hold, search, and export users’ Google Workspace data.
Groups for BusinessGoogle Groups for Business is an extended service available for G Suite users that allows you and other members in your organization to access the main Google Groups interface located at groups.google.com.
JamboardGoogle Jamboard is an online, collaborative whiteboarding application that lets you create, edit, and collaborate with other people in real time. Google Jamboard applications can be accessed on the Web, Android, and iOS.
KeepGoogle Keep is a note-taking service included as part of the free, web-based Google Docs Editors suite offered by Google
TasksGoogle Tasks is a simple to-do list—but with lists, subtasks, and mobile notifications, it has the basics you need to stay productive and keep track of the most important things you need to do.
Applied Digital SkillsApplied Digital Skills is a free, flexible video-based curriculum that prepares students for the growing number of jobs that require basic digital skills, such as email and spreadsheets.
Google Ad ManagerGoogle Ad Manager is an ad exchange platform introduced by Google on June 27, 2018. It combines the features of two former services from Google’s DoubleClick subsidiary, DoubleClick for Publishers and DoubleClick Ad Exchange.
Google AdsGoogle Ads is Google’s online advertising program. Through Google Ads, you can create online ads to reach people exactly when they’re interested in the products and services that you offer
Google AdSenseGoogle AdSense is an advertising program launched by Google in 2003 that allows website publishers to display targeted text, video, or image advertisements on website pages.
Google AlertsGoogle Alerts is a tool that allows you to track your chosen keywords and phrases so that you never miss another important conversation.
Google AnalyticsGoogle Analytics generates detailed statistics about a website’s traffic and traffic sources and measures conversions and sales
Google Cloud PlatformGoogle Cloud Platform is a suite of public cloud computing services offered by Google. The platform includes a range of hosted services for compute, storage and application development that run on Google hardware.
Google Cloud PrintGoogle Cloud Print is a web service offered by Google. Users associate printers with their Google Account.
Google Data StudioData Studio is Google’s reporting solution for power users who want to go beyond the data and dashboards of Google Analytics.
Google EarthGoogle Earth is the most photorealistic, digital version of our planet.
Google My MapsGoogle My Maps is your way to keep track of the places that matter to you.
Google PaymentsGoogle Pay (stylized as G Pay; formerly Pay with Google and Android Pay) is a digital wallet platform and online payment system developed by Google to power in-app and tap-to-pay purchases on mobile devices, enabling users to make payments with Android phones, tablets or watches.
Google PlayIn Google Play, the app description is split into two fields: Short Description, a limited 80 characters preview field and. the Full Description field, giving you space for an up to 4000 characters long app description.
Google Play ConsoleGoogle App Store
Google Search ConsoleThe Search Console lets you, as a webmaster, check on the status of the indexing Google does on your site, helping you to optimize your page visibility in Google search results. Get data, tools and diagnostics for a healthy, Google-friendly site.
Google TakeoutGoogle Takeout is a service that allows users of Google products, such as YouTube, Gmail, etc., to export their data to a downloadable ZIP file.
Managed Google PlayManaged Google Play Managed Google Play is a version of Google Play that’s optimized for enterprises.
Material GalleryMaterial Gallery is a collaborative tool for uploading design work, getting feedback, and tracking revisions – quickly and efficiently.
Partner DashPartner Dash is a service that hosts several applications used by Google’s partners to manage their relationships with us. Some of these applications are invite-only, while others are publicly available to anyone logged in with a Google Account.
Scholar ProfilesThe Google Scholar Profile search pane in Publish or Perish allows you to look up a Google Scholar profile and analyze the associated publication metrics.
Search And AssistantGoogle Assistant is Google’s artificial intelligence-powered voice assistant, which grew out of Google Now.

Last Modified: icon icon Copy Link

Due to the increasing demand of the academic computer facilities, a general document detailing the policies for computer lab reservations has been outlined. The purpose of the computer lab reservation policy is to provide faculty, staff and students with equitable access to campus computing lab resources. Most computer labs are used as classrooms and they are available for open-access use when there are no classes in session.

  1. There are currently four Computing Services computer labs which can be used for classroom instruction on each campus. They are: D206, D207, D208, and D209 located in the Dreyfuss Building on the Florham Campus. The computer labs located on the Metropolitan Campus are: DH2163 and DH2164 in Dickinson Hall and UH Front Lab (UH22) and UH Back Lab (UH28) in University Hall. Also, there are three multimedia labs; two on the Florham campus and one on the Metropolitan campus. The multimedia labs for the Florham Campus are: D211-Animation Lab and ZEN110 – Graphic Design Lab) located in the Dreyfuss and ZEN Buildings. On the Metropolitan campus, the multimedia lab (MML) is located in Becton Hall Room 403. The multimedia labs are primarily used for courses offered by the FDU School of Arts. All labs used for classroom instruction and general use are equipped with a LaserJet printer and data projector. The Animation Lab is equipped with 3-D printers. All multimedia labs are equipped with ZOOM capability to support hybrid instruction.
  2. To reserve a computer lab, a faculty or staff member must fill out a Lab Reservation Request Form, preferably prior to the start of a semester. This form must be signed by the instructor who will be teaching the course. The lab reservation request form is available at the Office of Enrollment Services, the Lab Assistant station of any Computing Services office, and on the web at Lab Reservation Form This form must be filled out completely and accurately to prevent processing delays.
  3. Requests for the entire semester are processed on a first come first serve basis. These requests are processed by the Scheduling Officers in the department of Enrollment Services.
  4. Requests for specific dates during the semester are processed on a first come first serve basis. These requests are processed by the Lab & Operations Manager in the department of Computing Services. If all labs are occupied during the requested time, instructors will be asked to either choose a different date or time or plan to make arrangements with other instructors who have the lab reserved during that time. If an agreement cannot be reached with another instructor, the instructor requesting to use the lab should then approach the Dean of their department with the request. If the Dean is not able resolve the issue, the request should be taken to the Campus Executive for the final decision.
  5. Confirmations will be emailed to the departments or individual instructors making the request. Requests made during the semester will be confirmed based on the preference selected by the requestor on the Lab Reservation Request Form. The processing time for all lab requests made during a semester is one week. Please keep this in mind when submitting your lab reservations. To ensure you receive your confirmation in time, submit your reservation one week or more prior to the day the lab is needed. For instructions on How to Reserve a Computer Lab, please see the article listed below.
  6. Any changes made to the original request in day, time, or location will be treated as a new request.
  7. The requestor is responsible for enforcing all lab rules during the time the lab is scheduled. If a student or faculty member is violating lab rules, the lab assistants have the right to approach the individual at that time. To prevent interruption during class time, we stress that the lab rules be adhered to by all occupants including faculty and staff.
  8. Faculty and staff who have reserved a lab are responsible for notifying the Lab & Operations Manager if the course or the request has been cancelled. This will allow the Computing Services department to keep an updated and accurate schedule.
  9. If a scheduled class is absent for three consecutive weeks without prior notification, the lab reservation will be cancelled, and future reservations will be subject to further questioning before a confirmation is received.

If you have any questions regarding the lab reservation policy, please contact Lauren Elgin via email at: lauren@fdu.edu.

Last Modified: icon icon Copy Link

Confidentiality Agreement and Security Policy

Resources for: Faculty Staff
icon Close

Select employees of Fairleigh Dickinson University may be required to engage with confidential University data.

The FDU Confidentiality Agreement and Security Policy defines your obligations under Federal and State guidelines to preserve the security and confidentiality of this information.

Confidentiality Agreement and Security Policy

Fairleigh Dickinson University regards security and confidentiality of data and information to be of utmost importance. Each individual granted access to electronic and/or hard copy data holds a position of trust and must preserve the security and confidentiality of the information to which he/she is granted access to. Therefore, it is the intent of this policy to ensure that University data, in any format, is not divulged outside of Fairleigh Dickinson University without explicit approval to do so by an Associate Vice-President of the University or higher who has responsibility for the data in question. As such, the University requires all users of data to follow the procedures outlined below:

Policy on Confidential Information

Users of University data are required to abide by all applicable Federal and State guidelines and University policies regarding confidentiality of data, including the Family Education Rights and Privacy Act (“FERPA”) and, as applicable, The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). For more information, see FERPA and HIPAA).

Confidential Information shall be defined as:

  • regarding student, faculty or staff: any personally-identifiable records, financial records (including social security and credit card numbers), health records; contracts, research data; alumni and donor records; personnel records other than an individual’s own personnel record;
  • regarding the University: University financial data; computer and system passwords, University issued PINS, University proprietary information/data; and
  • any other information for which access, use, or disclosure is not authorized by: 1) federal, state, or local law; or 2) University policy.

The individual receiving the Confidential Information shall have no obligation under this Policy with respect to Confidential Information which:

  • is or becomes publicly available without breach of this Policy by the recipient;
  • is rightfully received by the recipient without obligations of confidentiality; or
  • is developed by the recipient without breach of this Policy; provided, however, such Confidential Information shall not be disclosed until thirty (30) days after written notice of intent to disclose is given to the University officer who has responsibility for the data in question, along with the asserted grounds for disclosure;
  • is disclosed in accordance with any “whistle blower” action as provided in the U.S. False Claims Act, the New Jersey Conscientious Employee Protection Act (“NJCEPA”), or similar legislation. (Brief overview of the NJCEPA is available at here.

Any individual with authorized access to the Confidential Information is given access solely for the business of the University and must not divulge the Confidential Information outside of the University except for University business requirements approved by the President of the University or the division head responsible for the data in question. Specifically, with respect to Confidential Information, individuals must:

  1. Access Confidential Information solely in order to perform his/her job responsibilities.
  2. Not seek personal benefit or permit others to benefit personally from any Confidential Information that has come to them throughout their work assignments.
  3. Not make or permit unauthorized use of any Confidential Information in the University’s information system or other records.
  4. Not enter, change, delete or add data to any information system or files outside of the scope of their job responsibilities.
  5. Not include or cause to be included in any record or report, a false, inaccurate or misleading entry known to the user as such.
  6. Not alter or delete or cause to be altered or deleted from any records, report or information system, a true and correct entry.
  7. Not release Confidential Information other than what is required in completion of job responsibilities which is consistent with this Policy.
  8. Not exhibit or divulge the contents of any record, file or information system to any person unless it is necessary for the completion of their job responsibilities.

It is the individual’s responsibility to immediately report, as outlined under “Information Security Breech and Violation Reporting” at the end of this Policy, if the individual has violated this Policy. Additionally, given the potential harm that the University may suffer with the release of any Confidential Information, all employees are strongly encouraged to report any suspected violation of this policy or any other action, which violates confidentiality of data, as outlined at the end of this policy.

Security Measures and Procedures

All users of University information systems, including Datatel, MS File shares and FDU Office 365 email accounts, are supplied with an individual user account to access the data or systems necessary for the completion of their job responsibilities. Users of the University information systems are required to follow the procedures outlined below:

  1. All transactions, processed by a user ID and password, or PIN, are the responsibility of the person to whom the user ID was assigned. The user’s ID, password, and PIN must remain confidential and must not be shared with anyone.

• Using someone else’s user ID, password or PIN is a violation of policy, no matter how it was obtained.

• Your user ID, password or PIN provides access to information that has been granted specifically to you. To reduce the risk of shared passwords – remember not to post your password or PIN on or near your workstation or share your password or PIN with anyone.

• It is your responsibility to change your password immediately if you believe someone else has obtained it.

Note: If you need your Password or PIN changed, please contact the University Technical Assistance Center (UTAC) 973-443-8822 immediately.

  1. Access to any student or employee information (in any format) is to be determined based on specific job requirements. The appropriate Department Chair, School Director, Department Director/Manager, Dean, Provost, and/or Vice President is responsible for ensuring that access is granted only to authorized individuals, based on their job responsibilities. Written authorization must be received by the Computer Center prior to granting system access.

You are prohibited from viewing or accessing additional information (in any format) unless you have been authorized to do so. Any access obtained without written authorization is considered unauthorized access.

In order to prevent unauthorized use, the user shall log off of all applications that provide access to confidential information, or lock their computer when leaving their workstation. This is especially important during breaks and lunch. Unless there is a specific business need, all workstations should be shut down at the end of the workday.

Note: If you require assistance in establishing your workstation password, please access the screensaver documentation or contact the University Technical Assistance Center (UTAC) at 973-443-8822.

  1. If you have any reason to believe your password or PIN has been compromised or revealed inadvertently, you should change your password and immediately notify one of the individuals as outlined under “Information Security Breech and Violation Reporting” at the end of this policy.

Note: All University’s computer system will periodically prompt you to change your password.

  1. Upon termination or transfer of an employee, Human Resources will notify University Systems and Security, who in turn will notify the appropriate areas in the Computer Center.
  1. Generally, students, temporary employees and consultants should not have access to the University record system. Written approval by the Department Chair, School Director, Department Director/Manager, Dean, Provost, and/or Vice President in charge of the respective area is required if it is determined that access is required. The student, temporary employee or consultant is to be held to the same standards as all University employees, and must be made aware of their responsibilities to protect student and employee privacy rights and data integrity. Written authorization must be received by the Computer Center prior to granting system access.
  1. You agree to properly secure and dispose of any outputs or files you create in a manner that fully protects the Confidential Information.

Additionally, I understand that if granted access to process transactions via Datatel data entry screens, any information I enter or change will be effective immediately. Accordingly, I understand that I am responsible for any changes made using my ID.

I understand that my access to University data is for the sole purpose of carrying out my job responsibilities and Confidential Information is not to be divulged outside of The University, except as previously stated.  Breach of confidentiality, including aiding, abetting, or acting in conspiracy with any other person to violate any part of this policy, may result in sanctions, civil or criminal prosecution and penalties, employment and/or University disciplinary action, and could lead to dismissal, suspension or revocation of all access privileges. I understand that misuse of University data and any violation of this policy or the FERPA, HIPAA or GLB policies are grounds for disciplinary action, up to and including dismissal.  This Agreement shall not abridge nor supersede any rights afforded faculty members under the Faculty Handbook.

Information Security Breech and/or Policy Violation Reporting

If you suspect an Information Security Data Breech or a violation of this policy, report such an event to your department chair or staff supervisor and send an immediate email to violation@fdu.edu. If you do not have immediate access to email, contact the University Technical Assistance Center (UTAC) at 973-443-8822; do not provide details but request a ticket be opened with University Systems & Security due to a information security data breech or policy violation requesting an immediate callback. When practical, also send an email to violation@fdu.edu.


Last Modified: icon icon Copy Link

Fairleigh Dickinson University vigorously enforces United States copyright law. When utilizing the FDU Local Area Network or FDU provided Internet Access, you are required to adhere to all existing US copyright laws.

To view the full statement of law, please visit:

Failure to comply with this document can result in FDU disciplinary action as well as civil and criminal penalties.

Last Modified: icon icon Copy Link

Fairleigh Dickinson University is concerned about the health and safety of its students, faculty, staff, and visitors. Since 2007, FDU has used FDU Alert to expand and enhance its emergency notification methods. FDU Alert can be used to provide pertinent information and instructions to the FDU community through voice, text, and email messaging. FDU Alert provides the technology to rapidly mass broadcast health, safety and informational messages to keep the FDU community informed and safe in times of emergency and other urgent situations. Examples of unforeseen events and disruptions include snow days, floods, power outages, campus incidents and major schedule changes.

Every second counts when a crisis or disaster strikes. FDU Alert provides a means to send broadcast messages to the FDU community, via a variety of communication methods (including land-line, mobile, and satellite phones, email, instant messaging, text messaging, fax, pager, and more), quickly and efficiently. The objectives of FDU Alert are to reach people quickly, disseminate important information, and reduce miscommunications in emergency situations.

It is highly important that the FDU community embrace FDU Alert and registers and maintains communications devices (done through Webadvisor at (http://webadvisor.fdu.edu/). In return, registered users of FDU Alert will be ensured of the judicious and appropriate use of FDU Alert as described in the FDU Alert Use Policy.

Last Modified: icon icon Copy Link

FDU Procedure on Handling Data on Separating Employees

Resources for: Faculty Staff
icon Close

I. OBJECTIVE

Create a standard procedure by which Manager’s and their employee’s transfer University data during the period of time from when an employee makes their intention clear that they are separating from the University or the transfer of University data at the time of an employee’s involuntary separation from the University.

II. PRODUCURES

Voluntary Separation

It is the manager or direct supervisor’s responsibility to work with the separating employee to extract any data or files that reside locally on their computer that would be needed for business continuity. The supervisor should also ensure they understand what shared drives the separated employee used and have access to those drives if need be.

Using appropriate security precautions, the manager should meet several times with the separating employee to ensure all information is transferred over either email, a shared drive, One Drive or a thumb drive.

During the separation process, through the Employee Separation Checklist, the employee’s manager can select the ability to access the separating employee’s email for up to 30 days and/or forward emails addressed to the separated employee for up to 60 days.

Upon receiving the separation notice, Computing Services will validate through our Backup system that the separating employee’s complete laptop or desktop Image has been backed up.

Computing Services will manually trigger an additional backup within three days of separation.

Immediately upon the effective date of the separation, the separating employee’s manager is responsible for turning over the separating employees’ computer to Computing Services.

Computing Services will store the computer for 14 days as a precaution, and then wipe the data from that computer, reimage the computer, and shelf the computer for redistribution.

If it is discovered that information that resided on the separated employee’s computer was missed during the separation process and needs to be retrieved at a later point, the supervisor would need to contact the Vice President of Human Resources and request the specific data that would need to be recovered from our Backup system.

Involuntary Separation

Upon the dismissal of the individual, Human Resources, would immediately engage Computing Services as well as the direct supervisor to view and extract any data that might be needed by the department to ensure business continuity. This would take place as soon as possible from the date of dismissal.

If a legal hold is required, Computing Services and USAN would be notified and the existing processes of extracting and encrypting the hard drive as well as protecting all email correspondence would be executed. Computing Services would then remove the computer.

If a legal hold is not required, Computing Services will validate through our Backup system that the dismissed employee’s Image has been properly backed up and remove the computer.

Computing Services will store the computer for 14 days as a precaution, and then wipe the data from that computer, reimage the computer, and shelf the computer for redistribution.

If it is discovered that information that resided on the separated employee’s computer was missed during the separation process and needs to be retrieved at a later point, the supervisor would need to contact the Vice President of Human Resources and request the specific data that would need to be recovered from our Backup system.

III. IN CASE OF QUESTIONS

Questions regarding this procedure can be directed to the Vice President of Human Resources.


Last Modified: icon icon Copy Link

Interactive Television (ITV)

Resources for: Faculty Staff
icon Close

The Interactive Television (ITV) classrooms are located in Dickinson Hall 1132 (Metropolitan Campus), Dreyfuss 214 (Florham Campus), Sarah Sullivan (Florham Campus), Moninger 105, Moninger 107, Moninger 119 (Florham Campus) and School of Pharmacy 104 and 208 and FDU Vancouver. The ITV rooms can be used for conducting inter-campus classes, classes with students at remote locations equipped with ITV, inter-campus meetings, or meetings and events with other colleges, universities, or organizations equipped with ITV. The ITV rooms can be scheduled by an authorized officer of a group or organization on campus for conducting official University business. Scheduling is on a first-come, first-serve basis, with the exception that priority is always given to classes using the ITV room.

For reservations please call (973)-443-8822.

ITV Meeting Policies

This policy pertains only to the ITV rooms managed by the Office of Academic Technology (on the Metro campus DH 2245 and DH 1132, and in Florham Dreyfuss 214, Sarah Sullivan, Moninger 105, Moninger 107 and Moninger 119). For policies pertaining to other rooms, please contact the individuals responsible for the relevant rooms.

Ending your meeting on time

Please be sensitive to the fact that other meetings are often scheduled immediately after the end of yours, and the participants in these meetings also have busy schedules and important business to discuss. Even when there is no meeting scheduled after yours, our employees must properly close the room and shut down the equipment and therefore must wait for you to finish before they can move on to other activities. Therefore, when your meeting time has come to an end, you must vacate the room. Individuals who or groups that fail to vacate the room in a timely fashion more than two times will not be allowed to book the ITV room for future meetings.

Cancellation Policy

Please let us know as soon as possible if you must cancel a meeting, but at least 24 hours prior to your meeting. Individuals who cancel more than two meetings without notifying the Office of Academic Technology will not be allowed to book the ITV room for future meetings.

Meeting conflicts

Meetings are usually scheduled solely on a first-come, first-served basis. If somebody else has booked a meeting when you need the ITV room, you must negotiate with the host of the conflicting meeting. The Office of Academic Technology will not intervene.

ITV priority for DH 2245

DH 2245 is also available for scheduling non-ITV meetings or events. However, if ITV capability is needed at the same time, you will be asked to find another room. The rationale for this policy is that there are many other non-ITV rooms, but only two ITV rooms on the Metropolitan campus.

Scheduling Meetings

No meetings will be scheduled for ITV until after the ITV course schedule for that semester has been finalized. You may request your meeting in advance, but if a class ends up being scheduled at the same time as your meeting you will need to re-schedule your meeting. Classes always get first priority for ITV scheduling.

Inter-campus meetings

If you are scheduling an inter-campus meeting between the College at Florham and the Metropolitan Campus, you must request the ITV at least 24 hours prior to your meeting. This lead-time is necessary in order for the Office of Academic Technology to allocate appropriate personnel to the ITV room. You may schedule such meetings by calling the Office of Academic Technology at x8822 or (973)-443-8822 on the Metropolitan campus.

ITV Classrooms

Food & Drink Policy

The ITV classrooms contain sensitive and expensive equipment that could easily be damaged by spilled drinks or contamination by food particles. Also, the rooms do not receive regularly scheduled janitorial service. For these reasons: No food or drink is allowed under any circumstances in the ITV classrooms. Sealed containers are allowed provided that the container is not opened at any time while in the ITV classroom. If you are observed with food or drink you will be asked to remove this item from the ITV classroom.

Instructors are asked to enforce the no food or drink policy with the students in their classes, if members of a given class repeatedly viola this policy, the instructor will not be permitted to schedule the ITV classroom for future classes.

DH 2245 is configured differently and has different equipment, and as such food will be allowed in DH 2245. Any buffet set-up should be done in the adjoining kitchen area. Please ensure that all guests or meeting attendees exercise care with the food and keep the food at the table area.

ITV Class Policies

ITV Classrooms Procedures for semester long courses

This policy pertains only to the ITV rooms managed by the Office of Academic Technology (on the Metro campus DH 2245 and DH 1132, and in Florham Dreyfuss 214, Sarah Sullivan, Moninger 105, Moninger 107 and Moninger 119). For policies pertaining to other rooms, please contact the individuals responsible for the relevant rooms

Proposing a course for ITV delivery

Instructors, Chairs, or Directors may propose a course for ITV delivery after receiving approval from the relevant Chair, Director, or Dean. ITV courses are proposed at least one full semester in advance of the start date for the course.

Requesting the ITV rooms for a course.
To request the ITV rooms, call (973)-443-8822

Training Policy

No instructor may be scheduled to teach in the ITV room unless he or she attends training on using the sophisticated ITV equipment. Training should be scheduled as soon as possible after the instructor is identified, preferably a month prior to the start date of the course. To arrange for training, please contact call (973)-443-8822.

Cancellation Policy

If you must cancel a class, please let the Office of Academic Technology know as soon as possible and at least one full business day prior to your class. Instructors who cancel more than two class sessions without notifying the Office of Academic Technology will not be allowed to book the ITV room for future courses.

ITV Classrooms Food & Drink Policy

The ITV classrooms in contain sensitive and expensive equipment that could easily be damaged by spilled drinks or contamination by food particles. Also, the rooms do not receive regularly scheduled janitorial service.For these reasons:

No food or drink is allowed under any circumstances in ITV classrooms. Sealed containers are allowed provided that the container is not opened at any time while in the ITV classroom. If you are observed with food or drink you will be asked to remove this item from the ITV classroom.

Instructors are asked to enforce the no food or drink policy with the students in their classes. If members of a given class repeatedly violate this policy, the instructor will not be permitted to schedule the ITV classroom for future classes.

DH 2245 is configured differently and has different equipment, and as such food will be allowed in DH 2245. Any buffet set-up should be done in the adjoining kitchen area. Please ensure that all guests or meeting attendees exercise care with the food and keep the food at the table area.

For these reasons:

  • No food or drink is allowed under any circumstances in ITV classrooms. Sealed containers are allowed provided that the container is not opened at any time while in the ITV classroom. If you are observed with food or drink you will be asked to remove this item from the ITV classroom.
  • Instructors are asked to enforce the no food or drink policy with the students in their classes. If members of a given class repeatedly violate this policy, the instructor will not be permitted to schedule the ITV classroom for future classes.
  • DH 2245 is configured differently and has different equipment, and as such food will be allowed in DH 2245. Any buffet set-up should be done in the adjoining kitchen area. Please ensure that all guests or meeting attendees exercise care with the food and keep the food at the table area.

ITV Help Information

For Problems, Call the Help Desk at (973)-443-8822.

Last Modified: icon icon Copy Link

With so many threats to your online data, it has never been more important to have a thorough understanding of password security protocols. Towards this end, FDU IT strongly recommends that you familiarize yourself with the information outlined in our Password Policy. You will not only gain an understanding of your responsibilities as a member of our community, but you will also learn helpful tips for password selection and insight into our password construction rules and password change frequency.

1. Overview

1.1 Purpose of Policy

Passwords are an important part of Fairleigh Dickinson University’s [herein after referred to as FDU’s] efforts to protect its technology systems and information assets by ensuring that only approved individuals can access these systems and assets.

FDU recognizes that passwords have serious weaknesses as an access control. For some higher-risk systems, other approved authentication methods that provide higher levels of trust and accountability may be used.

Since most of FDU’s systems continue to rely on passwords alone, this policy is designed to address their weaknesses by establishing best practices for the composition, lifetime and general usage of passwords.

1.2 People Affected

All members of FDU’s student, faculty and staff population as well as all contractors and temporary staff who are approved to access the University’s network and systems.

1.3 People Responsible

The Chief Information Security Officer in consultation with the Data Security Incident Response Team shall be responsible for implementing, changing, enforcing and communicating this policy.

1.4 Structure of Policy

  • Policy schema
  • End users’ responsibilities
  • Help desk operators’ responsibilities
  • System developers’ and administrators’ responsibilities

1.5 Enforcement

This policy will be enforced by technical controls wherever feasible; otherwise, this policy will be enforced by line management.

All members of FDU’s faculty and staff have a responsibility to promptly report any known instances of noncompliance to the CISO.

1.6 Consequences of Noncompliance

Failure to comply with this policy can result in disciplinary action as set out in FDU’s Written Information Security Policy [herein after referred to as WISP].

1.7 Language

In the Responsibilities sections of this policy (3, 4 and 5), the keywords “must,” “must not,” “should,” “should not” and “may” are to be interpreted as follows:

  • “Must” and “must not” mean that compliance with the policy statement is mandatory.
  • “Should” and “should not” mean that compliance with the policy statement is strongly recommended. While these recommendations are not required if technical, operational or business issues make them infeasible, supporting rationale may be requested when audit or compliance review findings cite those responsible for noncompliance.
  • “May” means that compliance with the policy statement is recommended but optional.

2. Policy Schema

2.1 Password Confidentiality

A password can provide effective authentication if and only if it is known only to the individual user. End users will ensure the confidentiality of their passwords at all times. System developers and administrators will ensure that whenever technically possible, systems do not store passwords in clear text.

Administrative processes may necessitate temporary exceptions to this principle, but these will be kept to an absolute minimum.

2.2 Password Construction

Password length and complexity requirements provide resistance to common kinds of attacks. Because of technology constraints, password construction rules may vary from one system to another, but they will meet (or exceed) these requirements wherever possible.

FDU recognizes that long and complex passwords may be difficult for users to remember, and thus, this policy provides guidance to end users on how to construct a memorable password that meets (or exceeds) these requirements.

2.2.1 Password Construction Rules

A password will be made up of:

  • Eight (8) or more characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one digit (0 through 9)
  • At least one special character ($, @, # and so on)

A password will not include a single instance of a dictionary word.

Note: The above rule is enforceable only on some systems.

A password will not include:

  • The user’s user ID or email address
  • The name of a group the user account belongs to

A password should not contain anything that is meaningful to the user, such as a name (either real or fictional), a date (such as family birthdays and anniversaries), telephone numbers, postal codes and car registration numbers.

Note: The above is not enforceable on any system.

2.3 Password Change and Reuse

Users will be forced to change their passwords periodically in order to minimize the window of opportunity for an attacker who has discovered a user’s password.

A user’s new password will be completely different from any recently used password.

A user will be free to choose a new password at any time. However, performing multiple changes in quick succession to enable continued use of a recently used password will be prohibited.

2.3.1 Password Change and Reuse Rules

A user will change his or her password every 84-90 days depending on the system.

  • Datatel/Ellucian password life is set at 84 days
  • Alpha password life is set at 84 days
  • Windows Desktop/Office365/NetID password life is set at 90 days
  • Others not specifically identified shall be 90 days

NoteThe above rule may not be enforceable on all systems.

A user’s password will be different from his or her previous (X) passwords as follows:

  • Datatel/Ellucian: 5
  • Alpha: 5
  • Windows Desktop/Office 365 and NetID: 10
  • Others not specifically identified shall be 10

Note: The above rule is only enforceable on some systems.

2.4 Password Entry

Whenever technically possible, the password field in a login panel will be configured to mask the password entered by a user to minimize the risk of opportunistic observation by another.

A system will allow multiple successive login attempts (“grace logins”). If the password is not correct on the last allowed attempt, the user’s account will be suspended, and the user will have to contact the University Technical Assistance Center (UTAC) and open a ticket to resume the account and, if necessary, reset the password.

2.4.1 Password Entry Rules

A system will allow between 5 and 10 failed login attempts as noted below:

  • Datale/Ellucian: 5
  • Alpha: 5
  • Windows Desktop/Office 365/NetID: 10
  • Others not specifically identified shall be 10

Note: This rule is enforceable on only some systems.

2.5 Password Storage

Whenever technically possible, a system will not hold passwords in clear text; it will use an approved irreversible cryptographic transform to protect its users’ passwords.

A system that stores users’ passwords for other systems, and brokers those passwords to those systems on behalf of the user, will use an approved (reversible) encryption algorithm.

3. End Users’ Responsibilities

If you are an end user of FDU’s systems, you have the following responsibilities regarding the password you use on any of FDU’s systems. (See 1.7 Language section for the meanings of the terms in bold type.)

These responsibilities apply even if the system does not enforce any specified rules:

  • You must keep your password confidential at all times.
  • You must not disclose your password to anyone, including FDU’s management and technical support staff, even if they demand it.
  • If this happens, you must escalate to the CISO immediately. You should not use any password that you use on any FDU systems on any external system (including Internet banking and social networking services).
  • You should not write down your password.
  • You should not use the “remember password” feature in any Web browser.
  • You must only use a “password keeper” or “password wallet” software or service that has been approved by policy or otherwise in writing by the CISO.
  • You must choose a password that meets or exceeds the length and complexity requirements set out in 2.2.1 Password Construction Rules section.This is your responsibility even if these rules are not enforced by a particular system. Sometimes, technical restrictions on a system do not allow you to choose a password that meets these requirements. Such systems are enumerated in Schedule [X], along with the password construction rules that apply.
  • You should choose a password that meets or exceeds the other requirements set out in 2.2.1 Password Construction Rules section.

A help desk operator, system administrator or other user should never ask you to choose a password that doesn’t meet requirements (g) and (h). If this happens, you must escalate to the CISO immediately.

Further, if any help desk operator asks you to change your password on a portal that does not use an HTTPS website with an SSL lock, you should escalate to the CISO immediately.

The following rules, (i) to (l), are enforced on most systems. If the rules are not enforced by the system, you are still expected to comply.

  • You must change your password at least every 90 days.

There is no need to access a rarely used system just to change an old password. Most systems will automatically expire the password after 90 days, and you will be prompted to change the password when you next log in.

  • You should not use any of your previous six (5) passwords.
  • You should choose a new password that has no more than four (4) characters in a row in common with your current password.

For example, if your password is “anTelope1,” a new password of “anTelope2” is not acceptable, but “anTecede1” is.

  • You should not change your password more than twice in any three (3) days.

Tips for Choosing a Good Password (Advisory)

The length and complexity requirements may appear to make it hard to choose a password that is easy to remember, but it can be pretty straightforward to do so.

A password that meets the minimum length requirement must be rather complex. You can readily construct such a password from the initial letters of a favorite quotation, song lyric, poem and so on, capitalizing some letters, and substituting a number or special character in an appropriate place.

For example:

  • Ww1dwysm — What would I do without your smart mouth?
  • Itwbtd2A — In the week before their departure to Arrakis.

A “very long” password can be relatively simpler. Choose three simple words, capitalizing some letters, and link them with a number or special character.

For example:

  • gorilla8banana@SanDiego

4. Help Desk Operators’ Responsibilities

If you are an FDU IT technician or a system administrator providing support normally done by the help desk, you have the following responsibilities regarding users’ passwords on any of FDU’s systems that you support. (See 1.7 Language section for the meanings of the terms in bold type.)

  • When a user asks you to reset his or her password, you must corroborate the user’s claimed identity in line with approved procedures in Appendix A.
  • You must not disclose a user’s new password to anyone other than the user himself or herself.
  • You must not write down a user’s new password.
  • You must not send any new password to a user electronically.
  • You must not ask any user to tell you his or her password.

5. System Developers’ and Administrators’ Responsibilities

If you are a system developer or system administrator, you have the following responsibilities regarding the passwords used on any of FDU’s systems that you own, develop or maintain. (See 1.7 Language section for the meanings of the terms in bold type.)

If compliance with (a), (c), (g), (h), (i), (j) or (k) is not technically feasible because of system constraints, contact the CISO to agree on and document the exception.

  • You must configure each system to require that any user’s password meets the length and complexity requirements set out in 2.2.1 Password Construction Rules section.
  • You should configure each system to require that any user’s password meets as many of the other requirements set out in 2.2.1 Password Construction Rules section as are technically feasible.
  • You must configure each system to force a user to change his or her password every 90 days.
  • You should configure each system to prohibit a user from using any of his or her previous five (5) passwords.
  • You should configure each system to prohibit a user from choosing a new password that has more than four (4) characters in a row in common with his or her current password.
  • You should configure each system to prohibit a user from changing his or her password more than twice in any three (3) days.
  • You must configure the password field in a login panel to mask the password entered by a user to minimize the risk of opportunistic observation by another.
  • You must configure each system to allow 5 successive login attempts (“grace logins”). If the password is not correct on the 5th attempt, the system must suspend the user’s account such that the user will have to contact an administrator to resume the account and, if necessary, reset the password.
  • Passwords must be implemented in the strongest form the system supports and supports the intended business function. You should implement a cryptographic transform to protect the passwords of the users on each system

5.1 Requirements for Third-Party Systems

All mandatory requirements noted in this section (that is, those denoted by “must” or “must not”) constitute part of the minimum security specification for third-party system software that FDU acquires and implements. That is, it is essential that system software enables system developers and administrators to fulfill these responsibilities.

If a third-party system cannot meet the minimum security specification, contact the CISO to agree on and document the exception.

All optional requirements noted in this section (that is, those denoted by “should” or “should not”) constitute desirable features of third-party system software.


Last Modified: icon icon Copy Link

As a member of our community, your FDU NetID is your passport to accessing many of Fairleigh Dickinson University’s IT services. Most important is your student, employee, or alumni FDU Email account. When using FDU Email, you are an ambassador for our institution and our expectation is that you will conduct yourself in an efficient, effective, ethical and lawful manner. Please review our Policy for Acceptable Use of Email to ensure that you are adhering to all security and decorum requirements.

Effective Date: 01/01/2018

1.0 Introduction

The purpose of this policy is to ensure the proper use of e-mail by all those assigned a Fairleigh Dickinson University (FDU) e-mail account. This policy applies to any e-mail system that FDU has or may install in the future. It also applies to employee use of personal e-mail accounts via browsers, as directed below. All users of FDU e-mail systems have the responsibility to use their e-mail in an efficient, effective, ethical and lawful manner. E-mail users must follow the same code of conduct expected in any other form of written or face-to-face business communication. FDU may supplement or modify this policy for specific employees in certain roles. This policy complements similar FDU policies such as the Acceptable Use Policy and the Written Information Security Program (WISP). Please read and follow those policies as well.

The University subscribes to the 1940 Statement of Principles on Academic Freedom and Tenure and the 1940 and 1970 Interpretive Comments issued thereon, formulated jointly by the Association of American Colleges and the American Association of University Professors. Nothing in this policy is intended to supersede those statements and principles.

2.0 Ownership of Email Data

The University owns all University email accounts in the fdu.edu domain, or any subsequent domains it may create (University Email Accounts). Subject to underlying copyright and other intellectual property rights under applicable laws and University policies , the University also owns data transmitted or stored using the University Email Accounts.

3.0 Employee Responsibilities

FDU only supports the installation and usage of approved e-mail clients.

Usernames will be assigned as part of the University’s e-mail registration process and reflect internally mandated e-mail naming conventions.

3.1 Acceptable Uses

  • Communicating in a professional manner with other FDU associates about work-related matters.
  • Communicating in a professional manner with parties outside FDU for business purposes.
  • Personal communications that are brief and do not interfere with work responsibilities.
  • Users are allowed to access personal e-mail accounts on a limited basis, without disrupting business responsibilities. Access can be gained only by using a browser. Use of e-mail-specific protocols, such as POP3 and IMAP4, is prohibited, since they require specific firewall ports to be open.
  • Electronic messages are frequently inadequate in conveying mood and context. Users should carefully consider how the recipient might interpret a message before composing or sending the message.

3.2 Unacceptable Uses

  • Creating and exchanging messages that can be interpreted as harassing, obscene, racist, sexist, ageist, pornographic or threatening, as defined by University policies.
  • Creating and exchanging information that is in violation of copyright or any other law. FDU is not responsible for an associate’s use of e-mail that breaks laws.
  • Personal communication that interferes with work responsibilities.
  • Opening file attachments from an unknown or untrustworthy source, or with a suspicious or unexpected subject line.
  • Sending unprotected healthcare data and personally identifiable consumer data or other confidential information to unauthorized people or in violation of FDU’s Acceptable Use Policy, or the Written Information Security Program (WISP). , Health Insurance Portability and Accountability Act and/or Gramm-Leach-Bliley Act regulations. Exceptions may be authorized by the University Chief Information Security Officer working with the employee’s supervisor. Communications that strain FDU’s network or other systems unduly, such as sending large files to large distribution lists.
  • Communications to distribution lists of only marginal interest to members, and replying to the entire distribution list when a personal reply is effective.
  • Communications with non-specific subject lines, inarticulate language, and without clear purpose.
  • Auto-forwarding e-mail messages from your University e-mail account.
  • Using any e-mail system, other than FDU’s e-mail system, for FDU-related communications.
  • Circulating chain letters and/or commercial offerings.
  • Circulating unprotected healthcare data and personally identifiable consumer data that would violate U.S. Federal HIPAA and GLB regulations. Exceptions may be authorized by the employee’s supervisor and in conjunction with use of a University-approved e-mail encryption service.
  • Altering or forging the “From” line or any other attribution of origin contained in electronic mail or postings.
  • Using any of the University systems for sending what is commonly referred to as “SPAM” mail (unsolicited bulk email)

4.0 Privacy Guidelines

The University typically does not review the content of electronic messages or other data, files, or records generated, stored, or maintained on its electronic information resources; however, it retains the right to inspect, review, or retain the content of such messages, data, files, and records at any time without prior notification. Any such action will be taken for reasons the University, within its discretion, deems to be legitimate. These legitimate reasons may include, but are not limited to,

  • responding to lawful subpoenas or court orders;
  • investigating misconduct (including research misconduct);
  • determining compliance with University policies and the law; and
  • locating electronic messages, data, files, or other records related to these purposes.

FDU maintains the right to monitor and review e-mail activity to ensure compliance with this policy, as well as to fulfill FDU’s responsibilities under the laws and regulations of the jurisdictions in which it operates. Users should have no expectation of privacy.

  • Except as otherwise stipulated in this policy, on termination or separation from FDU, FDU will immediately deny access to e-mail, including the ability to download, forward, print or retrieve any message stored in the system, regardless of sender or recipient.
  • Except as otherwise stipulated in this policy, employees who leave FDU will have their mailbox deleted within six months of their termination date. The employee’s manager may request that access be given to another employee who may remove any needed information within the same six month time frame.
  • FDU reserves the right to intercept, monitor, review and/or disclose any and all messages composed, sent or received on the University e-mail system. Intercepting, monitoring and reviewing of messages may be performed with the assistance of content filtering software, or by designated FDU employees and/or designated external entities. Employees designated to review messages may include, but are not limited to, an employee’s supervisor or manager and/or representatives from the HR, legal or compliance departments.
  • FDU reserves the right to alter, modify, re-route or block the delivery of messages as appropriate. This includes but is not limited to:
    • Rejecting, quarantining or removing attachments and/or malicious code from messages that may pose a threat to FDU resources.
    • Rejecting or quarantining messages with suspicious content.
    • Rejecting or quarantining messages containing offensive language or topics.
    • Re-routing messages with suspicious content to designated FDU employees for manual review.
    • Appending legal disclaimers to messages.
  • Electronic messages are legally discoverable and permissible as evidence in a court of law.
  • Users of the University’s computing and electronic communications resources must understand that electronic messages, data, files, and other records generated, stored, or maintained on University electronic information resources may be electronically accessed, reconstructed, or retrieved by the University even after they have been deleted.

5.0 Security

As with any other type of software that runs over a network, e-mail users have the responsibility to follow sound security practices.

  • Users should not use the e-mail system to transfer sensitive data, except in accordance with FDU data protection policies. Refer to the Written Information Security Program (WISP). Sensitive data passed via e-mail over the Internet could be read by parties other than the intended recipients, particularly if it is clear text. Malicious third parties could potentially intercept and manipulate e-mail traffic.
  • In an effort to combat propagation of e-mail viruses, certain attachment types may be stripped at the University e-mail gateway. Recipients will be notified via e-mail when this occurs. Should this create a business hardship, users should contact the University Technical Assistance Center (UTAC).
  • Attachments can contain viruses and other malware. User should only open attachments from known and trusted correspondents. Suspicious attachments should be reported to the University Technical Assistance Center (UTAC).
  • Spam is automatically filtered at the University gateway in a highly efficient manner. Errors, whereby legitimate e-mail can be filtered as spam, while rare, can occur. If business-related mail messages are not delivered, users should check their local spam folder or the daily spam digest. If the message is not there, users should contact University Technical Assistance Center (UTAC).
  • Users will not be asked by OIRT or any other FDU group by e-mail for personal information such as usernames or passwords. Any such requests should not be responded to and should be referred to the University Technical Assistance Center (UTAC). Such approaches – known as phishing – are fraudulent approaches carried out for purpose of unlawful exploitation.

6.0 Operational Guidelines

FDU employs certain practices and procedures in order to maintain the health and efficiency of electronic messaging resources, to achieve FDU objectives and/or to meet various regulations. These practices and procedures are subject to change, as appropriate or required under the circumstances.

  • For ongoing operations, audits, legal actions, or any other known purpose, FDU saves a copy of every e-mail message and attachment(s) to a secure location, where it can be protected and stored for three years. Recovery of messages from this store is prohibited for all but legal reasons.
  • To deliver mail in a timely and efficient manner, message size must be less than 25MB. Messages larger than 25MB will be automatically blocked and users will be notified of non-delivery. Should this create a business hardship, users should contact the University Technical Assistance Center (UTAC).

Access to the content of electronic mail, data, files, or other records generated, stored, or maintained by any user may be requested from the University’s Associate Vice President of Technology Infrastructure for the reasons set forth below and shall be authorized as follows:

  1. by the Associate Vice President of Human Resources for all University employees;
  2. by either Dean of Students for students; or
  3. by the General Counsel for the purposes of complying with legal process and requirements or to preserve user electronic information for possible subsequent access in accordance with this policy.

In all cases, the Office of the General Counsel must be consulted prior to making a decision on whether to grant access. In the case of a time-critical matter, if the authorizing official is unavailable for a timely response, the General Counsel may authorize access.

All full-time faculty who retire from the University may keep their email address for life if they request to do so.

All full-time faculty who leave the University for reasons other than termination for cause, may request email forwarding for up to six months.

7.0 Governance and Enforcement

This policy was created with input from the University’s Data Security Incidence Response Team (DSIRT). At the request of the University’s Chief Information Security Officer (CISO), the DSIRT will review this policy annually to ensure that FDU is in compliance with internal or external requirements. FDU faces liability if users violate the terms of this policy. Therefore, willful or repeated violations of this Acceptable Use Policy for E-mail can result in informal or formal warnings, the loss of e-mail privileges, and other sanctions including termination. Any such discipline shall be in accordance with processes and procedures of Human Resources and subject to any protections afforded under the University’s agreement with “Office & Professional Employees International Union”, the “Faculty Handbook”, and similar documents. Third parties who violate this Policy may have their relationship with the University terminated and their access to campus restricted.

For assistance with this policy, please contact the University’s Chief Information Security Officer (CISO).

Exceptions to this policy may be authorized by the University Chief Information Security Officer working with the employee’s supervisor.

Policy violations should be reported immediately to the University’s Associate Vice President of Technology Infrastructure

The University reserves the right to suspend an e-mail account while investigating a complaint or troubleshooting a system or network problem.

This document will be reviewed semi-annually and is available both electronically and in printed form at each of the Campus Computing Centers.

It is the user’s responsibility to remain informed about the contents of this document.

Other Related and Applicable Policies


Last Modified: icon icon Copy Link