ACCEPTABLE USE POLICY AND GUIDELINES
FOR UNIVERSITY OF GUELPH COMPUTING AND
The purpose of the Acceptable Use Policy (AUP) is to identify situations where unacceptable
use of systems or networks affects the teaching, learning, research, services or administrative
missions of University of Guelph or compromises the security of the systems or data. It also
outlines the process used to resolve any allegations of inappropriate activity.
This policy applies to the use of any University of Guelph computing and networking facility
hereinafter referred to as the “System” by all users, account holders, System administrators,
and service providers hereinafter referred to as “Users”. By using the System, all Users agree
to comply with this policy. All Users will be fully responsible for any and all uses of their
access and accounts.
The use of the System is in support of research, teaching, learning, administrative and other
intellectual pursuits consistent with the University of Guelph's aims and objectives. In
addition, the University permits use of the System for limited personal use so long as such
personal use is in keeping with this policy. While the University strives to maintain the
privacy of such information that may be personal in nature, the University does not guarantee
Work being performed by System administrators during maintenance or diagnostics may
involve the need to access User files or data. This work includes activities such as examining
system logs for errors, network monitoring, resolving undeliverable mail, virus and spam
filtering, fixing resource constraints, etc. System administrators will endeavor to respect the
privacy of Users and handle the information in an appropriate manner.
If an individual is using departmental facilities to access the System, the individual is
expected to follow any departmental policies (local AUPs) that are applicable. Copies of
these policies are to be made available by the department (see Appendix A for the essential
components of a departmental AUP).
Where the User’s access has been revoked or the User has died, access to their data will be
conducted according to relevant University of Guelph policies and practices.
Advertising or mass emailing require special authorization by the Office of
Communications and Public Affairs or as described in relevant University policies such
as GE20.0: On Campus Advertising Promotion, Sales and Solicitations
(http://www.fin.uoguelph.ca/Manuals/GEN200.HTM). Authorization for fund raising
using the System requires approval as described in University Policy UAD4.0: Special
Interest Group Fund Raising (http://www.fin.uoguelph.ca/Manuals/UAD40.HTM).
Users should consider University and community standards when trying to determine if an
activity is appropriate. The following is a representative list of some examples of
allowing others to access assigned personal accounts
accessing another User's account
seeking information on passwords or data belonging to others
making unauthorized copies or using unlicensed proprietary software, or providing
unauthorized copies of proprietary software to others
copying someone else's files, or programs, or examining such information unless
authorized by the owner
unauthorized attempts to collect and/or disclose personal information
unauthorized attempts to circumvent computer security methods, operating systems or
probing for exposures in other systems or networks
using the System for commercial purposes such as promoting by broadcast non-
educational profit-driven products or services.
intercepting or examination of messages or files without right or authorization
interfering or disrupting the work of other Users of the System (e.g. chain letters,
‘denial of service’ attacks) or engaging in any uses that result in the loss of User or
attempting to circumvent security or resource restrictions by actions such as
obscuring or falsifying your identity
failure to maintain reasonable security precautions for your accounts or accesses
any activity that violates any other University of Guelph policy or code
any activity that violates federal, provincial or municipal laws or regulations
COMPLAINT AND VIOLATION RESOLUTION PROCESS
1. The Director of CCS or designate may become aware of alleged violations of the
Acceptable Use Policy, either through a complaint or through the course of normal
operations. The Director will initiate a preliminary investigation to determine if sufficient
grounds exist for further action. If, in the opinion of the Director, the integrity or security of
the System (including User services and data) is at risk or if there is a suspected violation of a
federal or provincial law, the Director may take interim action as necessary. Such action may
include, but is not limited to, the locking of an account or access point prior to a formal
investigation. The Director may suspend the interim action before the disciplinary process is
complete if the risk to the System has been satisfactorily addressed.
2. The preliminary investigation will be completed in a timely manner. If the preliminary
investigation requires the examination of the files, programs, or passwords of individual
Users, the Director of CCS will review the situation with the appropriate Vice-President and
receive authorization before proceeding with the investigation, and in such cases the Director
will report the results of the preliminary investigation to the Vice-President. The Director
will also work with any department, when needed, in the investigation of violations of their
local AUP and the referral to the appropriate disciplinary designate as indicated below.
3. As a result of the preliminary investigation the Director will take one or more of the
a) If the Director finds no evidence of a violation of the AUP, then no action will be
taken other than to inform the complainant(s), if any, of this decision.
b) If the Director determines that there has been a violation of the AUP but the offence
is not serious, then the User will be informed of this decision and directed to
discontinue the activities that have been deemed to violate the AUP.
c) If the Director determines that the User has possibly violated federal or provincial law
or a municipal by-law the Director will, in addition to any other actions, refer the
matter to the University of Guelph Security Services.
d) If the Director determines that the User has violated the AUP and that the offence is
serious, such as in 3c above, or if there is a pattern of repeated misuse or if the User
refuses to comply as directed in 3.b, the Director will refer the matter to the
appropriate disciplinary process as described in paragraph 4. The Director may also
ask the appropriate Vice-President for authorization to initiate or maintain any actions
as needed to protect the System while the matter is under review by the appropriate
4. Potential violations that fall under paragraph 3.d will be forwarded by the Director to
the appropriate disciplinary process. The Director may authorize one of the following
designates to take responsibility for taking the complaint forward.
Student - Security Services / College Dean
Staff - The appropriate manager/supervisor
Faculty - Departmental Chair
Chair - College Dean
Alumni - The Director of CCS
Institutes and other Affiliated organizations - The Director of CCS
All other Users - The Director of CCS
Chain letter is an email directing recipients to send out multiple copies of it so its circulation
Commercial purposes are any use of the facilities that would financially benefit any
unauthorized individual or group
Denial of Service Attack is any process, software system or component interference that
causes disruption of system services to other Users.
Mass Mailings are unsolicited, unauthorized, and/or frivolous mailings of 20 or more
identical or nearly identical pieces of email sent to other email recipients. Such mailings,
consisting of substantially identical letters, attachments, or other material, are distinct from
mailings made in direct response to communications from persons, members of a listserv or
groups who reasonably should expect to be contacted by email as part of their affiliation with
the University relationships (bargaining units, departments, administrative staff, etc.)
Probe is an attempt to gain access to a computer and its files through a known or probable
weak point in the computer system.
Proprietary software is any program, data or process protected by license copyright or
whose use or ownership has restrictions
Spam is unauthorized bulk electronic commercial email that is sent unsolicited to multiple
System Administrators means any University of Guelph employee responsible for the
supervision and support of any shared computing resource
Sites for Relevant University of Guelph Policies
Essential Components of Departmental AUP’S
1. The Department AUP must be consistent with the University of Guelph AUP.
2. A copy of the Department AUP should be available on the Department’s web site.
3. Define/describe the computers/network that the Department AUP applies to.
4. The Department AUP should make reference to the University’s AUP.
5. List the web locations that the current University and Department AUP’s can be found.
6. Listing of User’s responsibilities and expectations specific to the Department unit.
-Examples should be provided so it is clear to the Users what actions/activities are
7. Indication as to what types of examinations/actions will be routine within the Department
computer/network facility. System administrators will endeavor to respect the privacy
of Users and handle the information in an appropriate manner.
8. How accounts/access to the department computers/network are terminated.
9. Describe the circumstances under which the department head may authorize access to an
individual’s data that is deemed essential to the department.
10. How suspected violations of the Department AUP are handled.
-Dept chair for violations specific to the Department AUP
-Director of CCS for issues related to the University AUP
11. An appeal process should be outlined.
12. The Director of CCS will review any departmental AUP prior to implementation to
ensure compliance with this document.