To safeguard the University's information technology resources and to protect the confidentiality of data, adequate security measures must be taken. This Information Technology Resources Security Policy (hereafter, "Security Policy") reflects the University's commitment to comply with federal and state statutes, regulations and University protocols governing the security of sensitive and confidential information. Wherever possible, this policy attempts to establish a balance between the risk of loss of information resources, including data misuse, and the effort and cost of the security measures. It includes provisions to reduce, as far as feasible, the risk of theft, fraud, destruction or other misuses of the University's information technology resources. These security provisions are endorsed by the Information Technology Council (ITC), the Tufts General Counsel, and by Audit and Management Advisory Services.

Academic and administrative information processing, digital telecommunications and related technology are critical academic and business operations of Tufts University. Inappropriate exposures of confidential and/or sensitive information, loss of data and inappropriate use of computer networks and systems can be minimized by complying with reasonable standards, attending to the proper design and control of information systems and applying sanctions when violations of this Security Policy occur.

Security is the responsibility of everyone who uses Tufts information technology resources. It is the responsibility of employees, contractors, students, friends, associates, alumni, business partners, emeriti and agents of Tufts University. Each should become familiar with this Policy's provisions and the importance of adhering to it when using University computers, networks, data and other information resources. Each is responsible for reporting any suspected breaches of its terms. University computers and computer workstations, non-University computers, terminals, telephones, facsimile machines and other devices either owned by the University or authorized by the University to connect to its networks are primarily for University business - to further the University's mission as it relates to teaching, administration, research and community service. As such, all information technology resource users within the University community are expected to:

• Respect the privacy of other users.
• Respect the rights of other users.
• Respect the intended use of resources and systems.
• Respect the integrity of the system or network.
• Adhere to all University policies and procedures mandated by the Information Technology Council.

Questions or comments about this policy should be directed to Security_policy@tufts.edu.