The University provides the email, network, guest network, and Internet resources for University-related activity. The purpose of the campus network is to support education and research by providing access to valuable resources. It also provides opportunity for interaction and collaborative work using the Internet through e-mail services and other network applications. The Acceptable Use of Information Technology Resources policy is applicable to all employees and students.

Recognizing the balance between fostering creativity and protecting ownership, Saint Francis University expects and requires all students, faculty, and staff to comply with applicable copyright laws and this policy. Saint Francis University students, faculty, and staff are expected to have a basic understanding of copyright law in order to ensure compliance with the law and this policy. 

Accurate classification provides the basis to apply an appropriate level of security to University data. All University data are therefore classified into four levels of sensitivity to provide a basis for understanding and managing University data. These classifications take into account the legal protections (by statute, regulation, or by the data subject’s choice), contractual agreements, ethical considerations, or strategic or proprietary value. They also consider the application of "prudent stewardship," where there is reason to protect the data to protect individuals or the institution.  This policy defines these classification levels and the care and maintenance of data based on these levels.

The purpose of data governance is to establish a culture that ensures that institutional data is both secure and available to those who should have access to it. The policies and procedures delineated below serve as useful guidance to data stewards, users, and seekers alike.

Table of Contents

INFORMATION SECURITY POLICY
DATA CLASSIFICATION POLICY
ORGANIZATION OF INFORMATION
LOGICAL ACCESS CONTROL POLICY
CONFIGURATION AND CHANGE MANAGEMENT
MOBILE DEVICE EMAIL POLICY
PRIVILEGED ACCESS POLICY

The Department of Information Technology Services (ITS) relies on standards and best practices from across the IT industry to promote efficient and effective IT service management.  Collegis' approach to IT governance is organized around a common industry standard framework called ITIL.  Within ITIL, there are a number of processes that guide the information technology department in the management of IT services.  In ITIL, new services are managed carefully and attentively, and ITS is organizing to better manage service design and operation with regard to projects and services.  ITIL provides a policy framework for the management of IT at the University which, by this policy, is adopted for use at Saint Francis University.

The purpose of this governance framework is to ensure that ITS does the following with respect to information technology service management at Saint Francis University:

1.    Establish responsibilities;
2.    Develop a strategy to meet the University's objectives;
3.    Ensure that hardware / software is acquired for valid reasons;
4.    Ensure performance where required;
5.    Ensure conformance with compliance rules and policy; and,
6.    Ensure respect for human factors.*

The purpose of this policy is to ensure access to the university information technology network by authorized persons as intended by University leadership, and the Department of Information Technology Services.  This policy defines the levels of intended access by user type (role) and authorizes the Department of Information Technology Services to monitor for, detect and take actions to remedy violations of the Logical Access Policy.

Saint Francis University requires that all students in undergraduate and graduate academic programs have a notebook/laptop computer that meets or exceeds the listed requirements.

SCOPE

Saint Francis University, located in Loretto, Pennsylvania, United States of America, provides the following information related to the privacy of users to the University's main website and other websites in the francis.edu domain (together, the "Sites"). 

PURPOSE

This privacy policy was established to address the collection, protection, and utilization of information that may be obtained by Saint Francis University through your use of the University's main website and other websites that we own or control (together, the "Sites").